The term ethical in this context means working professionally and with good conscience. You must do nothing that is not in the approved plan or that has been authorized after the approval of the plan.
As an ethical hacker, you are bound to confidentiality and non-disclosure of information you uncover, and that includes the security-testing results. You cannot divulge anything to individuals who do not “need-to-know.” What you learn during your work is extremely sensitive — you must not openly share it.
Everything you do as an ethical hacker must be aboveboard, and must support the goals of the organization. You should notify the organization whenever you change the testing plan, change the source test venue, or detect high-risk conditions — and before you run any new high-risk or high-traffic tests, as well as when any testing problems occur.
You must also ensure you are compliant with your organization’s governance and local laws. Do not perform an ethical hack when your policy expressly forbids it — or when the law does.
Major attributes of an ethical hacker are patience and thoroughness. Doing this work requires hours bent over a keyboard in a darkened room. You may have to do some off-hours work to achieve your goals, but you don’t have to wear hacker gear and drink Red Bull. What you do have to do is keep plugging away until you reach your goal.
No comments:
Post a Comment