Information transactions and data retention comprise critical inputs to Business Intelligence processes. However, despite ongoing data-driven Business Intelligence process improvements, many companies only discover they are vulnerable to a cyber-attack after a breach materializes the risk. In this study, we propose that compliance regimes such as the global Payment Card Industry Data Security Standard (PCI-DSS), the federal Gramm-Leach Bliley Act (GLBA), and the regional 23-NYCRR-500 standard provide externally-imposed risk discovery opportunities that should be part of managerial decision-making. This paper describes the penetration test (pentest) method relative to those regulatory regimes. We then consider the potential for the pentest method to yield predictive Business Intelligence data sources in five historical cases: the 2017 Equifax Breach, the 2014 J.P. Morgan Chase Breach, the 2012 Global Payments Breach, the 2010 Nasdaq Hack, and the 2009 Heartland Payments Breach. Our findings suggest that the pentest method–especially relative to PCI-DSS compliance–is a promising inclusion in Business Intelligence processes.

Date of creation, presentation, or exhibit



© 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Document Type

Conference Paper

Department, Program, or Center

Department of Computing Security (GCCIS)


RIT – Main Campus