To make cybersecurity measures explicit, the written norms are required. These norms are known as cybersecurity standards. The standards may involve methods, guidelines, reference frameworks, etc.
Security standards ensures efficiency of security,
facilitates integration and interoperability, enables meaningful comparison of
measures, reduces complexity, and provide the structure for new developments.
A security standard is "a published
specification that establishes a common language, and contains a technical
specification or other precise criteria and is designed to be used
consistently, as a rule, a guideline, or a definition." The goal of
security standards is to improve the security of information technology (IT)
systems, networks, and critical infrastructures. The Well-Written cybersecurity
standards enable consistency among product developers and serve as a reliable
standard for purchasing security products.
Security standards are generally provided for all organizations
regardless of their size or the industry and sector in which they operate. This
section includes information about each standard that is usually recognized as
an essential component of any cybersecurity strategy.
1. ISO
ISO stands for International Organization for
Standardization. International Standards make things to work. These standards
provide a world-class specification for products, services and computers, to
ensure quality, safety and efficiency. They are instrumental in facilitating international
trade.
ISO 27000 Series
It is the family of information security standards
which is developed by the International Organization for Standardization and
the International Electrotechnical Commission to provide a globally recognized
framework for best information security management. It helps the organization
to keep their information assets secure such as employee details, financial
information, and intellectual property.
The need of ISO 27000 series arises because of the
risk of cyber-attacks which the organization face. The cyber-attacks are
growing day by day making hackers a constant threat to any industry that uses
technology.
The ISO 27000 series can be categorized into many
types. They are-
ISO 27001-
This standard allows us to prove the clients and stakeholders of any
organization to managing the best security of their confidential data and
information. This standard involves a process-based approach for establishing,
implementing, operating, monitoring, maintaining, and improving our ISMS.
ISO 27000-
This standard provides an explanation of terminologies used in ISO 27001.
ISO 27002-
This standard provides guidelines for organizational information security
standards and information security management practices. It includes the
selection, implementation, operating and management of controls taking into
consideration the organization's information security risk environment(s).
ISO 27005-
This standard supports the general concepts specified in 27001. It is designed
to provide the guidelines for implementation of information security based on a
risk management approach. To completely understand the ISO/IEC 27005, the
knowledge of the concepts, models, processes, and terminologies described in
ISO/IEC 27001 and ISO/IEC 27002 is required. This standard is capable for all
kind of organizations such as non-government organization, government agencies,
and commercial enterprises.
ISO 27032-
It is the international Standard which focuses explicitly on cybersecurity.
This Standard includes guidelines for protecting the information beyond the
borders of an organization such as in collaborations, partnerships or other
information sharing arrangements with clients and suppliers.
2. IT Act
The Information Technology Act also known as
ITA-2000, or the IT Act main aims is to provide the legal infrastructure in
India which deal with cybercrime and e-commerce. The IT Act is based on the
United Nations Model Law on E-Commerce 1996 recommended by the General Assembly
of United Nations. This act is also used to check misuse of cyber network and
computer in India. It was officially passed in 2000 and amended in 2008. It has
been designed to give the boost to Electronic commerce, e-transactions and
related activities associated with commerce and trade. It also facilitate
electronic governance by means of reliable electronic records.
IT Act 2000 has 13 chapters, 94 sections and 4
schedules. The first 14 sections concerning digital signatures and other
sections deal with the certifying authorities who are licenced to issue digital
signature certificates, sections 43 to 47 provides penalties and compensation,
section 48 to 64 deal with appeal to high court, sections 65 to 79 deal with
offences, and the remaining section 80 to 94 deal with miscellaneous of the
act.
3. Copyright Act
The Copyright Act 1957 amended by the Copyright
Amendment Act 2012 governs the subject of copyright law in India. This Act is
applicable from 21 January 1958. Copyright is a legal term which describes the
ownership of control of the rights to the authors of "original works of
authorship" that are fixed in a tangible form of expression.
An original work of authorship is a distribution of
certain works of creative expression including books, video, movies, music, and
computer programs. The copyright law has been enacted to balance the use and
reuse of creative works against the desire of the creators of art, literature,
music and monetize their work by controlling who can make and sell copies of
the work.
The copyright act covers the following-
- Rights
of copyright owners
- Works
eligible for protection
- Duration
of copyright
- Who
can claim copyright
The copyright act does not covers the following-
- Ideas,
procedures, methods, processes, concepts, systems, principles, or
discoveries
- Works
that are not fixed in a tangible form (such as a choreographic work that
has not been notated or recorded or an improvisational speech that has not
been written down)
- Familiar
symbols or designs
- Titles,
names, short phrases, and slogans
- Mere
variations of typographic ornamentation, lettering, or coloring
4. Patent Law
Patent law is a law that deals with new inventions.
Traditional patent law protect tangible scientific inventions, such as circuit
boards, heating coils, car engines, or zippers. As time increases patent law
have been used to protect a broader variety of inventions such as business
practices, coding algorithms, or genetically modified organisms. It is the
right to exclude others from making, using, selling, importing, inducing others
to infringe, and offering a product specially adapted for practice of the
patent.
5. IPR
Intellectual property rights is a right that allow
creators, or owners of patents, trademarks or copyrighted works to benefit from
their own plans, ideas, or other intangible assets or investment in a creation.
These IPR rights are outlined in the Article 27 of the Universal Declaration of
Human Rights. It provides for the right to benefit from the protection of moral
and material interests resulting from authorship of scientific, literary or
artistic productions. These property rights allow the holder to exercise a
monopoly on the use of the item for a specified period.
No comments:
Post a Comment