IT testing laws leave lawyers laughing

Friday, 27 September 2002, 2:11 PM EST

IT managers are rejecting elaborate waivers pushed by IT security vendors for routine penetration testing, but legal concerns have been accelerating since the introduction of the Cybercrime Act (2001).

Security vendors and IT managers agree the legal landscape has become far more complicated in the past 12 months and concerns have been raised about the legalities surrounding IT security testing following the introduction of the draconian cybercrime legislation.

Offences carrying jail terms of up to 10 years for possessing hacker tool kits, scanners and virus code are part of the act.

But for IT security vendors these are the tools of the trade and the only way to 'fit the bill' is to ensure written authorisation is backed by appropriate indemnities from clients. However, the indemnities have become so elaborate to cover legislative concerns as well as insurance risk that users are sceptical.

A company that undertakes extensive penetration testing is ITAC and CEO Stephen James said customers have baulked at some of the waivers. The use of lawyers has certainly increased in the past 12 months, he said.

[ Read more ]




Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //