Refining the PoinTER “human firewall” pentesting framework

PurposePenetration tests have become a valuable tool in the cyber security defence strategy, in terms of detecting vulnerabilities. Although penetration testing has traditionally focused on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyber-attacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper we reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. In this paper, we propose improvements to refine our framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny.MethodologyWe conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet our requirements to have an ethical human pentesting framework, we compiled a list of ethical principles from the research literature which we used to filter out techniques deemed unethical.FindingsDrawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, we propose the refined GDPR compliant and privacy respecting PoinTER Framework. The list of ethical principles, we suggest, could also inform ethical technical pentests.OriginalityPrevious work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature

Reciprocity as a foundation of financial economics

This paper argues that the subsistence of the fundamental theorem of contemporary financial mathematics is the ethical concept ‘reciprocity’. The argument is based on identifying an equivalence between the contemporary, and ostensibly ‘value neutral’, Fundamental Theory of Asset Pricing with theories of mathematical probability that emerged in the seventeenth century in the context of the ethical assessment of commercial contracts in a framework of Aristotelian ethics. This observation, the main claim of the paper, is justified on the basis of results from the Ultimatum Game and is analysed within a framework of Pragmatic philosophy. The analysis leads to the explanatory hypothesis that markets are centres of communicative action with reciprocity as a rule of discourse. The purpose of the paper is to reorientate financial economics to emphasise the objectives of cooperation and social cohesion and to this end, we offer specific policy advice

Fearsquare: hacking open crime data to critique, jam and subvert the 'aesthetic of danger'

We present a critical evaluation of a locative media application, Fearsquare, which provocatively invites users to engage with personally contextualized risk information drawn from the UK open data crime maps cross-referenced with geo-located user check-ins on Foursquare. Our analysis of user data and a corpus of #Fearsquare discourse on Twitter revealed three cogent appraisals ('Affect', 'Technical' and 'Critical') reflecting the salient associations and aesthetics that were made between different components of the application and interwoven issues of technology, risk, danger, emotion by users. We discuss how the varying strength and cogency of these public responses to Fearsquare call for a broader imagining and analysis of how risk and danger are interpreted; and conclude how our findings reveal important challenges for researchers and designers wishing to engage in projects that involve the computer-mediated communication of risk

Ethical Hacking Pedagogy: An Analysis and Overview of Teaching Students to Hack

An area that is being scrutinized as a more effective method of educating and preparing security professionals is that of ethical hacking. The purpose of this research is to examine a more proactive approach to adequately prepare future information security professionals. Future careers in security may require that professionals be equipped with the necessary skill sets to combat an ever-growing presence of unwanted activity throughout the Internet. Many argue that future information security professionals need to have the same skill sets as attackers in order to adequately recognize and defend networks from intrusion. This research defines ethical hacking and examines the pros and cons of ethical hacking pedagogy as a viable approach for teaching network security to future professionals. The analysis includes the concept of ethical hacking education with an emphasis on ethical and legal concerns associated with ethical hacking pedagogy. The research concludes with an overview of existing best practices in ethical hacking education highlighting a hands-on approach as well as the inclusion of soft skills needed to complement the technical hard skills for future information security professionals

The Stages of Scandal and the Roles of General Counsel

This Essay examines the roles of a general counsel, as the corporation’s chief legal officer, in responding to scandals when they happen and in developing and enforcing internal preventive practices prior to the occurrence of any particular scandal. The Essay differentiates between scandals and crises more generally, emphasizing the integral connection between scandal and jeopardy to reputation and tracing the interrelationships between a corporation’s reputation and that of its general counsel. The Essay argues that risks associated with scandal may strengthen general counsel’s power within the senior management team, in particular in general counsel’s relationship with the corporation’s CEO. Although general counsel’s position as a member of the senior management team may imperil counsel’s ability to bring detached judgment to bear, counsel’s position within the corporation is a critical component of effectiveness in anticipating and addressing scandals

Ethical Reflections of Human Brain Research and Smart Information Systems

open access journalThis case study explores ethical issues that relate to the use of Smart Infor-mation Systems (SIS) in human brain research. The case study is based on the Human Brain Project (HBP), which is a European Union funded project. The project uses SIS to build a research infrastructure aimed at the advancement of neuroscience, medicine and computing. The case study was conducted to assess how the HBP recognises and deal with ethical concerns relating to the use of SIS in human brain research. To under-stand some of the ethical implications of using SIS in human brain research, data was collected through a document review and three semi-structured interviews with partic-ipants from the HBP. Results from the case study indicate that the main ethical concerns with the use of SIS in human brain research include privacy and confidentiality, the security of personal data, discrimination that arises from bias and access to the SIS and their outcomes. Furthermore, there is an issue with the transparency of the processes that are involved in human brain research. In response to these issues, the HBP has put in place different mechanisms to ensure responsible research and innovation through a dedicated pro-gram. The paper provides lessons for the responsible implementation of SIS in research, including human brain research and extends some of the mechanisms that could be employed by researchers and developers of SIS for research in addressing such issues

Vaccine innovation, translational research and the management of knowledge accumulation

What does it take to translate research into socially beneficial technologies like vaccines? Current policy that focuses on expanding research or strengthening incentives overlooks how the supply and demand of innovation is mediated by problem-solving processes that generate knowledge which is often fragmented and only locally valid. This paper details some of the conditions that allow fragmented, local knowledge to accumulate through a series of structured steps from the artificial simplicity of the laboratory to the complexity of real world application. Poliomyelitis is used as an illustrative case to highlight the importance of experimental animal models and the extent of co-ordination that can be required if they are missing. Implications for the governance and management of current attempts to produce vaccines for HIV, TB and Malaria are discussed. Article Outlin

Computational Music Biofeedback for Stress Relief

The purpose of our project is to use EEG technology to combat stress in our daily lives. One of the most accessible EEG technologies that targets this challenge is the Muse headband, a wearable device that pairs with a phone application to help users train their brains to relax. The applications main goal is to help users train their brain to be more relaxed by monitoring and reporting their levels of stress. However, one of the shortcomings we noticed is that the constant notifications of how stressed we are actually adds to the level of stress as opposed to helping train our brains towards a more relaxed state. In order to improve this solution, our program uses the live brain waves transmitted by the Muse headband and feedforward techniques to not only track brain users activity, but also help the user move towards a more relaxed state using music and binaural beats. While we werent able to test the system on an unbiased population due to time constraints, preliminary exploration on ourselves on both short term and longer term sessions shows that longer uses of our system led to more a relaxed state