Why does a penetration tester need to be aware of this law?
Visit the National Conference of State Legislatures’ Computer Crimes Statutes page and take a look at the laws for your state related to
computer crime. Select one of these laws or a federal law to evaluate. Why does a penetration tester need to be aware of this law? Do you feel this law is sufficient? If so, explain why. If not, what would you change? My State is DC or Maryland Note: If your state has insufficient information or no information, or you get an error message, you can also choose a neighboring state and base your answer on that state’s information. Consider existing cybersecurity legislation and what might still be missing. If you could create one piece of legislation to help
cybersecurity, what would it be? Why is this legislation something needed? Separately respond to at least one of your classmates’ posts. Classmate (Christopher): Hello everyone, After reviewing Maryland laws on cybercrime, I found it interesting that most cybercrimes have to relate to problems of people gaining restricted access to systems they do not have access to. According to Maryland criminal law article §7–302, ” A person may not intentionally, willfully, and without access, attempt to access, cause to be accessed, or exceed the person’s authorized
access to all or part of a computer network, computer control language, computer, computer software, computer system, computer service, or computer database” (Maryland General Assembly, 1, p. 12). I feel that a penetration tester needs to be aware of this law because if they are not aware of this, there would be a problem, and they might be charged with a crime they did not mean to commit. As a penetration tester, you are entering into a system you have been assigned, but while hacking into those systems, you might stumble into a system/ network you have not been given access to. In order for the pentester to be aware of the laws, the customer must provide them with a “Get out of jail ” document which proves that the customer gave the pentester permission for the hack and the customer is authorized to give that permission (2). I feel that the
law is sufficient because the pentester will be aware of what they are to do and what they should not do with this kind of law. If both the customers and the pentester are aware of this law, the customer will be able to give the pentester a detailed explanation and scope of what they are meant to do, and the test should be carried out. By doing this, the pentester will know what to do and be aware of how to do it, but they will also be able to avoid breaking the law by limiting themselves to the scope set for them. Sources: Maryland General Assembly. No date. Article –