Unit 5: Information Security Standards

Information Security Standards

Information security standards provide a framework to ensure the confidentiality, integrity, and availability of information.

a. ISO Standards

• ISO/IEC 27001: International standard for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
• ISO/IEC 27002: Provides guidelines for organizational information security standards and best practices.

Benefits:

• Protects data and IT systems
• Improves business credibility and trust
• Supports compliance with regulations

b. IT Act, 2000 (India)

• Purpose: Legal framework to regulate electronic commerce, digital signatures, and cyber crimes.

Key Features:

• Recognizes electronic contracts and records as legally valid
• Provides legal recognition for digital signatures
• Addresses unauthorized access, hacking, identity theft, and cyber fraud

Copyright Act & Intellectual Property Rights (IPR)

a. Copyright Act

• Purpose: Protects the original work of authors, artists, and creators in the form of books, software, music, and other content.
• Protection: Grants the creator exclusive rights to reproduce, distribute, and modify their work.
• Duration: Typically lasts for the life of the author plus 60 years (varies by jurisdiction).

b. Intellectual Property Rights (IPR)

• Definition: Legal rights protecting creations of the mind, including inventions, designs, symbols, and artistic works.

Types:

1. Patents: Protection for inventions and innovations.
2. Trademarks: Protect brand names, logos, and symbols.
3. Copyrights: Protect literary and artistic works.
4. Trade Secrets: Confidential business information.

Cyber Crimes

Definition: Crimes that involve computers, networks, or electronic devices.

Common Cyber Crimes:

1. Hacking: Unauthorized access to systems or networks.
2. Phishing: Fraudulent attempts to obtain sensitive information.
3. Identity Theft: Stealing personal or financial information for misuse.
4. Ransomware Attacks: Malware that encrypts files and demands payment.
5. Cyber Stalking / Harassment: Online threats or abusive messages.
6. Financial Fraud: Online banking or credit card fraud.

Cyber Laws in India

a. IT Act 2000

• Objective: Legal recognition of electronic transactions and addressing cyber crimes.

Key Provisions:

1. Digital Signature Recognition: Validates electronic signatures for legal transactions.
2. Cyber Crime Offenses: Covers hacking, identity theft, phishing, virus attacks, and data breaches.
3. Penalties: Imprisonment and fines for unauthorized access or damage to IT systems.
4. Certifying Authorities: Govern issuance of digital certificates for authentication.

b. Amendments

• IT Act 2008: Strengthened provisions on cyber terrorism, data protection, and sensitive personal information.

Intellectual Property Law (IP Law)

• Provides legal protection to creations of the mind and digital content.
• Ensures innovators and creators receive monetary and legal benefits for their work.
• Relevant to IT and software industry: software patents, copyrights, trademarks, and trade secrets.

Summary Table

Topic	Key Points
ISO Standards	ISO 27001, 27002; ISMS framework; ensures confidentiality, integrity, availability
IT Act, 2000	Legal recognition of e-transactions, digital signatures, penalties for cyber crimes
Copyright Act	Protects original literary and artistic works; exclusive rights for authors
Intellectual Property Rights	Patents, trademarks, copyrights, trade secrets; protects creations and innovations
Cyber Crimes	Hacking, phishing, identity theft, ransomware, online fraud, cyber harassment
Cyber Laws in India	IT Act 2000 & 2008; digital signature, cyber crime offenses, penalties, certifying authorities

Copyright Law

Copyright law protects the original works of authorship, including literary, artistic, musical, and software creations. It gives the creator exclusive rights to use, distribute, and modify their work.

Key Points:

• Protected Works: Books, software, music, movies, artworks, and digital content.
• Rights Granted: Reproduction, distribution, public performance, display, and adaptation.
• Duration: Generally lasts for the lifetime of the author plus 60 years (varies by jurisdiction).
• Infringement: Unauthorized copying, distribution, or modification of copyrighted work.

Example: Copying proprietary software without permission is a violation of copyright law.

Semiconductor Law

Semiconductor law protects the design and layout of semiconductor chips (integrated circuits) from unauthorized copying.

Key Points:

• Protects topographies or layouts of semiconductor chips.
• Provides exclusive rights to reproduce, distribute, or license the chip design.
• Ensures innovation in hardware and prevents counterfeit production.

Example: Unauthorized replication of microchip designs by competitors constitutes a violation under semiconductor law.

Patent Law

Patent law grants inventors exclusive rights to new inventions or technological solutions for a limited period, typically 20 years.

Key Points:

• Patentable Subject Matter: Products, processes, machinery, chemical compositions, and software-related inventions (in some jurisdictions).
• Rights Granted: Exclusive right to manufacture, sell, or license the invention.
• Infringement: Unauthorized use or production of a patented invention.

Example: Developing a mobile device using a patented battery technology without permission violates patent law.

Software Piracy

Software piracy is the unauthorized copying, distribution, or use of software in violation of copyright or licensing agreements.

Types of Software Piracy:

1. Counterfeiting: Illegal copying and selling of software.
2. End-User Piracy: Installing software on multiple devices without a valid license.
3. Internet Piracy: Downloading software illegally from the Internet.
4. Hard Disk Loading: Preloading unauthorized software on new computers for sale.

Consequences:

• Legal penalties (fines and imprisonment)
• Loss of revenue for software developers
• Security risks from pirated or infected software

Software Licensing

Software licensing is a legal agreement between the software developer and user, defining how the software can be used.

Common Types of Software Licenses:

1. Proprietary License: Software is owned by the developer; users must purchase or subscribe.
2. Freeware: Free to use but often restricted from modification or redistribution.
3. Shareware: Free trial version with limited features; full version requires payment.
4. Open Source: Source code is available to users to view, modify, and distribute under specific licenses (e.g., GPL, MIT License).

Key Points:

• Licensing ensures legal use and protects intellectual property.
• Users must adhere to terms and conditions specified in the license agreement.

Summary Table

Topic	Key Points
Copyright Law	Protects literary, artistic, and software works; exclusive rights for reproduction, distribution, and adaptation
Semiconductor Law	Protects chip layouts/topographies; prevents unauthorized replication of hardware designs
Patent Law	Grants inventors exclusive rights for new inventions; covers products, processes, and sometimes software
Software Piracy	Unauthorized copying or distribution of software; includes counterfeiting, Internet piracy, and end-user piracy
Software Licensing	Legal agreement for software use; types include proprietary, freeware, shareware, and open source