Towards Islamic Ethics in Professional Penetration Testing

Authors

  • Qazi Mamoon Ashraf Department of Electrical and Computer Engineering International Islamic University Malaysia
  • Mohamed Hadi Habaebi Department of Electrical and Computer Engineering, Kulliyyah of Engineering, International Islamic University Malaysia

DOI:

https://doi.org/10.31436/revival.v3i2.97

Abstract

Abstract

The high rate of technological advances in the field of computing has resulted in a rapid increase in the occurrence of new loopholes in systems. To ensure the security of their computing systems, big companies resort to using penetration testing as a solution, whereby an external company is hired to evaluate the security of the computer system or network in question. At various stages in the penetration testing process, the professionals who are hired have access to vital technical information about many companies. It is important for the professionals to appreciate the ethics involved in their work because failure to secure – or misuse of – the information may result in acute leaks of critical data. Many Muslim professionals are involved in many stages of the penetration testing process, and it is crucial for them to be aware not only of the preeminent position given to ethics and ethical conduct in Islam, but also of what they must do to maintain their ethical integrity. This paper highlights the ethical issues inherent in penetration testing operations, discusses their practical implications for Muslim professionals, and sets out the key ethical steps that need to be taken. It also offers a solution based on an Islamic framework of ethical principles and values derived from the Holy Qur’an and the Sunnah

 

Keywords: Network Security, Penetration Testing, Social Ethics

 

Abstrak

Kemajuan teknologi yang saling berubah dalam bidang pengkomputeran telah menyebabkan peningkatan penciptaan kelemahan baru dalam sistem. Bagi menjamin keselamatan sistem perkomputeran, syarikat-syarikat besar mengambil jalan keluar dengan menggunakan ujian penembusan sebagai penyelesaian manakala syarikat luar  di bawah perspektif mengupah sistem keselamatan komputer atau rangkaian. Terdapat banyak profesional Islam yang mempunyai peranan penting dalam pelbagai peringkat proses ujian penembusan dan mempunyai akses kepada maklumat teknikal bagi kebanyakan syarikat. Kegagalan untuk merahsiakan maklumat yang kritikal atau penyalahgunaan boleh mengakibatkan kebocoran data akut. Antara sebab profesional harus memahami etika yang terlibat dan melaksanakannya secara mahir adalah kerana etika merupakan aspek yang penting di dalam Islam. Kajian ini membincangkan langkah-langkah etika utama dan membentangkan isu-isu yang timbul berdasarkan ujian penembusan moden. Ia berkaitan prinsip etika tradisional terhadap cubaan penyelesaian bagi menyelesaikan masalah dengan menggunakan kerangka nilai-nilai etika Islam; yang berasal dari al-Quran dan Sunnah dan menyediakan paras etika yang tinggi di semua peringkat bagi umat Islam.

 

Kata kunci: Keselamatan Rangkaian, Penembusan Ujian, Etika Sosial

Downloads

Published

2013-12-31

How to Cite

Ashraf, Q. M., & Habaebi, M. H. (2013). Towards Islamic Ethics in Professional Penetration Testing. Revelation and Science, 3(2). https://doi.org/10.31436/revival.v3i2.97

Issue

Vol. 3 No. 2 (2013): Revelation and Science

Section

Articles