Uploaded by Mutwiri Alex

Order 899465 - Cyberlaw, Regulations, and Compliance

advertisement
Running head: CYBERLAW, REGULATIONS, AND COMPLIANCE
Cyberlaw, Regulations, and Compliance
Name
Institution
1
CYBERLAW, REGULATIONS, AND COMPLIANCE
Cyberlaw, Regulations, and Compliance
1. Introduction
After analyzing the Service Level Agreement (SLA) I have found out that standard IT
security measures were not considered. Hence, this document seeks to recommend changes to
certain sections of the SLA to safeguard Finman’s data security and protect its intellectual
property rights as well as customers’ and the vendors’ (Minertek and Datanal) rights. ISO
(International Organization of Standards), ITIL (Information Technology Infrastructure Library),
National Institute of Standards and Technology guidelines, and BMP (Best Management
Practices) form the basis of the new recommendations. Finman seeks to govern the utilization,
security, and disposal of data that might be collected or created by Datanal and Minertek. The
recommendations seek to address the sharing or ownership of intellectual property that might be
divulged or created during the execution of the agreement.
2. Section 3: Background and Rationale Modifications:
The following section will be added in Section 3 of the SLA as a supporting paragraph to
safeguard Finman’s intellectual property and data security.
“A review of all current network authentication protocols, hardware systems, and applications
will be done to facilitate asset consolidation. Datanal will use the group policies (GP) and the
ACL (Access Control List) to allocate the permission to the uses as well as authenticating users’
access requests. They will also establish a TPV (Third party verification) process to satisfy the
industry standards. Besides, Datanal will ensure there is a data backup storage to allow easy
retrieval in case of emergency. The policies being implemented must adhere to fair trade
2
CYBERLAW, REGULATIONS, AND COMPLIANCE
agreements, International Trade Agreements, Federal patent laws, and copyright laws. The
move is meant to guarantee the integrity and confidentiality of the data.”
Information Security Management System
The SLA must include an Information Security Management System section that
stipulates:
“Finman will deploy, maintain, and monitor ISMS (Information Security Management System) in
partnership with Minertek and Datanal. The ISMS will help in guaranteeing the security of
property rights and data; besides, it will be modeled based on the ISO/IEC 27001:2013
international standard.”
Exclusivity
An Exclusivity section will replace the Non-Exclusivity section and it will state the
following:
“This agreement shall be deemed exclusive to Minertek, Datanal, and Finman. Any use of the
third party hardware or information ought to be sanctioned by Finman before being used.”
Confidential Information and Intellectual Property
The SLA must also include a Confidential Information and Intellectual Property section
which stipulates as follows:
“All trade secrets and/or intellectual property created during implementation of this agreement
by Minertek, Datanal, among other third parties will be considered as an exclusive property of
Finman unless otherwise stated. Trade secrets, intellectual property, and confidential
3
CYBERLAW, REGULATIONS, AND COMPLIANCE
information will not be disclosed, shared, or communicated with Finman’s customers or other
third parties without Finman’s approval.”
Security
The SLA must also include a Security section which stipulates that:
“All access to Finman’s and customers’ data will be restricted to systems and persons with
specific approval and need. An access control list (ACL) will be used to control such access
subject to approval by all parties in the agreement and quarterly evaluations.
All data including collected and generated will be backed up and retained as per Finman’s
Record Retention and Disposal Policy. The data will be saved on suitable media considering its
sensitivity and frequency of use. Media destruction and data deletion methods need to ensure the
media or media is render unusable or unreadable. The media use, sanitization, and destruction
follow guidelines as stated in NIST Special Publication 800-88 Revision 1.”
Training
The SLA will include a Training Section that states that:
“All employees from Minertek, Datanal, and accredited third parties with access to sensitive
data or customers must undergo a mandatory and comprehensive training. The training will
cover policies on the use, sharing, retention, and disposal of data; requirements to protect
sensitive data; any apposite legal compliance; and lastly, expectations and limitations of
approved levels of access.”
4
CYBERLAW, REGULATIONS, AND COMPLIANCE
3. Section 4: Statement of Intent Modifications
Finman prefers the implementation of the best data security techniques which restrict the
use, sharing, retention, and disposal of its corporate data by Datanal or Minertek. Hence, in
Section Four (at the end of the paragraph) the following statement will be inserted:
“The state-of-the-art Information Technology Security Management (ITSM) processes like data
encryption, threat management/Antivirus detection, vulnerability management, security auditing,
and customer awareness will be relied upon to manage and stop any abuse or misuse of
Finman’s IT resources.”
4. Justifying how the recommendations will limit use, sharing, retention, and
destruction of Finman’s corporate data by Datanal and Minertek.
The recommendations made above to the SLA will be very beneficial since they will
create awareness among all users about the different network assets. Such awareness efforts will
entail training on information assurance (IA) and threat prevention (Clinch, 2013). The users
who will participate in the AI training will be required to submit an agreement form which will
include duties and responsibilities related to access during the training period. Besides, the form
will stipulate all the penalties when a person breaches the terms and conditions indicated in the
form. Datanal will be responsible for providing training resources and documentation to Finman.
Furthermore, the recommendations will strengthen the risk management process since
they create a strong data backup, recovery, and audit process strategies (Clinch, 2013). Thirdly,
the routers, firewalls, IDS, proxy, firewalls, and other such hardware devices must be deployed
on all sites to protect or insure the system against external threats. The entire system will be
assessed for IPv6 support (Hiles, 2012). A change management process will also be required to
5
CYBERLAW, REGULATIONS, AND COMPLIANCE
facilitate any changes to the current systems and related documentation. Lastly, the agreement
will include the model of ‘Vendors Manufacturing Agents or Partners.’ With regards to the
Information Security Management System (ISMS) process, each of the Finman’s branches will
be considered as a partner; hence, they will equally participate in the process to strongly protect
the company.
5. Justifying how the recommendations will assure that Finman’s property, patents,
copyrights, and other proprietary rights are protected.
The Information Security Management System (ISMS) is based on three concepts or
tenets namely integrity, confidentiality, and availability. Thus, implementing the TPV, ACL, and
GP will operationalize the ISMS. The Microsoft AD will be used to host or implement the TPV,
ACL, and GP since it can be integrated across the company’s WAN and LAN; besides, the
administrators can access the software remotely (Whalen, 2015). The ACL will stop any user
from accessing a network area that he/she has not been authorized to access. The GP will be
relied upon to manage the users’ permissions while VPN (virtual private network) will be used
for offsite access and would be restricted solely to Finman and Datanal computers.
Any wireless accessibility will be restricted in scope to Finman properties only; in
addition, a WPA2 encryption will be integrated. The SLA modifications are intended to allow
Finman and Datanal to adhere to federal laws and international standards for IT security. Thus,
the state-of-the-art security system will allow Finman to protect its copyrights, patents, and
property rights among other proprietary rights. A revised SLA provides a manageable framework
that strengthens Finman, Minertek, and Datanal relationship.
6
CYBERLAW, REGULATIONS, AND COMPLIANCE
6. Conclusion
The recommendations seek to expound how intellectual property and data protection are
the primary concerns for Finman. The company seeks to ensure that its data is not used, shared,
or disposed of in a way that might likely expose the company to high risks. The certainty of
ownership of future and current intellectual property is also attainable. Considering the
justifications, Finman must ensure all the recommendations and related modifications are
considered and adopted in the revised SLA to protect intellectual property rights and data
security.
7
CYBERLAW, REGULATIONS, AND COMPLIANCE
References
Clinch, J. (2013). Best Management Practice. ITIL V3 and Information Security. Retrieved from
https://goo.gl/E43osX. Retrieved on February 03, 2018
Hiles, A. (2012). E-business service level agreements strategies for service providers, ecommerce and outsourcing. Brookfield, Conn: Rothstein Catalog On Service Level
Books.
Whalen, P. J., & Hsieh, P. (2015). Protecting intellectual property in outsourcing deals.
Retrieved from American Bar Association website: https://goo.gl/oyK4dk
8
Download
Random flashcards
Arab people

15 Cards

Radiobiology

39 Cards

Nomads

17 Cards

African nomads

18 Cards

Create flashcards