technical: computer security
technical: ethics: Ethics, Legally Hacked?, Criminal Hacking, Penetration Testing, No Pen-Testing
Cybersecurity Ethics: No Hacking
by Brent Kirkpatrick
(Date Published: 04/13/2017. Revised: 06/7/2018.)
Responsible professionals neither hack nor do penetration testing.
Responsible computer security professionals do not hack and do not penetration test. There is no need to do either of these, if hackers are testing your security. Hackers provide the only necessary test of your defenses. Penetration testing provides no advantages. Detection of actual hacking is the goal that accomplished professionals have.
There is no need to "know thine enemy" by capturing and using the hacker's exploit toolkit. Quite the opposite, people who waste all their time studying how to hack have no general knowledge of either how to detect hacking or how to prevent it. The computer security professional is properly focused on security, on detection and on preventing hacking.
Detection of hacking is best done de novo, without specific knowledge of the hack or exploit in use. This is because the problem of finding the best signals indicating exploitation is a needle-in-the-haystack problem. This kind of problem needs to be approached with an open mind. People who have studied how to hack with pre-existing exploits tend to close their minds; they fail to consider the creativity of an unknown hacker. People who hack focus only on the hacks they already know and are blind to discovering hacks they do not know. An accomplished computer security professional will focus on detecting unknown, creatively conceived exploits.
The best professionals do not hack and do not penetration test. The best professionals have a thorough grounding in computer science and in science. The best professionals simply defend and learn to recognize other people's hacking.
Intrepid Net Computing provides incident response, digital forensics, and consulting service to educate your IT department on full-featured security and on the latest threats to security.
Clean-Up (TM). Incident response driven by data and AI.
Why Clean-Up Hacking?
Cascading Data Breaches
Incident Response Plan
Rapid Containment of Intrusions
Incident Response, Part 1: Planning
Incident Response, Part 2: Response
Incident Response, Part 3: Coordination
Incident Response, Part 4: Strategy
Incident Response, Part 5: Recovery
Incident Response, Part 6: Investigation
Incident Response, Part 7: Evolution