Information transactions and data retention comprise critical inputs to Business Intelligence processes. However, despite ongoing data-driven Business Intelligence process improvements, many companies only discover they are vulnerable to a cyber-attack after a breach materializes the risk. In this study, we propose that compliance regimes such as the global Payment Card Industry Data Security Standard (PCI-DSS), the federal Gramm-Leach Bliley Act (GLBA), and the regional 23-NYCRR-500 standard provide externally-imposed risk discovery opportunities that should be part of managerial decision-making. This paper describes the penetration test (pentest) method relative to those regulatory regimes. We then consider the potential for the pentest method to yield predictive Business Intelligence data sources in five historical cases: the 2017 Equifax Breach, the 2014 J.P. Morgan Chase Breach, the 2012 Global Payments Breach, the 2010 Nasdaq Hack, and the 2009 Heartland Payments Breach. Our findings suggest that the pentest method–especially relative to PCI-DSS compliance–is a promising inclusion in Business Intelligence processes.
Date of creation, presentation, or exhibit
Department, Program, or Center
Department of Computing Security (GCCIS)
P. S. Reddy and J. M. Pelletier, "The Pentest Method for Business Intelligence," 2022 45th Jubilee International Convention on Information, Communication and Electronic Technology (MIPRO), Opatija, Croatia, 2022, pp. 1117-1125, doi: 10.23919/MIPRO55190.2022.9803788.
RIT – Main Campus