IT testing laws leave lawyers laughing
IT managers are rejecting elaborate waivers pushed by IT security vendors for routine penetration testing, but legal concerns have been accelerating since the introduction of the Cybercrime Act (2001).
Security vendors and IT managers agree the legal landscape has become far more complicated in the past 12 months and concerns have been raised about the legalities surrounding IT security testing following the introduction of the draconian cybercrime legislation.
Offences carrying jail terms of up to 10 years for possessing hacker tool kits, scanners and virus code are part of the act.
But for IT security vendors these are the tools of the trade and the only way to 'fit the bill' is to ensure written authorisation is backed by appropriate indemnities from clients. However, the indemnities have become so elaborate to cover legislative concerns as well as insurance risk that users are sceptical.
A company that undertakes extensive penetration testing is ITAC and CEO Stephen James said customers have baulked at some of the waivers. The use of lawyers has certainly increased in the past 12 months, he said.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.