After reading the article “Don’t Include Social Engineering in Penetration Tests [https://jacobian.org/2017/jun/27/social-engineering-pentests/],” discuss whether social engineering should be included as part of a penetration test. Knowing that the human is the weakest link in the cybersecurity chain, is it ethical as part of the pen test to engage in behavior that the author describes as a “grey area: compromising staff members’ personal devices or personal email accounts (as opposed to work accounts); breaking into office buildings to steal equipment or plant network monitoring devices; compromising social media accounts to perform recon; etc.”? (Kaplan-Moss, 2017)

References

Kaplan-Moss, J. (2017, June 27). Don’t include social engineering in penetration tests [Blog post]. Retrieved from https://jacobian.org/2017/jun/27/social-engineering-pentests/