Home | About Us | Our Team | Careers | Support | TrainingKnowledge Base | Contact Us
     
 
Google
 
WWW
samdisha.com
 
Knowledge Base

       
       
       
       
 
 

Security of Intellectual Property in India

Topic: Support

5 Company perspective
Looking at the above threats & legal provisions, the software companies should adopt the fol-lowing approach.

5.1 Security Policy development
Security policy document is the basis of any organization’s security map. The policy document should cover diversified business functions, processes and should specify appropriate controls. It should be reviewed and certified by competent authorities.

The security policy would cover following areas:

  • Management controls
  • Physical access controls
  • Communications and operation management controls
  • Network management guidelines
  • Application access control
  • Network Operating System Security
  • Intrusion Detection and Response
  • Firewall policy
  • Email policy
  • Internet access policy
  • User Access policy
  • Security Incident Handling procedures
  • Third Party Network Connections policy
  • Back up and Storage policy
  • Business Continuity policy
  • Network security design and implementation

Secure IT infrastructure needs a well planned secure architecture that encompasses every component of the infrastructure. This includes the network components, Internet access de-vices, security systems like firewall and IDS, operating systems, enterprise applications and user desktops.
Architecting a secure infrastructure essentially requires understanding of integrating the com-ponent security with rest of the enterprise.

5.2 Vulnerability assessment and fixing
Any component in the IT infrastructure is vulnerable to security attacks if not properly pro-tected and continuously monitored. Depending on the asset, potential risk of impact of security compromise may vary. Depth of security implementation would depend on the risk associated with the asset and the cost of security.

For any security implementation, vulnerability assessment would be crucial in identifying the security vulnerabilities and scope of security implementation. Different systems have vulner-abilities against different types of attack that can be virus attack, denial of service attack, spoofing attack etc.
This task covers –
Our deliverables are as follows:

  • Enumeration of the hosts, components and services available on the network or sys-tems.
  • Vulnerability analysis to detect the potential vulnerabilities.
  • Vulnerability measurement and data collection to identify methods of entry into an or-ganization’s corporate network through exploitation of network vulnerabilities.
  • Generation of executive report enlisting the vulnerabilities identified and its classifica-tion based onto the potential risks assessed.
  • Data analysis and security design review to compare test results with current opera-tional requirements.
  • Gap analysis between the existing security policy and the security implemented.
  • Recommendations to the fix the vulnerable system and mitigating the risks.

5.3 Security provisions
Apart from the above, following must be planned & managed

  • Configuration Management
  • Backup and disaster management
  • Upgrades and patch management
  • Log monitoring and analysis
  • Trend analysis
  • Incident handling and response
  • Detailed reporting
  • Periodic testing
  • Training of staff

6 Further references

  1. WTO / TRIPS - http://www.wto.org/english/tratop_e/trips_e/t_agm0_e.htm (Link for the TRIPS Agreement: TRIPS Agreement is Annex1C of the Marrakesh Agreement Establishing the World Trade Organisation, signed in Marrakesh, Morocco on 15th April, 1994).
  2. National Seminar on WIPO Copyright and Performances and Phonograms Treaties, or-ganized by Ministry of Human Resources Development, Govt. of India in collaboration with Na-tional Law School of Indian University, Bangalore and Indian Institute of Technology, Delhi, New Delhi, Feb. 1997. Particular papers/presentations made by (i) Dr. R.V. Vaidyanathan Ay-yar, Additional Secretary, MHRD and Leader of the Indian Delegation to WIPO Diplomatic Con-ference and (ii) Dr. N.S. Gopalakrishnan, National Law School of Indian University.
  3. Digital Technology, Copyright Protection and WIPO Treaties Achievements and Future Agenda particularly w.r.t. Software, Dr. A.K. Chakravarti, in the above seminar, New Delhi Feb. 1997.
  4. Intellectual Property Rights in the Ensuing Global Digital Economy, A.S.A. Krishnan & A.K. Chakravarti, Electronics- Information & Planning, August 1997. Reprinted in Journal of Intellectual Property Rights, National Institute of Science Communication, Vol. 3, Jan. 1998.
  5. Electronic Copyright Management System, A.S.A. Krishnan & A.K. Chakravarti, Elec-tronics- Information & Planning, August 1997.
Prev  
 © Copyright Samdisha Software Research & Development  Center Pvt. Ltd.-2004