Developing an empirical study of how qualified subjects might be selected for IT system security penetration testing.