Running head: CYBERLAW, REGULATIONS, AND COMPLIANCE Cyberlaw, Regulations, and Compliance Name Institution 1 CYBERLAW, REGULATIONS, AND COMPLIANCE Cyberlaw, Regulations, and Compliance 1. Introduction After analyzing the Service Level Agreement (SLA) I have found out that standard IT security measures were not considered. Hence, this document seeks to recommend changes to certain sections of the SLA to safeguard Finman’s data security and protect its intellectual property rights as well as customers’ and the vendors’ (Minertek and Datanal) rights. ISO (International Organization of Standards), ITIL (Information Technology Infrastructure Library), National Institute of Standards and Technology guidelines, and BMP (Best Management Practices) form the basis of the new recommendations. Finman seeks to govern the utilization, security, and disposal of data that might be collected or created by Datanal and Minertek. The recommendations seek to address the sharing or ownership of intellectual property that might be divulged or created during the execution of the agreement. 2. Section 3: Background and Rationale Modifications: The following section will be added in Section 3 of the SLA as a supporting paragraph to safeguard Finman’s intellectual property and data security. “A review of all current network authentication protocols, hardware systems, and applications will be done to facilitate asset consolidation. Datanal will use the group policies (GP) and the ACL (Access Control List) to allocate the permission to the uses as well as authenticating users’ access requests. They will also establish a TPV (Third party verification) process to satisfy the industry standards. Besides, Datanal will ensure there is a data backup storage to allow easy retrieval in case of emergency. The policies being implemented must adhere to fair trade 2 CYBERLAW, REGULATIONS, AND COMPLIANCE agreements, International Trade Agreements, Federal patent laws, and copyright laws. The move is meant to guarantee the integrity and confidentiality of the data.” Information Security Management System The SLA must include an Information Security Management System section that stipulates: “Finman will deploy, maintain, and monitor ISMS (Information Security Management System) in partnership with Minertek and Datanal. The ISMS will help in guaranteeing the security of property rights and data; besides, it will be modeled based on the ISO/IEC 27001:2013 international standard.” Exclusivity An Exclusivity section will replace the Non-Exclusivity section and it will state the following: “This agreement shall be deemed exclusive to Minertek, Datanal, and Finman. Any use of the third party hardware or information ought to be sanctioned by Finman before being used.” Confidential Information and Intellectual Property The SLA must also include a Confidential Information and Intellectual Property section which stipulates as follows: “All trade secrets and/or intellectual property created during implementation of this agreement by Minertek, Datanal, among other third parties will be considered as an exclusive property of Finman unless otherwise stated. Trade secrets, intellectual property, and confidential 3 CYBERLAW, REGULATIONS, AND COMPLIANCE information will not be disclosed, shared, or communicated with Finman’s customers or other third parties without Finman’s approval.” Security The SLA must also include a Security section which stipulates that: “All access to Finman’s and customers’ data will be restricted to systems and persons with specific approval and need. An access control list (ACL) will be used to control such access subject to approval by all parties in the agreement and quarterly evaluations. All data including collected and generated will be backed up and retained as per Finman’s Record Retention and Disposal Policy. The data will be saved on suitable media considering its sensitivity and frequency of use. Media destruction and data deletion methods need to ensure the media or media is render unusable or unreadable. The media use, sanitization, and destruction follow guidelines as stated in NIST Special Publication 800-88 Revision 1.” Training The SLA will include a Training Section that states that: “All employees from Minertek, Datanal, and accredited third parties with access to sensitive data or customers must undergo a mandatory and comprehensive training. The training will cover policies on the use, sharing, retention, and disposal of data; requirements to protect sensitive data; any apposite legal compliance; and lastly, expectations and limitations of approved levels of access.” 4 CYBERLAW, REGULATIONS, AND COMPLIANCE 3. Section 4: Statement of Intent Modifications Finman prefers the implementation of the best data security techniques which restrict the use, sharing, retention, and disposal of its corporate data by Datanal or Minertek. Hence, in Section Four (at the end of the paragraph) the following statement will be inserted: “The state-of-the-art Information Technology Security Management (ITSM) processes like data encryption, threat management/Antivirus detection, vulnerability management, security auditing, and customer awareness will be relied upon to manage and stop any abuse or misuse of Finman’s IT resources.” 4. Justifying how the recommendations will limit use, sharing, retention, and destruction of Finman’s corporate data by Datanal and Minertek. The recommendations made above to the SLA will be very beneficial since they will create awareness among all users about the different network assets. Such awareness efforts will entail training on information assurance (IA) and threat prevention (Clinch, 2013). The users who will participate in the AI training will be required to submit an agreement form which will include duties and responsibilities related to access during the training period. Besides, the form will stipulate all the penalties when a person breaches the terms and conditions indicated in the form. Datanal will be responsible for providing training resources and documentation to Finman. Furthermore, the recommendations will strengthen the risk management process since they create a strong data backup, recovery, and audit process strategies (Clinch, 2013). Thirdly, the routers, firewalls, IDS, proxy, firewalls, and other such hardware devices must be deployed on all sites to protect or insure the system against external threats. The entire system will be assessed for IPv6 support (Hiles, 2012). A change management process will also be required to 5 CYBERLAW, REGULATIONS, AND COMPLIANCE facilitate any changes to the current systems and related documentation. Lastly, the agreement will include the model of ‘Vendors Manufacturing Agents or Partners.’ With regards to the Information Security Management System (ISMS) process, each of the Finman’s branches will be considered as a partner; hence, they will equally participate in the process to strongly protect the company. 5. Justifying how the recommendations will assure that Finman’s property, patents, copyrights, and other proprietary rights are protected. The Information Security Management System (ISMS) is based on three concepts or tenets namely integrity, confidentiality, and availability. Thus, implementing the TPV, ACL, and GP will operationalize the ISMS. The Microsoft AD will be used to host or implement the TPV, ACL, and GP since it can be integrated across the company’s WAN and LAN; besides, the administrators can access the software remotely (Whalen, 2015). The ACL will stop any user from accessing a network area that he/she has not been authorized to access. The GP will be relied upon to manage the users’ permissions while VPN (virtual private network) will be used for offsite access and would be restricted solely to Finman and Datanal computers. Any wireless accessibility will be restricted in scope to Finman properties only; in addition, a WPA2 encryption will be integrated. The SLA modifications are intended to allow Finman and Datanal to adhere to federal laws and international standards for IT security. Thus, the state-of-the-art security system will allow Finman to protect its copyrights, patents, and property rights among other proprietary rights. A revised SLA provides a manageable framework that strengthens Finman, Minertek, and Datanal relationship. 6 CYBERLAW, REGULATIONS, AND COMPLIANCE 6. Conclusion The recommendations seek to expound how intellectual property and data protection are the primary concerns for Finman. The company seeks to ensure that its data is not used, shared, or disposed of in a way that might likely expose the company to high risks. The certainty of ownership of future and current intellectual property is also attainable. Considering the justifications, Finman must ensure all the recommendations and related modifications are considered and adopted in the revised SLA to protect intellectual property rights and data security. 7 CYBERLAW, REGULATIONS, AND COMPLIANCE References Clinch, J. (2013). Best Management Practice. ITIL V3 and Information Security. Retrieved from https://goo.gl/E43osX. Retrieved on February 03, 2018 Hiles, A. (2012). E-business service level agreements strategies for service providers, ecommerce and outsourcing. Brookfield, Conn: Rothstein Catalog On Service Level Books. Whalen, P. J., & Hsieh, P. (2015). Protecting intellectual property in outsourcing deals. Retrieved from American Bar Association website: https://goo.gl/oyK4dk 8