{"id":"https://openalex.org/W4283698685","doi":"https://doi.org/10.23919/mipro55190.2022.9803788","title":"The Pentest Method for Business Intelligence","display_name":"The Pentest Method for Business Intelligence","publication_year":2022,"publication_date":"2022-05-23","ids":{"openalex":"https://openalex.org/W4283698685","doi":"https://doi.org/10.23919/mipro55190.2022.9803788"},"language":"en","primary_location":{"id":"doi:10.23919/mipro55190.2022.9803788","is_oa":false,"landing_page_url":"https://doi.org/10.23919/mipro55190.2022.9803788","pdf_url":null,"source":{"id":"https://openalex.org/S4363605136","display_name":"2022 45th Jubilee International Convention on Information, Communication and Electronic Technology (MIPRO)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 45th Jubilee International Convention on Information, Communication and Electronic Technology (MIPRO)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5062811711","display_name":"P. Soma Reddy","orcid":null},"institutions":[{"id":"https://openalex.org/I155173764","display_name":"Rochester Institute of Technology","ror":"https://ror.org/00v4yb702","country_code":"US","type":"education","lineage":["https://openalex.org/I155173764"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"P. Soma Reddy","raw_affiliation_strings":["Rochester Institute of Technology,Rochester,NY,14623"],"affiliations":[{"raw_affiliation_string":"Rochester Institute of Technology,Rochester,NY,14623","institution_ids":["https://openalex.org/I155173764"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5021605099","display_name":"Justin Pelletier","orcid":"https://orcid.org/0000-0002-8330-045X"},"institutions":[{"id":"https://openalex.org/I155173764","display_name":"Rochester Institute of Technology","ror":"https://ror.org/00v4yb702","country_code":"US","type":"education","lineage":["https://openalex.org/I155173764"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"J. M. Pelletier","raw_affiliation_strings":["Rochester Institute of Technology,Rochester,NY,14623"],"affiliations":[{"raw_affiliation_string":"Rochester Institute of Technology,Rochester,NY,14623","institution_ids":["https://openalex.org/I155173764"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5062811711"],"corresponding_institution_ids":["https://openalex.org/I155173764"],"apc_list":null,"apc_paid":null,"fwci":0.2918,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.50564851,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1117","last_page":"1125"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9941999912261963,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11891","display_name":"Big Data and Business Intelligence","score":0.9916999936103821,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/data-breach","display_name":"Data breach","score":0.7391667366027832},{"id":"https://openalex.org/keywords/business-intelligence","display_name":"Business intelligence","score":0.6885563135147095},{"id":"https://openalex.org/keywords/payment-card","display_name":"Payment card","score":0.591174304485321},{"id":"https://openalex.org/keywords/payment","display_name":"Payment","score":0.5521095991134644},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5407254099845886},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.48505157232284546},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.43362894654273987},{"id":"https://openalex.org/keywords/actuarial-science","display_name":"Actuarial science","score":0.3237021565437317},{"id":"https://openalex.org/keywords/finance","display_name":"Finance","score":0.21863305568695068},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.2037101686000824}],"concepts":[{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.7391667366027832},{"id":"https://openalex.org/C2767350","wikidata":"https://www.wikidata.org/wiki/Q6662173","display_name":"Business intelligence","level":2,"score":0.6885563135147095},{"id":"https://openalex.org/C21021354","wikidata":"https://www.wikidata.org/wiki/Q1207171","display_name":"Payment card","level":3,"score":0.591174304485321},{"id":"https://openalex.org/C145097563","wikidata":"https://www.wikidata.org/wiki/Q1148747","display_name":"Payment","level":2,"score":0.5521095991134644},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5407254099845886},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.48505157232284546},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.43362894654273987},{"id":"https://openalex.org/C162118730","wikidata":"https://www.wikidata.org/wiki/Q1128453","display_name":"Actuarial science","level":1,"score":0.3237021565437317},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.21863305568695068},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.2037101686000824}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.23919/mipro55190.2022.9803788","is_oa":false,"landing_page_url":"https://doi.org/10.23919/mipro55190.2022.9803788","pdf_url":null,"source":{"id":"https://openalex.org/S4363605136","display_name":"2022 45th Jubilee International Convention on Information, Communication and Electronic Technology (MIPRO)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 45th Jubilee International Convention on Information, Communication and Electronic Technology (MIPRO)","raw_type":"proceedings-article"},{"id":"pmh:oai:scholarworks.rit.edu:other-2057","is_oa":false,"landing_page_url":"https://scholarworks.rit.edu/other/1022","pdf_url":null,"source":{"id":"https://openalex.org/S4306402456","display_name":"RIT Scholar Works (Rochester Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I155173764","host_organization_name":"Rochester Institute of Technology","host_organization_lineage":["https://openalex.org/I155173764"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Presentations and other scholarship","raw_type":"text"},{"id":"pmh:oai:repository.rit.edu:other-2057","is_oa":false,"landing_page_url":"https://repository.rit.edu/other/1022","pdf_url":null,"source":{"id":"https://openalex.org/S4306402456","display_name":"RIT Scholar Works (Rochester Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I155173764","host_organization_name":"Rochester Institute of Technology","host_organization_lineage":["https://openalex.org/I155173764"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Presentations and other scholarship","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320316118","display_name":"Rochester Institute of Technology","ror":"https://ror.org/00v4yb702"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W103989251","https://openalex.org/W1504975562","https://openalex.org/W1997537847","https://openalex.org/W2021930613","https://openalex.org/W2089969903","https://openalex.org/W2523625246","https://openalex.org/W2799759507","https://openalex.org/W2801037981","https://openalex.org/W2803678638","https://openalex.org/W2808680185","https://openalex.org/W2895967081","https://openalex.org/W2896921551","https://openalex.org/W2901317449","https://openalex.org/W2918664583","https://openalex.org/W2962723807","https://openalex.org/W2980790296","https://openalex.org/W2983380980","https://openalex.org/W3042362244","https://openalex.org/W3091373649","https://openalex.org/W3164148712","https://openalex.org/W3205249172","https://openalex.org/W3211510811","https://openalex.org/W3213888231","https://openalex.org/W4200317998","https://openalex.org/W4225608293","https://openalex.org/W4243476503","https://openalex.org/W6604225184","https://openalex.org/W6751528878","https://openalex.org/W6755645908","https://openalex.org/W6802420301"],"related_works":["https://openalex.org/W1553115854","https://openalex.org/W3123515316","https://openalex.org/W2512418837","https://openalex.org/W3124118174","https://openalex.org/W3021342783","https://openalex.org/W3122165066","https://openalex.org/W2770474173","https://openalex.org/W2128856174","https://openalex.org/W1606029113","https://openalex.org/W2516824109"],"abstract_inverted_index":{"Information":[0],"transactions":[1],"and":[2,61,130],"data":[3,105],"retention":[4],"comprise":[5],"critical":[6],"inputs":[7],"to":[8,27,87,100,144],"Business":[9,16,103,151],"Intelligence":[10,17,104,152],"processes.":[11,153],"However,":[12],"despite":[13],"ongoing":[14],"data-driven":[15],"process":[18],"improvements,":[19],"many":[20],"companies":[21],"only":[22],"discover":[23],"they":[24],"are":[25],"vulnerable":[26],"a":[28,31,147],"cyber-attack":[29],"after":[30],"breach":[32],"materializes":[33],"the":[34,46,55,62,81,94,97,111,115,121,126,131,140],"risk.":[35],"In":[36],"this":[37],"study,":[38],"we":[39],"propose":[40],"that":[41,71,139],"compliance":[42],"regimes":[43],"such":[44],"as":[45],"global":[47],"Payment":[48],"Card":[49],"Industry":[50],"Data":[51],"Security":[52],"Standard":[53],"(PCI-DSS),":[54],"federal":[56],"Gramm-Leach":[57],"Bliley":[58],"Act":[59],"(GLBA),":[60],"regional":[63],"23-NYCRR-500":[64],"standard":[65],"provide":[66],"externally-imposed":[67],"risk":[68],"discovery":[69],"opportunities":[70],"should":[72],"be":[73],"part":[74],"of":[75],"managerial":[76],"decision-making.":[77],"This":[78],"paper":[79],"describes":[80],"penetration":[82],"test":[83],"(pentest)":[84],"method":[85,99],"relative":[86,143],"those":[88],"regulatory":[89],"regimes.":[90],"We":[91],"then":[92],"consider":[93],"potential":[95],"for":[96],"pentest":[98,141],"yield":[101],"predictive":[102],"sources":[106],"in":[107,150],"five":[108],"historical":[109],"cases:":[110],"2017":[112],"Equifax":[113],"Breach,":[114,120,125],"2014":[116],"J.P.":[117],"Morgan":[118],"Chase":[119],"2012":[122],"Global":[123],"Payments":[124,134],"2010":[127],"Nasdaq":[128],"Hack,":[129],"2009":[132],"Heartland":[133],"Breach.":[135],"Our":[136],"findings":[137],"suggest":[138],"method\u2013especially":[142],"PCI-DSS":[145],"compliance\u2013is":[146],"promising":[148],"inclusion":[149]},"counts_by_year":[{"year":2023,"cited_by_count":2}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}