POINTER: a GDPR-compliant framework for human pentesting (for SMEs)

Research output: Chapter in Book/Report/Conference proceedingConference contribution

100 Downloads (Pure)

Abstract

Penetration tests have become a valuable tool in any organisation’s arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also “penetration test” their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs.
Original languageEnglish
Title of host publicationProceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018)
EditorsNathan Clarke, Steven Furnell
Place of PublicationPlymouth
PublisherCentre for Security, Communications & Network Research, University of Plymouth
Pages147-157
Number of pages11
ISBN (Print)9780244402549
Publication statusPublished - 9 Sep 2018
Event12th International Symposium on Human Aspects of Information Security & Assurance - Dundee Business School, Abertay University, Dundee, United Kingdom
Duration: 29 Aug 201831 Aug 2018
Conference number: 12
http://www.haisa.org/?page=home

Conference

Conference12th International Symposium on Human Aspects of Information Security & Assurance
Abbreviated titleHAISA 2018
CountryUnited Kingdom
CityDundee
Period29/08/1831/08/18
Internet address

Fingerprint

Data privacy
Personnel
Arsenals

Cite this

Archibald, J., & Renaud, K. (2018). POINTER: a GDPR-compliant framework for human pentesting (for SMEs). In N. Clarke, & S. Furnell (Eds.), Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018) (pp. 147-157). Plymouth: Centre for Security, Communications & Network Research, University of Plymouth.
Archibald, Jacqueline ; Renaud, Karen. / POINTER : a GDPR-compliant framework for human pentesting (for SMEs). Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018). editor / Nathan Clarke ; Steven Furnell. Plymouth : Centre for Security, Communications & Network Research, University of Plymouth, 2018. pp. 147-157
@inproceedings{43acec74a36b497798c0844196779b95,
title = "POINTER: a GDPR-compliant framework for human pentesting (for SMEs)",
abstract = "Penetration tests have become a valuable tool in any organisation’s arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also “penetration test” their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs.",
author = "Jacqueline Archibald and Karen Renaud",
year = "2018",
month = "9",
day = "9",
language = "English",
isbn = "9780244402549",
pages = "147--157",
editor = "Nathan Clarke and Steven Furnell",
booktitle = "Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018)",
publisher = "Centre for Security, Communications & Network Research, University of Plymouth",

}

Archibald, J & Renaud, K 2018, POINTER: a GDPR-compliant framework for human pentesting (for SMEs). in N Clarke & S Furnell (eds), Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018). Centre for Security, Communications & Network Research, University of Plymouth, Plymouth, pp. 147-157, 12th International Symposium on Human Aspects of Information Security & Assurance, Dundee, United Kingdom, 29/08/18.

POINTER : a GDPR-compliant framework for human pentesting (for SMEs). / Archibald, Jacqueline; Renaud, Karen.

Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018). ed. / Nathan Clarke; Steven Furnell. Plymouth : Centre for Security, Communications & Network Research, University of Plymouth, 2018. p. 147-157.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - POINTER

T2 - a GDPR-compliant framework for human pentesting (for SMEs)

AU - Archibald, Jacqueline

AU - Renaud, Karen

PY - 2018/9/9

Y1 - 2018/9/9

N2 - Penetration tests have become a valuable tool in any organisation’s arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also “penetration test” their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs.

AB - Penetration tests have become a valuable tool in any organisation’s arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also “penetration test” their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs.

M3 - Conference contribution

SN - 9780244402549

SP - 147

EP - 157

BT - Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018)

A2 - Clarke, Nathan

A2 - Furnell, Steven

PB - Centre for Security, Communications & Network Research, University of Plymouth

CY - Plymouth

ER -

Archibald J, Renaud K. POINTER: a GDPR-compliant framework for human pentesting (for SMEs). In Clarke N, Furnell S, editors, Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018). Plymouth: Centre for Security, Communications & Network Research, University of Plymouth. 2018. p. 147-157