Discuss the below:
Hackers and Consultants
It is not unusual for IT security firms to hire individuals who have been in trouble with the law as consultants. Since penetration testing - a common practice for finding vulnerabilities in information systems - requires using the latest and most sophisticated techniques that real criminals use, it makes some sense to hire people who have used these skills to commit crimes themselves as hackers.
How appropriate do you think it would be for a hospital, whose patients trust with their private medical information every day, to hire such consultants to analyze its information systems for vulnerabilities? Why? Assess the risks and tradeoffs that exist in hiring this type of consultant?