naavi@vsnl.comcyber law college 1 techno-legal security for information assets naavi august 29, 2003

naavi@vsnl.com Cyber Law College1

Techno-Legal Security For Information Assets

Naavi

August 29, 2003

naavi@vsnl.com Cyber Law College2

Looking Deeper into the Concept of Security

At Different Layers– Physical Layer– Network Layer– Application Layer– Document Layer

naavi@vsnl.com Cyber Law College3

Looking Deeper into the Concept of Security..2

– Locks, Firewalls, Intrusion Detection Systems, Filter Applications

– Authentication SystemsPasswords, Smart Cards, Digital

Signatures– Encryption– Backups/Disaster Recovery Systems

naavi@vsnl.com Cyber Law College4

This is fine, But the Asset Owner has some questions…

naavi@vsnl.com Cyber Law College5

Is Security Secure Enough?

.

naavi@vsnl.com Cyber Law College6

What if The Firewall Gives Way?

naavi@vsnl.com Cyber Law College7

Is Data Back up Sufficient To Secure an Asset?

.

naavi@vsnl.com Cyber Law College8

When Security is Beached, What is lost?

Data? ..Or more than Data?

naavi@vsnl.com Cyber Law College9

When Security is Breached…2

When www.yourcompany.com displays a Terrorist Message

When www.yourcompany.com leads to a porno site

When the Confidential files of the Company are circulating world over..

naavi@vsnl.com Cyber Law College10

When Security is Breached..3

Backups can restore the data..but– Cannot restore the loss of image or loss of

customer confidence– Cannot prevent legal liability if any

naavi@vsnl.com Cyber Law College11

When Security is Breached..4

When your customer files a multi million rupee suit against your company for Breach of Confidentiality of Data

When you receive a Copyright Infringement or Patent Infringement notice with multi crore damage

No Backup can save you.

naavi@vsnl.com Cyber Law College12

When Security is Breached..5

When obscene messages have been distributed from your Corporate network and the Police are after the CEO/CTO under Section 67 of ITA-2000,– No Backup can save you

naavi@vsnl.com Cyber Law College13

When Security is Breached..6

When your customer refuses to acknowledge your e-mail notice– Digital Signature cannot save you

naavi@vsnl.com Cyber Law College14

When Security is Breached..7

When Police are after your CTO for deleting the e-mail box of your employee who resigned last week and charge you under Section 65 of ITA-2000– Your promptness could be a mistake

naavi@vsnl.com Cyber Law College15

When Security is Breached..8

No Technical Security is Fool proof

– When Technical Security is Breached

We Need a Second Line of Defense

naavi@vsnl.com Cyber Law College16

Total Security Concept

First Line of Security is – When Your Information Asset is protected from

Intruders using technological tools Technical Security

naavi@vsnl.com Cyber Law College17

Total Security Concept..2

Second Line of Security is

– Having a Legal Recourse When Intruders break the first line of security

Legal Security

Together, it is Techno-Legal Security

naavi@vsnl.com Cyber Law College18

Total Security Concept..3

Third Line of Security is when – You get back what you have lost (nearly)

Insurable Security

In Combination, it is Total Security

naavi@vsnl.com Cyber Law College19

We cannot reach the third line of security without setting up the second line of

security..

Let’s Begin the process..Today

naavi@vsnl.com Cyber Law College20

Law is Alien to Technologists

But,– It is an inescapable reality– Has a community purpose

Law may be an Ass– If you know how to harness it

Law may be an angel

Never Ignore Law, Learn to harness its positive potential

naavi@vsnl.com Cyber Law College21

When Law Is Ignored

Your Information Assets May be endangered even without an Intrusion

naavi@vsnl.com Cyber Law College22

When Law Is Ignored..

If your Electronic Documents are not valid in law and you have proudly replaced paper backed systems to Electronic Document backed systems,– Your Cyber savvyness could become a disaster

naavi@vsnl.com Cyber Law College23

Never Stop At Technical Security

Always Think of Techno-Legal Security

naavi@vsnl.com Cyber Law College24

Elements of Techno Legal Security

ITA-2000– Digital Contracts– Cyber Crimes

Domain Name Regulations

Copyright Laws Patent Laws Privacy Laws

.

naavi@vsnl.com Cyber Law College25

Elements of Techno Legal Security..2

ITA-2000– What is a legally valid Electronic Document?– What is a legally valid Digital Signature?

October 17

2000

October 17

2000

naavi@vsnl.com Cyber Law College26

Elements of Techno Legal Security..3

ITA-2000– Cyber Crimes

When done through a Corporate Network– Company and its executives may be held

responsible– Damages can be upto 1 crore per victim in

case of Virus Distribution !!– Even Malaysian Law may be applicable in

Chennai!!

naavi@vsnl.com Cyber Law College27

Domain Name Regulations

Subject to Trademark Registrations in any corner of the Globe

Subject to Timely renewals Subject to the rights of “Registrant” and

“Administrative Contact” Subject to UDRP

naavi@vsnl.com Cyber Law College28

Copyright Laws

Subject to Global Laws DMCA Contributory Infringement

naavi@vsnl.com Cyber Law College29

Patent Laws

More than 11500 Patents said to affect E-Commerce Damocles Sword hanging over our head

naavi@vsnl.com Cyber Law College30

Privacy Laws

Subject to Strict EU laws – Could affect BPO operations– May result in liability

naavi@vsnl.com Cyber Law College31

Steps in Techno Legal Security

Undertake Cyber Law Compliancy Audit– Risk Assessment and Documentation

Develop a Cyber Law Compliancy Manual Educate Employees on their Cyber Law Compliancy

Role Initiate Corrective Actions, Review Periodically and

Take Corrective Actions as required– Exercise Due Diligence

Engage a Consultant to hedge Risks

naavi@vsnl.com Cyber Law College32

Thank You

Contact naavi@vsnl.com www.naavi.org www.cyberlawcollege.com