After reading the article “Don’t Include Social Engineering in Penetration Tests,” discuss whether social engineering should be included as part of a penetration test. Knowing that the human is the weakest link in the cybersecurity chain, is it ethical as part of the pen test to engage in behavior that the author describes as a “grey area: compromising staff members’ personal devices or personal email accounts (as opposed to work accounts); breaking into office buildings to steal equipment or plant network monitoring devices; compromising social media accounts to perform recon; etc.”? (Kaplan-Moss, 2017)
Review several of your fellow learners’ posts and respond to at least two of your peers by end of Day 7 of the week. In your response to your classmates’ posts:
- Do you agree with your fellow learners’ assessments of social engineering as part of penetration testing?
- Try to expand on your rationale by asking your classmates questions and provide additional resources and evidence to support your claims and extending their thoughts on their point of view.References
Kaplan-Moss, J. (2017, June 27). Don’t include social engineering in penetration tests [Blog post]. Retrieved from https://jacobian.org/2017/jun/27/social-engineering-pentests/