Technoethics and Organizing: Exploring Ethical Hacking within a Canadian University

Abstract

Ethical hacking is one important information security risk management strategy business and academic organizations use to protect their information assets from the growing threat of hackers. Most published books on ethical hacking have focused on its technical applications in risk assessment practices. This thesis addressed a gap within the organizational communication literature on ethical hacking. Taking a qualitative exploratory case study approach, the thesis paired technoethical inquiry theory with Karl Weick’s sensemaking model to explore ethical hacking in a Canadian university. In-depth interviews with key stakeholder groups and a document review were conducted. Guided by the Technoethical Inquiry Decision-making Grid (TEI-DMG), a qualitative framework for use in technological assessment, findings pointed to the need to expand the communicative and social considerations involved in decision making about ethical hacking practices. Guided by Weick’s theory, findings pointed to security awareness training for increasing sensemaking opportunities and reducing equivocality in the information environment.