[email protected] Law College 1 Techno-Legal Security For Information Assets Naavi August 29,...
-
Upload
todd-berry -
Category
Documents
-
view
217 -
download
0
Transcript of [email protected] Law College 1 Techno-Legal Security For Information Assets Naavi August 29,...
[email protected] Cyber Law College1
Techno-Legal Security For Information Assets
Naavi
August 29, 2003
[email protected] Cyber Law College2
Looking Deeper into the Concept of Security
At Different Layers– Physical Layer– Network Layer– Application Layer– Document Layer
[email protected] Cyber Law College3
Looking Deeper into the Concept of Security..2
– Locks, Firewalls, Intrusion Detection Systems, Filter Applications
– Authentication SystemsPasswords, Smart Cards, Digital
Signatures– Encryption– Backups/Disaster Recovery Systems
[email protected] Cyber Law College4
This is fine, But the Asset Owner has some questions…
[email protected] Cyber Law College6
What if The Firewall Gives Way?
[email protected] Cyber Law College8
When Security is Beached, What is lost?
Data? ..Or more than Data?
[email protected] Cyber Law College9
When Security is Breached…2
When www.yourcompany.com displays a Terrorist Message
When www.yourcompany.com leads to a porno site
When the Confidential files of the Company are circulating world over..
[email protected] Cyber Law College10
When Security is Breached..3
Backups can restore the data..but– Cannot restore the loss of image or loss of
customer confidence– Cannot prevent legal liability if any
[email protected] Cyber Law College11
When Security is Breached..4
When your customer files a multi million rupee suit against your company for Breach of Confidentiality of Data
When you receive a Copyright Infringement or Patent Infringement notice with multi crore damage
No Backup can save you.
[email protected] Cyber Law College12
When Security is Breached..5
When obscene messages have been distributed from your Corporate network and the Police are after the CEO/CTO under Section 67 of ITA-2000,– No Backup can save you
[email protected] Cyber Law College13
When Security is Breached..6
When your customer refuses to acknowledge your e-mail notice– Digital Signature cannot save you
[email protected] Cyber Law College14
When Security is Breached..7
When Police are after your CTO for deleting the e-mail box of your employee who resigned last week and charge you under Section 65 of ITA-2000– Your promptness could be a mistake
[email protected] Cyber Law College15
When Security is Breached..8
No Technical Security is Fool proof
– When Technical Security is Breached
We Need a Second Line of Defense
[email protected] Cyber Law College16
Total Security Concept
First Line of Security is – When Your Information Asset is protected from
Intruders using technological tools Technical Security
[email protected] Cyber Law College17
Total Security Concept..2
Second Line of Security is
– Having a Legal Recourse When Intruders break the first line of security
Legal Security
Together, it is Techno-Legal Security
[email protected] Cyber Law College18
Total Security Concept..3
Third Line of Security is when – You get back what you have lost (nearly)
Insurable Security
In Combination, it is Total Security
[email protected] Cyber Law College19
We cannot reach the third line of security without setting up the second line of
security..
Let’s Begin the process..Today
[email protected] Cyber Law College20
Law is Alien to Technologists
But,– It is an inescapable reality– Has a community purpose
Law may be an Ass– If you know how to harness it
Law may be an angel
Never Ignore Law, Learn to harness its positive potential
[email protected] Cyber Law College21
When Law Is Ignored
Your Information Assets May be endangered even without an Intrusion
[email protected] Cyber Law College22
When Law Is Ignored..
If your Electronic Documents are not valid in law and you have proudly replaced paper backed systems to Electronic Document backed systems,– Your Cyber savvyness could become a disaster
[email protected] Cyber Law College23
Never Stop At Technical Security
Always Think of Techno-Legal Security
[email protected] Cyber Law College24
Elements of Techno Legal Security
ITA-2000– Digital Contracts– Cyber Crimes
Domain Name Regulations
Copyright Laws Patent Laws Privacy Laws
.
[email protected] Cyber Law College25
Elements of Techno Legal Security..2
ITA-2000– What is a legally valid Electronic Document?– What is a legally valid Digital Signature?
October 17
2000
October 17
2000
[email protected] Cyber Law College26
Elements of Techno Legal Security..3
ITA-2000– Cyber Crimes
When done through a Corporate Network– Company and its executives may be held
responsible– Damages can be upto 1 crore per victim in
case of Virus Distribution !!– Even Malaysian Law may be applicable in
Chennai!!
[email protected] Cyber Law College27
Domain Name Regulations
Subject to Trademark Registrations in any corner of the Globe
Subject to Timely renewals Subject to the rights of “Registrant” and
“Administrative Contact” Subject to UDRP
[email protected] Cyber Law College28
Copyright Laws
Subject to Global Laws DMCA Contributory Infringement
[email protected] Cyber Law College29
Patent Laws
More than 11500 Patents said to affect E-Commerce Damocles Sword hanging over our head
[email protected] Cyber Law College30
Privacy Laws
Subject to Strict EU laws – Could affect BPO operations– May result in liability
[email protected] Cyber Law College31
Steps in Techno Legal Security
Undertake Cyber Law Compliancy Audit– Risk Assessment and Documentation
Develop a Cyber Law Compliancy Manual Educate Employees on their Cyber Law Compliancy
Role Initiate Corrective Actions, Review Periodically and
Take Corrective Actions as required– Exercise Due Diligence
Engage a Consultant to hedge Risks
[email protected] Cyber Law College32
Thank You
Contact [email protected] www.naavi.org www.cyberlawcollege.com