Question

After reading the article "Don't Include Social Engineering in Penetration Tests," discuss whether social engineering should be included as part of a penetration test. Knowing that the human is the weakest link in the cybersecurity chain, is it ethical as part of the pen test to engage in behavior that the author describes as a "grey area: compromising staff members' personal devices or personal email accounts (as opposed to work accounts); breaking into office buildings to steal equipment or plant network monitoring devices; compromising social media accounts to perform recon; etc."? (Kaplan-Moss, 2017)

Review several of your fellow learners' posts and respond to at least two of your peers by end of Day 7 of the week. In your response to your classmates' posts:

• Do you agree with your fellow learners' assessments of social engineering as part of penetration testing?
• Try to expand on your rationale by asking your classmates questions and provide additional resources and evidence to support your claims and to extend their thoughts on their point of view.

References

Kaplan-Moss, J. (2017, June 27). Don't include social engineering in penetration tests [Blog post]. Retrieved from https://jacobian.org/2017/jun/27/social-engineering-pentests/

Answer 1

After reading the article "Don’t Include Social Engineering in Penetration Tests", My opinion is that it's best to not engage in social engineering as a part of the penetration tests. this may be quite debatable, and while I realize there are some benefits, the danger far outweighs the advantages. I agree that human error is one of the leading causes of compromising of data, conducting social engineering as a part of pen tests leads to a lot of legal issues for a company. because the examples identified within the article of breaking into one’s car to confiscate their laptop, additionally as following a private home to try to infiltrate their home network opens the doors to legal battles. Furthermore, as identified within the article Kaplan-Moss highlights that the aim of the penetration test is to "generate remediation work" (Kaplan-Moss, 2017). Penetration tests are a uniform add progress, there's always always more and more technology that arises thus impacting the securities and vulnerabilities of a network. Additionally, I agree that attacks on people are personal, moreover, because of the undeniable fact that when personnel falls for a social engineering attack they feel terrible. I've got seen it far too often during my time in a commission(service) where a subordinate falls for a social engineering attack, thus allowing viruses onto the pc system. the simplest way to combat this is often through continuous training, and ensuring staff members are awake to the newest social engineering trends.

NOTE: The above-provided solution is according to your question. If find any errors then please do let me know through comments. I'll try to resolve your errors.

UPVOTE!!!! Please... Thank You!!!