Presentation is loading. Please wait.

Presentation is loading. Please wait.

Law College 1 Techno-Legal Security For Information Assets Naavi August 29, 2003.

Published byTodd Berry Modified over 9 years ago

Similar presentations

Presentation on theme: "Law College 1 Techno-Legal Security For Information Assets Naavi August 29, 2003."— Presentation transcript:

1 naavi@vsnl.comCyber Law College 1 Techno-Legal Security For Information Assets Naavi August 29, 2003

2 naavi@vsnl.comCyber Law College 2 Looking Deeper into the Concept of Security At Different Layers – Physical Layer – Network Layer – Application Layer – Document Layer

3 naavi@vsnl.comCyber Law College 3 Looking Deeper into the Concept of Security..2 – Locks, Firewalls, Intrusion Detection Systems, Filter Applications – Authentication Systems Passwords, Smart Cards, Digital Signatures – Encryption – Backups/Disaster Recovery Systems

4 naavi@vsnl.comCyber Law College 4 This is fine, But the Asset Owner has some questions…

5 naavi@vsnl.comCyber Law College 5 Is Security Secure Enough?.

6 naavi@vsnl.comCyber Law College 6 What if The Firewall Gives Way?

7 naavi@vsnl.comCyber Law College 7 Is Data Back up Sufficient To Secure an Asset?.

8 naavi@vsnl.comCyber Law College 8 When Security is Beached, What is lost? Data?..Or more than Data?

9 naavi@vsnl.comCyber Law College 9 When Security is Breached…2 When www.yourcompany.com displays a Terrorist Messagewww.yourcompany.com When www.yourcompany.com leads to a porno sitewww.yourcompany.com When the Confidential files of the Company are circulating world over..

10 naavi@vsnl.comCyber Law College 10 When Security is Breached..3 Backups can restore the data..but – Cannot restore the loss of image or loss of customer confidence – Cannot prevent legal liability if any

11 naavi@vsnl.comCyber Law College 11 When Security is Breached..4 When your customer files a multi million rupee suit against your company for Breach of Confidentiality of Data When you receive a Copyright Infringement or Patent Infringement notice with multi crore damage No Backup can save you.

12 naavi@vsnl.comCyber Law College 12 When Security is Breached..5 When obscene messages have been distributed from your Corporate network and the Police are after the CEO/CTO under Section 67 of ITA-2000, – No Backup can save you

13 naavi@vsnl.comCyber Law College 13 When Security is Breached..6 When your customer refuses to acknowledge your e-mail notice – Digital Signature cannot save you

14 naavi@vsnl.comCyber Law College 14 When Security is Breached..7 When Police are after your CTO for deleting the e-mail box of your employee who resigned last week and charge you under Section 65 of ITA-2000 – Your promptness could be a mistake

15 naavi@vsnl.comCyber Law College 15 When Security is Breached..8 No Technical Security is Fool proof – When Technical Security is Breached We Need a Second Line of Defense

16 naavi@vsnl.comCyber Law College 16 Total Security Concept First Line of Security is – When Your Information Asset is protected from Intruders using technological tools Technical Security

17 naavi@vsnl.comCyber Law College 17 Total Security Concept..2 Second Line of Security is – Having a Legal Recourse When Intruders break the first line of security Legal Security Together, it is Techno- Legal Security

18 naavi@vsnl.comCyber Law College 18 Total Security Concept..3 Third Line of Security is when – You get back what you have lost (nearly) Insurable Security In Combination, it is Total Security

19 naavi@vsnl.comCyber Law College 19 We cannot reach the third line of security without setting up the second line of security.. Let’s Begin the process..Today

20 naavi@vsnl.comCyber Law College 20 Law is Alien to Technologists But, – It is an inescapable reality – Has a community purpose Law may be an Ass – If you know how to harness it Law may be an angel Never Ignore Law, Learn to harness its positive potential

21 naavi@vsnl.comCyber Law College 21 When Law Is Ignored Your Information Assets May be endangered even without an Intrusion

22 naavi@vsnl.comCyber Law College 22 When Law Is Ignored.. If your Electronic Documents are not valid in law and you have proudly replaced paper backed systems to Electronic Document backed systems, – Your Cyber savvyness could become a disaster

23 naavi@vsnl.comCyber Law College 23 Never Stop At Technical Security Always Think of Techno-Legal Security

24 naavi@vsnl.comCyber Law College 24 Elements of Techno Legal Security ITA-2000 – Digital Contracts – Cyber Crimes Domain Name Regulations Copyright Laws Patent Laws Privacy Laws.

25 naavi@vsnl.comCyber Law College 25 Elements of Techno Legal Security..2 ITA-2000 – What is a legally valid Electronic Document? – What is a legally valid Digital Signature? October 17 2000 October 17 2000

26 naavi@vsnl.comCyber Law College 26 Elements of Techno Legal Security..3 ITA-2000 – Cyber Crimes When done through a Corporate Network – Company and its executives may be held responsible – Damages can be upto 1 crore per victim in case of Virus Distribution !! – Even Malaysian Law may be applicable in Chennai!!

27 naavi@vsnl.comCyber Law College 27 Domain Name Regulations Subject to Trademark Registrations in any corner of the Globe Subject to Timely renewals Subject to the rights of “Registrant” and “Administrative Contact” Subject to UDRP

28 naavi@vsnl.comCyber Law College 28 Copyright Laws Subject to Global Laws DMCA Contributory Infringement

29 naavi@vsnl.comCyber Law College 29 Patent Laws More than 11500 Patents said to affect E-Commerce Damocles Sword hanging over our head

30 naavi@vsnl.comCyber Law College 30 Privacy Laws Subject to Strict EU laws – Could affect BPO operations – May result in liability

31 naavi@vsnl.comCyber Law College 31 Steps in Techno Legal Security Undertake Cyber Law Compliancy Audit – Risk Assessment and Documentation Develop a Cyber Law Compliancy Manual Educate Employees on their Cyber Law Compliancy Role Initiate Corrective Actions, Review Periodically and Take Corrective Actions as required – Exercise Due Diligence Engage a Consultant to hedge Risks

32 naavi@vsnl.comCyber Law College 32 Thank You Contact naavi@vsnl.comnaavi@vsnl.com www.naavi.org www.cyberlawcollege.com

Download ppt "Law College 1 Techno-Legal Security For Information Assets Naavi August 29, 2003."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Travelers CyberRisk for Insurance Companies

Travelers CyberRisk for Insurance Companies
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Section 6.3 Protecting Your Credit. Billing Errors and Disputes Notify your creditor in writing Notify your creditor in writing Pay the portion of the.

Section 6.3 Protecting Your Credit. Billing Errors and Disputes Notify your creditor in writing Notify your creditor in writing Pay the portion of the.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Cyber crime impact on Businesses Bogdan Manolea RITI dot-Gov.

Cyber crime impact on Businesses Bogdan Manolea RITI dot-Gov.
2 3 4 5 6 www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, 2010 10:45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.

1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, :45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Steps to Compliance: Risk Assessment PRESENTED BY.

Steps to Compliance: Risk Assessment PRESENTED BY.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Similar presentations

Ads by Google