IT testing laws leave lawyers laughing
IT managers are rejecting elaborate waivers pushed by IT security vendors for routine penetration testing, but legal concerns have been accelerating since the introduction of the Cybercrime Act (2001).
Security vendors and IT managers agree the legal landscape has become far more complicated in the past 12 months and concerns have been raised about the legalities surrounding IT security testing following the introduction of the draconian cybercrime legislation.
Offences carrying jail terms of up to 10 years for possessing hacker tool kits, scanners and virus code are part of the act.
But for IT security vendors these are the tools of the trade and the only way to 'fit the bill' is to ensure written authorisation is backed by appropriate indemnities from clients. However, the indemnities have become so elaborate to cover legislative concerns as well as insurance risk that users are sceptical.
A company that undertakes extensive penetration testing is ITAC and CEO Stephen James said customers have baulked at some of the waivers. The use of lawyers has certainly increased in the past 12 months, he said.
[ Read more ]