INFORMATION SECURITY STANDARD

While information security plays an important role in protecting the data and assets of an organization,
we often hear news about security incidents, such as defacement of websites, server hacking and data
leakage. Organizations need to be fully aware of the need to devote more resources to the protection of
information assets, and information security must become a top concern in both government and
business. To address the situation, a number of governments and organizations have set up benchmarks,
standards and in some cases, legal regulations on information security to help ensure an adequate level
of security is maintained, resources are used in the right way, and the best security practices are adopted.
Some industries, such as banking, are regulated, and the guidelines or best practices put together as part
of those regulations often become a de facto standard among members of these industries.

ISO STANDARDS
The International Organisation for Standardisation (ISO), established in 1947, is a nongovernmental
international body that collaborates with the International Electrotechnical Commission (IEC) 3 and the
International Telecommunication Union (ITU) 4 on information and communications technology (ICT)
standards 5. The following are commonly referenced ISO security standards:

1. ISO/IEC 27002:2005 (Code of Practice for Information Security Management)

2. ISO/IEC 27001:2005 (Information Security Management System -Requirements)

3. ISO/IEC 15408 (Evaluation Criteria for IT Security)

The international standard ISO/IEC 15408 is commonly known as the “Common Criteria” (CC). It consists
of three parts:

a) ISO/IEC 15408-1:2005 (introduction and general model)

b) ISO/IEC 15408-2:2005 (security functional requirements)

c) ISO/IEC 15408-3:2005 (security assurance requirements).

This standard helps evaluate, validate, and certify the security assurance of a technology product against
a number of factors, such as the security functional requirements specified in the standard.

Hardware and software can be evaluated against CC requirements in accredited testing laboratories to
certify the exact EAL (Evaluation Assurance Level) the product or system can attain.

4. ISO/IEC 13335 (IT Security Management)

ISO/IEC 13335 was initially a Technical Report (TR) before becoming a full ISO/IEC standard. It consists of
a series of guidelines for technical security control measures:
a) ISO/IEC 13335-1:2004 documents the concepts and models for information and communications
technology security management.

b) ISO/IEC TR 13335-3:1998 documents the techniques for the management of IT security.

c) ISO/IEC TR 13335-4:2000 covers the selection of safeguards (i.e. technical security controls).

d) ISO/IEC TR 13335-5:2001 covers management guidance on network security.

The Information Technology Act 2000

The Information Technology Act 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian
Parliament (No 21 of 2000) notified on October 17, 2000. It is meant to provide legal recognition for
transactions carried out by means of electronic data interchange (EDI) and other means of electronic
communication, commonly referred as ‘e-commerce’.

Cyber laws are contained in the IT Act, 2000.This Act aims to provide the legal infrastructure for e-
commerce in India. And the cyber laws have a major impact for e-businesses and the new economy in
India.

The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic
means of communication and the same shall have legal validity and enforceability.

Information technology Act 2000 consisted of 94 sections segregated into 13 chapters. Four schedules
form part of the Act. In the 2008 version of the Act, there are 124 sections (excluding 5 sections that have
been omitted from the earlier version) and 14 chapters. Schedule I and II have been replaced. Schedules
III and IV are deleted. Information Technology Act 2000 addressed the following issues:

1. Legal recognition of electronic documents

2. Legal Recognition of digital signatures

3. Offenses and contraventions

4. Justice dispensation systems for cybercrimes

Objectives of the IT Act, 2000

(a) To grant legal recognition for transactions carried out by means of Electronic Data Interchange and
other means of electronic communication commonly referred to as “electronic commerce” in place of
paper-based methods of communication.

(b) To give legal recognition to Digital Signature for authentication of any information or matter which
requires authentication under any law.

(c) To facilitate electronic filing of documents with Government departments

(d) To facilitate electronic storage of data.

(e) To facilitate and give legal sanction to electronic fund transfers between banks and financial
institutions.

(f) To give legal recognition for keeping books of account by Bankers in electronic form.

(g) Certifying authorities will be licensed to issue digital signature certificates and a regulatory regime will
be established to supervise the certifying authorities who will not, themselves be a part of the
bureaucracy.

Some highlights of the Act are listed below:

Chapter 1: Preliminary

Chapter 2: Digital Signature and Electronic Signature

Chapter 3: Electronic Governance

Chapter 4: Attribution Acknowledgment and Dispatch of Electronic Records

Chapter 5: Secure Electronic Records and Secure Electronic Signatures

Chapter 6: Regulation of Certifying Authorities

Chapter 7: Electronic Signature Certificates

Chapter 8: Duties of Subscribers

Chapter 9: Penalties Compensation and Adjudication

Chapter 10: The Cyber Appellate Tribunal

Chapter 11: Offences

Chapter 12: Intermediaries Not To Be Liable in Certain Cases

Chapter 13: Miscellaneous

Intellectual property rights

Intellectual property rights are the rights given to a person or an organization for their intellectual activity,
i.e. over the creations of their minds. They usually give the creator an exclusive right over the use of
his/her creation for a certain period of time. Thus, Intellectual Property Rights are legal rights, which result
from intellectual activity in industrial, scientific, literary and artistic fields. Intellectual property is the
product of the human intellect including creativity concepts, inventions, industrial models, trademarks,
songs, literature, symbols, names, brands, etc. It refers to intangible property that has been created by
individuals and corporate for their personal benefit or usage. It is created through human intelligence and
mental efforts.

Intellectual Property Rights do not differ from other property rights. They allow the rights owner to
completely benefit from his product which was initially an idea that developed and crystallized. They also
give him the right to prevent others from using, dealing or tampering with his product without prior
permission from him. He can in fact legally sue them and force them to stop and compensate for any
damages.

IPR is divided into seven main branches under the TRIP (Trade-Related aspects of IPR) agreement. These
branches are:

PATENT: A patent is an exclusive right granted for an invention, which is a product or a process that
provides a new way of choosing something, or offers a new technical solution to a problem. A patent is a
government issued right granted to individuals or groups that protects their original inventions from being
made, used, or sold by others without their permission for a set period of time. Basically, A Patent is a
legal monopoly, which is granted for a limited time by a country to the owner of an invention. A patent is
a limited property right the government gives inventors in exchange for their agreement to share details
of their inventions with the public. The patent, in the eyes of the law, is a property right and it can be
given away, inherited, sold, licensed and can even be abandoned. a patent provides the right to exclude
others from making, using, selling, offering for sale, or importing the patented invention for the term of
the patent, which is usually 20 years from the filing date subject to the payment of maintenance fees. In
order to be recognized as a patent, the invention should fit into certain criteria such as it should be new,
imaginative and should be functional and useful or could be applied in the relevant organizations. Like any
other property right, it may be sold, licensed, mortgaged, assigned or transferred, given away, or simply
abandoned. There are three types of patents: utility patents, design patents and plant patents.

COPYRIGHT: Copyright is a legal concept, enacted by most governments, giving the creator of original
work exclusive rights to it, usually for a limited time. Generally, it is "the right to copy", but also gives the
copyright holder the right to be credited for the work, to determine who may adapt the work to other
forms, who may perform the work, who may financially benefit from it, and other related rights. It is a
form of intellectual property (like the patent, the trademark) applicable to any expressible form of an idea
or information that is substantive and discrete. Copyright initially was conceived as a way for government
to restrict printing; the contemporary intent of copyright is to promote the creation of new works by
giving authors control of and profit from them. Typically, the duration of copyright is the whole life of the
creator plus fifty to a hundred years from the creator's death, or a finite period for anonymous or
corporate creations. It is also be defined as, “As a copyright holder, you have the exclusive right to
reproduce or make copies of a creative work. You can also distribute or sell copies; make a derivative work
(for example, turn a novel into a movie); and perform or display the work publicly”.

Copyrightable Material includes:

creative works---literature, art and music

 artistic creations---books, music, paintings and sculptures, films

technology-based works---computer programs and electronic databases

There are four main forms of remedies in the event that copyright infringement takes place:

1. An injunction to stop the production of further copies.

2. A demand that all copies are surrendered to the copyright owner.

3. Damages for losses suffered by the copyright owner.

4. An account of profits made by the infringer.

TRADEMARK: Trademarks are the characteristic distinguishing signs, symbols, or indicators used by an
individual or an organization, which are normally used to recognize a particular artifact or services which
specifies its source to differentiate its artifacts or services from other individual or organization. A
trademark is a recognizable sign, designer expression which identifies products or services of a particular
source from those of others. It could be a combination of words, expressions, symbols, emblems, designs,
images or devices. The trademark owner can be an individual, business organization, or any legal entity.
A trademark may be located on a package, a label, a voucher or on the product itself. For the sake of
corporate identity trademarks are also being displayed on company buildings. Trademarks are used to
claim exclusive properties of products or services.

The usage of trademarks by its owner can cause legal issues if this usage makes them guilty of false
advertising or if the trademark is offensive. A trademark provides protection to the owner of the mark by
ensuring the exclusive right to use it to identify goods or services, or to authorize another to use it in
return for payment. The period of protection varies, but a trademark can be renewed indefinitely beyond
the time limit on payment of additional fees. Trademark protection is enforced by the courts, which in
most systems have the authority to block trademark infringement. The trademarks agreement provides
the primary registration and each renewal of registration should be for a period of not less than 7 years
and the registration can be renewed indefinitely.

PATENT LAW
Patent law governs the "right to exclude others from making, using or selling an invention or products
made by an invented process that is granted to an inventor" for a period of time. Patents are not granted
if the invention or product is obvious or known or used by others.

The fundamental principle of patent law is that the patent is granted only for an invention i.e. new and
useful having novelty and utility. The grant of patent thus becomes of industrial property and also called
an intellectual property The term “pattern “has its origin from the term “Letter patent”. This
expression “Letter patent meant open letter and were instruments under the great seal of king of England
addressed by the crown. Patents area type of intellectual Property right that grant the owner the right
to exclude others from making, using, offering for sale or selling the invention in the United States.
 Patents are generally concerned with functional and technical aspects of products and processes and
must fulfill specific conditions to be granted.

Most patents are for incremental improvements in known technology - evolution rather than
revolution. The technology does not have to be complex.

Patent rights are territorial; an Indian patent does not give rights outside of India.

Patent rights last for up to 20 years in India and in most countries outside India.

Depending on where you wish your patent to be in effect, you must apply to the appropriate body. In
India, this is The Indian Patent Office. There are various Patent Offices around the world. Alternatively, a
Patent Agent can apply on your behalf.

REQUIREMENTS OF PATENT LAW: The invention must be useful, novel (new), and non obvious. If so, the
inventor is entitled to patent protection, and the government is obliged to give it. Patent protection
excludes all others except the patent holder from making, using, selling or offering to sell the patented
invention. However if another invention which has patent is used in the actual physical creation of the
new invention, the patent owner may have to obtain certain rights from the first patent holder.

ADVANTAGES OF PATENT LAW: Some of the more obvious advantages of patent law is that the patent
owner holds exclusive right to the invention and that others must pay either a license fee or obtain some
other type of right to produce or manufacture the patented item. Additionally a company may invent
something that is not necessarily useful to the company’s overall goals at the time, and then they would
have to decide whether the lengthy and sometimes expensive patent application process is in their best
interest.

COPYRIGHT LAW
The Copyright Act, established in 1976, is located in Title 17 of the U.S. Code, from sections 101 through
122. Copyright refers to laws that regulate the use of the work of a creator, such as an artist or author.
This includes copying, distributing, altering and displaying creative, literary and other types of work.
Unless otherwise stated in a contract, the author or creator of a work retains the copyright. Copyright
protects original works of authorship fixed in any tangible medium of expression, now known or later
developed, from which they can be perceived, reproduced, or otherwise communicated, either directly
or with the aid of a machine or device.

It defines the following as some examples of original works of authorship:

literary works;

musical works, including any accompanying words;

dramatic works, including any accompanying music;

pantomimes and choreographic works;

 pictorial, graphic, and sculptural works;

motion pictures and other audiovisual works;

sound recordings;

architectural works.

Copyright laws fully apply to virtually anything that is brought in digital form or published on the Internet.
In today’s dynamic electronic environment, copyright laws are no longer limited to the traditional works
of authorship

CYBER LAW
Cyber Law is the law governing cyber space. Cyber space is a very wide term and includes computers,
networks, software, data storage devices (such as hard disks, USB disks etc), the Internet, websites, emails
and even electronic devices such as cell phones, ATM machines etc.

Cyber law or Internet law is a term that encapsulates the legal issues related to use of the Internet. It is
less a distinct field of law than intellectual property or contract law, as it is a domain covering many areas
of law and regulation. Some leading topics include internet access and usage, privacy, freedom of
expression, and jurisdiction.

Law encompasses the rules of conduct:

1. that have been approved by the government, and

2. which are in force over a certain territory, and

3. which must be obeyed by all persons on that territory.

Cyber laws in India: The primary source of cyber law in India is the Information Technology Act, 2000 (IT
Act) which came into force on 17 October 2000. The primary purpose of the Act is to provide legal
recognition to electronic commerce and to facilitate filing of electronic records with the Government. The
IT Act also penalizes various cyber crimes and provides strict punishments (imprisonment terms up to 10
years and compensation up to Rs 1crore).

Advantages of cyber laws:

Information Technology is encapsulating all the aspects of life across the world. It has brought transition
from paper to the paperless world. With the increasing usage of internet in the world, the criminals are
also increasing in the field of information technology. The cyber criminals are able to use the software by
creating it themselves and manipulating it for their own benefits. It is happening only because of the
simplicity of crimes.
In order to maintain harmony and co-existence of people in the cyberspace, there is a need for a legal
program called as cyber laws.

Coming of the internet.

Complex legal issues arising leading to the development of cyber laws.

Different approaches for controlling , regulating and facilitating electronic communication and
commerce.

Internet requires an enabling and supportive legal infrastructure in tune with the times. Ecommerce
the biggest future of internet, can only be possible if we have the required legal infrastructure in place to
compliment its growth.

Since it touches almost all the aspects of transactions, and activities concerning the internet, the WWW
and cyberspace. Therefore, cyber laws are extremely important.

As such, the coming of the internet led to the emergence of numerous ticklish legal issues and problems
which necessitated the enactment of cyber law.

With the advent of Computers as a basic tool of Communication, Information Processing, Information
Storage, Physical Devices Control, etc., a whole new Cyber Society has come into existence. This Cyber
society operates on a virtual world created by Technology and it is the “Cyber Space Engineering” that
drives this world. In maintaining harmony and co-existence of people in this Cyber Space, there is a need
for a legal regime which is what we recognize as “Cyber laws”. Cyber Laws are the basic laws of a Society
and hence have implications on every aspect of the Cyber Society such as Governance, Business, Crimes,
Entertainment, Information Delivery, Education etc.

CYBER CRIMES
Computer crimes are called by different names, like cyber crime, e-crime or electronic crime. It refers to
any crime that involves a computer and a network, where the computers may or may not have played an
important role in the commission of the crime. Computer crimes includes a large range of potentially
illegal actions. However, cyber crimes can be categorized into either of the following categories: 1. Crimes
that are aimed for computer networks or devices directly. 2. Crimes assisted by computer networks or
devices, where the primary target of crime is free of the computer network or device.

SOFTWARE LICENSE
A software license is a legal instrument (usually by way of contract law, with or without printed material)
governing the use or redistribution of software. Under United States copyright law all software is copyright
protected, except material in the public domain. A typical software license grants an end-user permission
to use one or more copies of software in ways where such a use would otherwise potentially constitute
copyright infringement of the software owner's exclusive rights under copyright law. In addition to
granting rights and imposing restrictions on the use of software, software licenses typically contain
provisions which allocate liability and responsibility between the parties entering into the license
agreement. In enterprise and commercial software transactions these terms often include limitations of
liability, warranties and warranty disclaimers, and indemnity if the software infringes intellectual property
rights of others. Software licenses can generally be fit into the following categories: proprietary licenses
and free and open source.

SEMICONDUCTOR LAW
A semiconductor is a material which has electrical conductivity to a degree between that of a metal such
as copper and that of an insulator such as glass. Semiconductors are the foundation of modern solid
state electronics, including transistors, solar cells, light-emitting diodes (LEDs), quantum dots and digital
and analog integrated circuits.

The Semiconductor Chip Protection Act of 1984 (or SCPA) is an act of the US Congress that makes
the layouts of integrated circuits legally protected upon registration, and hence illegal to copy without
permission. It is an integrated circuit layout design protection law.