Strayer Information Security Legal Issues Assignment 3: Intellectual Property Laws and Security Measures
Due Week 7 and worth 80 points, 8 pages, 1423 Words
Intellectual property law is a major issue facing organizations, and many organizations have been fined significant amounts for violations of intellectual property law. As an information security manager in an IT consulting company, your executive management team is concerned about the potential intellectual property violations in the organization. To address these concerns, they have asked you to develop an intellectual property policy to implement within the organization.
Develop a two to four (2-4) page policy in which you:
1. Provide an overview of intellectual property law.
2. Describe who the policy applies to.
3. Create policy, standards, and guidelines concerning:
d. Ownership of company material
4. Develop intellectual property violation reporting procedures.
5. Develop intellectual property infringement ramifications.
6. Use at least three (3) quality resources in this assignment.
Describe three types of online contracts that people and organizations
commonly enter into on a frequent basis.
End User license Agreement (EUIA) is the most popular online contractual
agreement. It is usually a piece of software that someone buys or downloads.
This agreement helps to protect the software owner’s copyright. Clickwrap is
shown to the user when they are buying s/w from the internet. It comes in the
form of a popup windown where the user clicks “I Agree” to agree to the terms
of the contract before downloaded. Browsewrap is where the contract is listed
on the webpage itself and the user does not have to agree to the contract.
Compare and contrast the process of entering into online contracts with the
process of entering into face-to-face contracts.
Generally speaking, the rules for contracts is the same between online and hand
to hand. A contract is an agreement between people to sell goods or services.
The law assumes the parties know each other, which is most likely not true in
an online contract. There is usually no bargaining to take place and the parties
are usually in different geographical locations. What remains the same is that
both have an offer and acceptance to be a contract.
Describe the federal laws that address protecting an individual’ s PII.
Two primary laws (the Privacy Act of 1974 and the E-Government Act of
2002)give federal agencies responsibilities for protecting personal
informati.on,including ensuring its security. Additionally, the Federal
Information Security Management Act of 2002 (FISMA) requires agencies to
develop, document,and implement agency wide programs to provide security
for their information and information systems (which include personally
identifiable information and the systems on which it resides). The act also
requires the National Institute of Standards and Technology (NIST) to develop
technical guidance in specific areas, including minimum information security
requirements for information and information systems. And last but not least
are HIPAA, Gramm-Leach-Bliley Act and COPPA
HIP AA/HITECH – Health related information
GLBA- Financial information
Privacy Act – Fair Information Practices for PII held by Federal Agencies
COPPA- Protects children’s privacy by allowing parents to control what
information is collected
FERP A – Student’s personal information
FCRA – Collection and use of consumer information
Suggest three measures organizations and individuals should take to protect
Social Media and Privacy. Don’t post anything you wouldn’t want to see on a
billboard ad. Assume that everything you put on a social networking site is
permanent. Even if you can delete your account, anyone on the Internet can
easily print photos or text or save images and videos to a computer. Use tight
privacy controls to manage who can see your profile or photos.
Use Trusted Security Software Packages. An essential practice is to use trusted
security software packages (with anti-virus, personal firewall, anti-spam, and
spyware detection features) for those who engage in online activity, especially
financial transactions of any type.
Don’t Respond to Emails Requesting Personal Information. Legitimate entities
will not ask you to provide or verify sensitive information through a non-secure
means, such as email. Even though a web address in an email may look
legitimate, fraudsters can mask the true destination. Rather than merely
clicking on a link provided in an email, type the web address into the browser
yourself (or use a bookmark you previously created). Especially for financial
institutions (banks, credit card companies), if they actually need information
from you, call the company yourself- using a known, trusted number (e.g.
number on your credit/debit card, statement), not the one the email provides!
The bottom line is ‘be smart’. We constantly hear about breaches, scams, fraud,
etc. -you would have to be deaf, dumb and blind to not know some of the
common sense steps to protect personally identifiable information. Don’t give
out your bank account number, credit card numbers, social security numbers.
Don’t agree to send money for some ‘get rich quick’ scheme, if it is too good to
be true, it probably isn’t true. When you are at the bank, be watchful if someone
is paying a little bit to much attention to your transactions. Don’t carry your
social security card in your wallet or billfold. Check your credit report and
banking information on a regular basis. Make sure your doctor gives you a
privacy statement to read and sign at least once a year. Don’t leave your mail
laying in your car with your name, address facing up. Don’t post personal
information online. The list could go on and I sound paranoid, but in this day
and time it is wise to be a little paranoid.