naavi@vsnl.comcyber law college 1 techno-legal security for information assets naavi august 29, 2003
Post on 03-Jan-2016
218 Views
Preview:
TRANSCRIPT
naavi@vsnl.com Cyber Law College1
Techno-Legal Security For Information Assets
Naavi
August 29, 2003
naavi@vsnl.com Cyber Law College2
Looking Deeper into the Concept of Security
At Different Layers– Physical Layer– Network Layer– Application Layer– Document Layer
naavi@vsnl.com Cyber Law College3
Looking Deeper into the Concept of Security..2
– Locks, Firewalls, Intrusion Detection Systems, Filter Applications
– Authentication SystemsPasswords, Smart Cards, Digital
Signatures– Encryption– Backups/Disaster Recovery Systems
naavi@vsnl.com Cyber Law College4
This is fine, But the Asset Owner has some questions…
naavi@vsnl.com Cyber Law College5
Is Security Secure Enough?
.
naavi@vsnl.com Cyber Law College6
What if The Firewall Gives Way?
naavi@vsnl.com Cyber Law College7
Is Data Back up Sufficient To Secure an Asset?
.
naavi@vsnl.com Cyber Law College8
When Security is Beached, What is lost?
Data? ..Or more than Data?
naavi@vsnl.com Cyber Law College9
When Security is Breached…2
When www.yourcompany.com displays a Terrorist Message
When www.yourcompany.com leads to a porno site
When the Confidential files of the Company are circulating world over..
naavi@vsnl.com Cyber Law College10
When Security is Breached..3
Backups can restore the data..but– Cannot restore the loss of image or loss of
customer confidence– Cannot prevent legal liability if any
naavi@vsnl.com Cyber Law College11
When Security is Breached..4
When your customer files a multi million rupee suit against your company for Breach of Confidentiality of Data
When you receive a Copyright Infringement or Patent Infringement notice with multi crore damage
No Backup can save you.
naavi@vsnl.com Cyber Law College12
When Security is Breached..5
When obscene messages have been distributed from your Corporate network and the Police are after the CEO/CTO under Section 67 of ITA-2000,– No Backup can save you
naavi@vsnl.com Cyber Law College13
When Security is Breached..6
When your customer refuses to acknowledge your e-mail notice– Digital Signature cannot save you
naavi@vsnl.com Cyber Law College14
When Security is Breached..7
When Police are after your CTO for deleting the e-mail box of your employee who resigned last week and charge you under Section 65 of ITA-2000– Your promptness could be a mistake
naavi@vsnl.com Cyber Law College15
When Security is Breached..8
No Technical Security is Fool proof
– When Technical Security is Breached
We Need a Second Line of Defense
naavi@vsnl.com Cyber Law College16
Total Security Concept
First Line of Security is – When Your Information Asset is protected from
Intruders using technological tools Technical Security
naavi@vsnl.com Cyber Law College17
Total Security Concept..2
Second Line of Security is
– Having a Legal Recourse When Intruders break the first line of security
Legal Security
Together, it is Techno-Legal Security
naavi@vsnl.com Cyber Law College18
Total Security Concept..3
Third Line of Security is when – You get back what you have lost (nearly)
Insurable Security
In Combination, it is Total Security
naavi@vsnl.com Cyber Law College19
We cannot reach the third line of security without setting up the second line of
security..
Let’s Begin the process..Today
naavi@vsnl.com Cyber Law College20
Law is Alien to Technologists
But,– It is an inescapable reality– Has a community purpose
Law may be an Ass– If you know how to harness it
Law may be an angel
Never Ignore Law, Learn to harness its positive potential
naavi@vsnl.com Cyber Law College21
When Law Is Ignored
Your Information Assets May be endangered even without an Intrusion
naavi@vsnl.com Cyber Law College22
When Law Is Ignored..
If your Electronic Documents are not valid in law and you have proudly replaced paper backed systems to Electronic Document backed systems,– Your Cyber savvyness could become a disaster
naavi@vsnl.com Cyber Law College23
Never Stop At Technical Security
Always Think of Techno-Legal Security
naavi@vsnl.com Cyber Law College24
Elements of Techno Legal Security
ITA-2000– Digital Contracts– Cyber Crimes
Domain Name Regulations
Copyright Laws Patent Laws Privacy Laws
.
naavi@vsnl.com Cyber Law College25
Elements of Techno Legal Security..2
ITA-2000– What is a legally valid Electronic Document?– What is a legally valid Digital Signature?
October 17
2000
October 17
2000
naavi@vsnl.com Cyber Law College26
Elements of Techno Legal Security..3
ITA-2000– Cyber Crimes
When done through a Corporate Network– Company and its executives may be held
responsible– Damages can be upto 1 crore per victim in
case of Virus Distribution !!– Even Malaysian Law may be applicable in
Chennai!!
naavi@vsnl.com Cyber Law College27
Domain Name Regulations
Subject to Trademark Registrations in any corner of the Globe
Subject to Timely renewals Subject to the rights of “Registrant” and
“Administrative Contact” Subject to UDRP
naavi@vsnl.com Cyber Law College28
Copyright Laws
Subject to Global Laws DMCA Contributory Infringement
naavi@vsnl.com Cyber Law College29
Patent Laws
More than 11500 Patents said to affect E-Commerce Damocles Sword hanging over our head
naavi@vsnl.com Cyber Law College30
Privacy Laws
Subject to Strict EU laws – Could affect BPO operations– May result in liability
naavi@vsnl.com Cyber Law College31
Steps in Techno Legal Security
Undertake Cyber Law Compliancy Audit– Risk Assessment and Documentation
Develop a Cyber Law Compliancy Manual Educate Employees on their Cyber Law Compliancy
Role Initiate Corrective Actions, Review Periodically and
Take Corrective Actions as required– Exercise Due Diligence
Engage a Consultant to hedge Risks
naavi@vsnl.com Cyber Law College32
Thank You
Contact naavi@vsnl.com www.naavi.org www.cyberlawcollege.com
top related