NEED FOR INFORMATION SECURITY POLICY

What is an information security policy?

An information security policy is a documented statement of rules and
guidelines that need to be followed by people accessing company data,
assets, systems, and other IT resources. The main purpose of an
information security policy is to ensure that the company’s
cybersecurity program is working effectively.

A security policy is a "living document" — it is continuously updated as

needed. It defines the “who,” “what,” and “why” regarding
cybersecurity. It’s different from a security procedure, which represents
the “how.” A security policy might also be called a cybersecurity policy,
network security policy, IT security policy, or simply IT policy.

The security policy doesn’t have to be a single document, though. A

more sophisticated, higher-level security policy can be a collection of
several policies, each one covering a specific topic. It’s quite common to
find several types of security policies bundled together.

What should be included in a security policy? For starters, information

security policies may consist of acceptable use, confidential data, data
retention, email use, encryption, strong passwords, wireless access, and
other types of security policies.

What are the benefits of information security

policies?
Why do we need to have security policies? Here are 5 reasons:

1. To define roles and responsibilities

A well-written security policy document should clearly answer the

question, “What does a security policy allow you to do?” It should
outline who is responsible for which task, who is authorized to do such a
job, what one employee can do and cannot do, and when each task
should be completed.
If security policies are in place, any onboarding employee can be quickly
acquainted with company rules and regulations. They define not only
the roles and responsibilities of employees but also those of other
people who use company resources (like guests, contractors, suppliers,
and partners).

2. To define accountability

Employees can make mistakes. What’s more, some mistakes can be

costly, and they can compromise the system in whole or in part. This is
one area where a security policy comes in handy. It outlines the
consequences for not following the rules.

Security policies are like contracts. They are to be acknowledged and

signed by employees. This means no employees shall be excused from
being unaware of the rules and consequences of breaking the rules.
Should an employee breach a rule, the penalty won’t be deemed to be
non-objective. Security policies can also be used for supporting a case
in a court of law.

3. To increase employee cybersecurity awareness

Security policies act as educational documents. They can teach

employees about cybersecurity and raise cybersecurity awareness.
The range of topics that can be covered by security policies is broad, like
choosing a secure password, file transfers, data storage, and accessing
company networks through VPNs.

4. To address threats

Security policies must tackle things that need to be done in addressing

security threats, as well as recovering from a breach or cyber attack
and mitigating vulnerabilities. The aspect of addressing threats also
overlaps with other elements (like who should act in a security event,
what an employee must do or not do, and who will be accountable in
the end).

5. To comply with regulations

Security policies also shape the company’s cybersecurity efforts,
particularly in meeting the requirements of industry standards and
regulations, like PCI, GDPR, HIPAA, or ISO/IEC 27002.

Why should security policies be developed?

Security policies form the foundations of a company’s cybersecurity
program. These policies are not only there to protect company data and
IT resources or to raise employee cyber awareness; these policies also
help companies remain competitive and earn (and retain) the trust of
their clients or customers. Think about this: if a bank loses clients’ data
to hackers, will that bank still be trusted? Eventually, companies can
regain lost consumer trust, but doing so is a long and difficult process.

Unfortunately, smaller-sized companies usually don’t have well-

designed policies, which has an impact on the success of their
cybersecurity program. In some cases, smaller or medium-sized
businesses have limited resources, or the company’s management may
be slow in adopting the right mindset. Many times, though, it’s just a
lack of awareness of how important it is to have an effective
cybersecurity program.

Creating a security policy, therefore, should never be taken lightly.

When developing security policies, the policymaker should write them
with the goal of reaping all five of the benefits described above.
Regardless of company size or security situation, there’s no reason for
companies not to have adequate security policies in place.

Cyber Laws (IT Law) in India




Cyber Law also called IT Law is the law regarding Information-technology including
computers and the internet. It is related to legal informatics and supervises the digital
circulation of information, software, information security, and e-commerce.
IT law does not consist of a separate area of law rather it encloses aspects of contract,
intellectual property, privacy, and data protection laws. Intellectual property is a key
element of IT law. The area of software license is controversial and still evolving in
Europe and elsewhere.
According to the Ministry of Electronics and Information Technology,
Government of India :

Importance of Cyber Law:

1. It covers all transactions over the internet.
2. It keeps eye on all activities over the internet.
3. It touches every action and every reaction in cyberspace.

Area of Cyber Law:

Cyber laws contain different types of purposes. Some laws create rules for how
individuals and companies may use computers and the internet while some laws
protect people from becoming the victims of crime through unscrupulous activities on
the internet. The major areas of cyber law include:
1. Fraud:
Consumers depend on cyber laws to protect them from online fraud. Laws
are made to prevent identity theft, credit card theft, and other financial
crimes that happen online. A person who commits identity theft may face
confederate or state criminal charges. They might also encounter a civil
action brought by a victim. Cyber lawyers work to both defend and
prosecute against allegations of fraud using the internet.

2. Copyright:
The internet has made copyright violations easier. In the early days of
online communication, copyright violations were too easy. Both companies
and individuals need lawyers to bring an action to impose copyright
protections. Copyright violation is an area of cyber law that protects the
rights of individuals and companies to profit from their creative works.

3. Defamation:
Several personnel uses the internet to speak their mind. When people use
the internet to say things that are not true, it can cross the line into
defamation. Defamation laws are civil laws that save individuals from fake
public statements that can harm a business or someone’s reputation. When
people use the internet to make statements that violate civil laws, that is
called Defamation law.

4. Harassment and Stalking:

Sometimes online statements can violate criminal laws that forbid
harassment and stalking. When a person makes threatening statements again
and again about someone else online, there is a violation of both civil and
criminal laws. Cyber lawyers both prosecute and defend people when
stalking occurs using the internet and other forms of electronic
communication.

5. Freedom of Speech:
Freedom of speech is an important area of cyber law. Even though cyber
 laws forbid certain behaviors online, freedom of speech laws also allows
people to speak their minds. Cyber lawyers must advise their clients on the
limits of free speech including laws that prohibit obscenity. Cyber lawyers
may also defend their clients when there is a debate about whether their
actions consist of permissible free speech.

6. Trade Secrets:
Companies doing business online often depend on cyber laws to protect
their trade secrets. For example, Google and other online search engines
spend lots of time developing the algorithms that produce search results.
They also spend a great deal of time developing other features like maps,
intelligent assistance, and flight search services to name a few. Cyber laws
help these companies to take legal action as necessary to protect their trade
secrets.

7. Contracts and Employment Law:

Every time you click a button that says you agree to the terms and
conditions of using a website, you have used cyber law. There are terms and
conditions for every website that are somehow related to privacy concerns.

Advantages of Cyber Law:

 Organizations are now able to carry out e-commerce using the legal
infrastructure provided by the Act.

 Digital signatures have been given legal validity and sanction in the Act.

 It has opened the doors for the entry of corporate companies for issuing
Digital Signatures Certificates in the business of being Certifying
Authorities.

 It allows Government to issue notifications on the web thus heralding e-

governance.

 It gives authority to the companies or organizations to file any form,

application, or any other document with any office, authority, body, or
agency owned or controlled by the suitable Government in e-form using
such e-form as may be prescribed by the suitable Government.

 The IT Act also addresses the important issues of security, which are so
critical to the success of electronic transactions.

 Cyber Law provides both hardware and software security.

OBJECTIVE AND SCOPE OF DIGITAL PERSONAL DATA PROTECTION

ACT 2023
What is the objective of Digital Personal Data Protection Act 2023?
[11th August, 2023.] An Act to provide for the processing of digital personal data in a
manner that recognises both the right of individuals to protect their personal data and
the need to process such personal data for lawful purposes and for matters
connected therewith or incidental thereto.

What is the scope of PDPA?

The PDPA covers all electronic and non-electronic personal data, regardless of
whether the personal data is true or false.

The 2023 act allows personal data to be processed for any lawful
purpose. The entity processing data can do so either by taking the
concerned individual's consent or for “legitimate uses,” a term that
has been explained in the law.

In early August 2023, the Indian Parliament passed the

Digital Personal Data Protection (DPDP) Act, 2023.1 The
new law is the first cross-sectoral law on personal data
protection in India and has been enacted after more
than half a decade of deliberations.2 The key question
this paper discusses is whether this seemingly
interminable period of deliberations resulted in a “good”
law—whether the law protects personal data adequately,
and in addition, whether it properly balances, as the
preamble to the law states, “the right of individuals to
protect their personal data” on one hand and “the need
to process such personal data for lawful purposes” on
the other.

FOR DETAILED KNOWLEDGE OF THIS ACT

FOLLOW THIS LINK
https://carnegieindia.org/2023/10/03/understanding-india-s-new-data-protection-law-pub-
90624#:~:text=The%202023%20act%20allows%20personal,processed%20for%20any%20lawful
%20purpose.&text=The%20entity%20processing%20data%20can,been%20explained%20in%20the
%20law.

INTELLECTUAL PROPERTY ISSUES

Top 5 intellectual property disputes

Intellectual property disputes are incredibly common. Find out what intellectual
property is and what your rights are.

Intellectual property disputes have become increasingly common in the digital age.
We are all exposed to more content than ever before, and sourcing is often murky.

Although intellectual-property infringement can be unintentional, it still unacceptable

under the eyes of the law. The most common examples of intellectual property
disputes include using another's words, images, or logo without the property owner's
permission.

Types of intellectual property

There are four main types of intellectual property: copyright, trademark, patent, and
trade secret. The term "intellectual property (sometimes called “IP" for short) covers
all types of intangible creations, but the type of protection that applies depends on the
specific type of work:

 Copyrights protect creative works that are either printed or digital. Common
examples that fall under copyright are literary works, images or photographs,
and movies.
 Trademarks protect a word, phrase, mark, symbol, or logo used to identify the
source of goods as a particular company — essentially, any branding. Think,
for example, of the apple on Apple computers.
  Patents protect inventions. Inventors may patent a process or method, a
machine, a manufactured article, or a new pharmaceutical.
 Trade secrets are just what they sound like—the inner workings of a business,
often protected by nondisclosure agreements signed by employees. Trade
secrets are common in the research and development industry and may include
formulas, client lists, and processes and methods. The recipe for Coca-Cola is
the classic example of a trade secret.

Note that some creations may be protected by more than one type of intellectual
property. A musical artist's body of work, for example, may included copyrighted
musical works as well as a trademark logo or design.

Examples of intellectual property disputes

The most common types of intellectual property disputes are likely to be related to
either copyright infringement, trademark infringement, or patent infringement. These
arise when individuals or businesses, including small businesses, discover that others
are using their intellectual property without permission:

 Copyright infringement: Someone has used your creative work—words or

images, most likely—without your permission. In this case, if you haven't
already registered your copyright with the U.S. Copyright Office, you should
consider doing so in order to recover damages in the federal court system.
 Trademark infringement: Someone is using the same word, phrase, mark,
symbol, or logo as you are using to sell similar products, potentially confusing
consumers. If you haven't registered your trademark yet, you would gain
additional legal protection by doing so. Forms and other
information on registering a trademark are available on the U.S. Patent and
Trademark Office's website.
 Patent infringement: Someone is making, using, selling, or offering to sell
something that contains every element of your patented claims. Because
patented inventions often contain several different parts and give rise to more
than one patent, an infringement claim could become complicated. To file a
patent or search for one, use the U.S. Patent and Trademark Office's website.
Trade secrets may also be the subject of an intellectual property dispute, although
these tend to arise in corporate contexts. That said, even small businesses can keep
trade secrets, so you shouldn't ignore this possibility if you are a business owner.

What are intellectual property

rights?
Intellectual property rights are the rights given to persons over the creations of
their minds. They usually give the creator an exclusive right over the use of his/her
creation for a certain period of time.
Intellectual property rights are customarily divided into two main areas:

The rights of authors of literary and artistic works (such as books and other writings, musical
compositions, paintings, sculpture, computer programs and films) are protected by copyright, for a
minimum period of 50 years after the death of the author.
Also protected through copyright and related (sometimes referred to as “neighbouring”) rights are the
rights of performers (e.g. actors, singers and musicians), producers of phonograms (sound recordings) and
broadcasting organizations. The main social purpose of protection of copyright and related rights is to
encourage and reward creative work.
(ii) Industrial property.back to top
Industrial property can usefully be divided into two main areas:

 One area can be characterized as the protection of distinctive signs, in particular trademarks
(which distinguish the goods or services of one undertaking from those of other undertakings)
and geographical indications (which identify a good as originating in a place where a given
characteristic of the good is essentially attributable to its geographical origin).

The protection of such distinctive signs aims to stimulate and ensure fair competition and to
protect consumers, by enabling them to make informed choices between various goods and
services. The protection may last indefinitely, provided the sign in question continues to be
distinctive.

 Other types of industrial property are protected primarily to stimulate innovation, design and
the creation of technology. In this category fall inventions (protected by patents), industrial
designs and trade secrets.

The social purpose is to provide protection for the results of investment in the development of
new technology, thus giving the incentive and means to finance research and development
activities.

A functioning intellectual property regime should also facilitate the transfer of technology in
the form of foreign direct investment, joint ventures and licensing.

The protection is usually given for a finite term (typically 20 years in the case of patents).
While the basic social objectives of intellectual property protection are as outlined above, it should also be
noted that the exclusive rights given are generally subject to a number of limitations and exceptions, aimed
at fine-tuning the balance that has to be found between the legitimate interests of right holders and of users.

PATENTS, COPYRIGHTS, TRADEMARKS

Trademark, patent, or copyright

Trademarks, patents, and copyrights are different types of intellectual property. The USPTO
grants patents and registers trademarks. The U.S. Copyright Office at the Library of Congress
registers copyrights. Use the IP Identifier to learn what kind of intellectual property you have.

Trademark Patent Copyr

What's A word, phrase, design, or a
legally combination that identifies
protected? your goods or services,
distinguishes them from the
goods or services of others,
and indicates the source of
your goods or services.
Technical inventions, such as chemical Artistic, literary, or int
compositions like pharmaceutical works, such as novels
drugs, mechanical processes like software code, photo
complex machinery, or machine paintings that are orig
designs that are new, unique, and tangible medium, suc
usable in some type of industry. film, or digital format

What's an Coca-Cola® for soft drinks A new type of hybrid engine Song lyrics to “Let It G
example? from "Frozen"

What are Protects the trademark from
the benefits being registered by others
of federal without permission and helps
protection? you prevent others from using
a trademark that is similar to
yours with related goods or
services.
Safeguards inventions and processes Protects your exclusiv
from other parties copying, making, reproduce, distribute
using, or selling the invention without display the created w
the inventor’s consent. other people from co
the creation without
holder’s permission.

Trademark or brand
A brand is a marketing concept that encompasses how people feel about your product or service.
Customers associate certain elements with different brands, such as reputation, image, and
emotion. For example, a certain brand might have been developed to encourage you to feel
confident, calm, or secure.

On the other hand, a federal trademark registration can provide nationwide legal protection for
your brand in connection with particular goods or services. It is your choice whether to protect
your brand under trademark law. Many business owners choose to protect their brand names for
their main or dominant goods or services. You might also choose to protect a slogan or logo for
those goods or services, if you have one.
Deciding what you want to protect and to what extent is up to you. You can have a brand, but
decide not to protect that brand by registering it as a trademark. If you choose not to register
your brand as a trademark, however, anyone could misuse your brand or create a brand so
similar to yours that people can’t tell the difference between them. So, even if consumers want to
purchase your products or services because they trust your brand’s reputation, that customer
might purchase someone else’s by mistake because they can’t tell the difference between the
trademarks.

DISCLAIMER: References to particular trademarks, service marks, certification marks, products,

services, companies, or organizations appearing on this page are for illustrative and educational
purposes only and do not constitute or imply endorsement by the U.S. government, the U.S.
Department of Commerce, the U.S. Patent and Trademark Office, or any other federal agency.