I am the system admin at my organization and my director has asked me to conduct some penetration testing. Partly because he wants to make sure we are secure, and partly because I want to do it. Not sure if this is the right place to ask this, but are there any legal concerns around me doing any testing of our network and systems? Some testing would occur with internal access to the network, and some would be external attacks.
I know not really a technical question, and if this goes somewhere else let me know.
Thanks!