Social engineering is deeply entrenched in the fields of both computer science and social psychology. Knowledge is required in both these disciplines to perform social engineering based research. Several ethical concerns and requirements need to be taken into account when social engineering research is conducted to ensure that harm does not befall those who participate in such research. These concerns and requirements have not yet been formalised and most researchers are unaware of the ethical concerns involved in social engineering research. This paper identifies a number of concerns regarding social engineering in public communication, penetration testing and social engineering research. It also discusses the identified concerns with regard to three different normative ethics approaches (virtue ethics, utilitarianism and deontology) and provides their corresponding ethical perspectives as well as practical examples of where these formalised ethical concerns for social engineering research can be beneficial.
Reference:
Mouton, F, Malan, MM, Kimppa, KK and Venter, HS. 2015. Necessity for ethics in social engineering research. Computers & Security, Vol 55, pp 114-127
Mouton, F., Malan, M., Kimppa, K., & Venter, H. (2015). Necessity for ethics in social engineering research. http://hdl.handle.net/10204/8690
Mouton, F, MM Malan, KK Kimppa, and HS Venter "Necessity for ethics in social engineering research." (2015) http://hdl.handle.net/10204/8690
Mouton F, Malan M, Kimppa K, Venter H. Necessity for ethics in social engineering research. 2015; http://hdl.handle.net/10204/8690.
Copyright: 2015 Elsevier. This is the preprint version of the work. The definitive version of the work is published in Computers & Security, Vol 55, pp 114-127.
