Cybersecurity continues to be a key issue in our country! It is essential that companies and organizations understand the importance of keeping their digital information secure, and that ethical hacking can be a valuable tool to achieve this.
The recent approval of ethical hacking in the Framework Law on Cybersecurity and Critical Information Infrastructure is excellent news for all those who work in the field of information security. This new regulation will allow cybersecurity researchers to carry out security tests without fear of being penalized, as long as they meet certain conditions established by the National Cybersecurity Agency.
This measure will promote research in computer security and help increase the level of cybersecurity in the country. In addition, it will allow companies to identify possible vulnerabilities in their systems and correct them before they are exploited by cybercriminals. This is especially important considering the constant increase in cyber attacks around the world.
In short, the approval of ethical hacking in the Framework Law on Cybersecurity and Critical Information Infrastructure is an important step to protect digital information in our country. As experts in digital marketing, we must work so that companies understand the importance of cybersecurity and get involved in protecting their data and that of their customers. Only then can we meet the challenges posed by today's digital world.
Anyone who, carrying out investigation work in computer security, has incurred in the acts typified in the first paragraph, will not be subject to a criminal sanction, provided that the following conditions are met:
- Have reported the access and vulnerabilities in your investigation to the person responsible for the affected computer networks or systems immediately and at the latest when you alert the National Cybersecurity Agency
- Having complied with the other conditions on responsible communication of vulnerabilities that the National Cybersecurity Agency has issued for that purpose
- That the access has not been made with the aim of seizing or using the information contained in the computer system or with fraudulent intent, nor may it have acted beyond what was necessary to verify the existence of a vulnerability, nor used methods that could lead to denial of service to physical evidence using malicious code, social engineering and tampering deletion exfiltration or destruction of data
- Not having publicly disclosed the information related to potential vulnerability, nor will the person who communicates to the agency information about a potential vulnerability of which they have become aware in their work context or during the provision of their services, be penalized. nor will they be considered to have complied with their obligation of professional secrecy.