We are now in the age where information is valued most and for some, this information is critical to their day to day activities and transactions and the most common questions are: Are this information safe and secure?, Who can access this information? What are the level of access to this information? Are there backups to this information? This paper explores some of the misconceptions of ethical hacking and the perceptions of users in the organization, the potential threats and the eﬀect after the process was done. It will give a brief background of what hacking is and an anatomy of a hack, social engineering and other methods used by intruders to gain access to their target machine, users or organization. It will also discuss the step by step process on how this kind of security testing will be done and the none disclosure agreement that needs to be discussed. This paper will also look on the diﬀerent perceptions of diﬀerent users in the organization on ethical hacking, what prevents them in doing the process and what makes them do the process. It will also discuss the diﬀerent classification of hackers for better understanding.