This presentation highlights the key legal risks and their implications in cloud computing. Cloud is inherently multi-jurisdictional, encompassing, remote hosting and processing of the data. This gives rise to multiple legal issues including security and privacy of the data, IP Rights, data portability, contractual limitations, risk mitigation and jurisdictional disputes.
As the cloud involves remote hosting and data accessibility by multiple parties, security and privacy remains the biggest concern for the companies. Businesses should look at issues ranging from physical location of the data centers, protection of the data against any adversity and intrusion, and access rights management.
The cloud servers are often located in different countries, which results in trans- border Data Flow. Each country has its own set of legal rules and regulations regarding data protection and privacy policies and the same can bring in complications in form of conflicting laws and jurisdictional disputes. Issues pertaining to IP rights, trade secrets and ownership of the data placed in the cloud require utmost attention. Termination and exit clauses are critical to the contract in the clouds. Interoperability of the data in the event of termination of services of a vendor is an important aspect to be considered in the contracts.
Self-Protecting Information for De-Perimiterised Electronic RelationshipsJeremy Hilton
This presentation describes the results of a project (SPIDER) that has developed a proof-of-concept for fine-grained information access control, and communication of controls using a concept derived from Creative Commons called Protective Commons.
This paper describes how we implement our inherent Data leakage prevention program that enables your organisation prospective compliance from implementation day.
Self-Protecting Information for De-Perimiterised Electronic RelationshipsJeremy Hilton
This presentation describes the results of a project (SPIDER) that has developed a proof-of-concept for fine-grained information access control, and communication of controls using a concept derived from Creative Commons called Protective Commons.
This paper describes how we implement our inherent Data leakage prevention program that enables your organisation prospective compliance from implementation day.
USIP Presentation of ISR Mobile Land Dispute Resolutioninternetbar
This presentation was giving be the Internet Bar Organization on our Internet Silk Road Initiative at the USIP's panel, "Can You Help Me Now? Mobile Phones and Peacebuilding in Afghanistan."
Videos from the event and downloadable report are available at http://www.usip.org/events/can-you-help-me-now-mobile-phones-and-peacebuilding-in-afghanistan
A breakdown of the top misconceptions enterprises are facing when assessing the security levels of cloud computing environments, and the realities behind them
Trans Armor are you ready for the next level in security encryption in the credit card processing industry? Simplify your PCI DSS, Protect your customers, PROTECT YOUR BUSINESS!
We are now in mid of 2012. As predicted by many techno geeks, this year is phenomenal for IT related technologies including security, networking and web technologies. In April cloud war is started between two big rivals Microsoft & Google. Both making sure that its going to be secure and useful for smart phone users as well. With introduction of new such technologies we must ensure security over the web. Here HTTPS comes into picture and we brought this topic in CHMag's Mom's guide. Along with it topics like Steganography(Tech Gyan), a new toolkit - Kautilya(Tool Gyan), preventing SQL injections(Code Gyan) are covered.
If you have good write up and topic that you think people should know about it then please share with CHMag. Also if you have suggestions, feedback & articles, send it on info@chmag.in. Keep reading!!
USIP Presentation of ISR Mobile Land Dispute Resolutioninternetbar
This presentation was giving be the Internet Bar Organization on our Internet Silk Road Initiative at the USIP's panel, "Can You Help Me Now? Mobile Phones and Peacebuilding in Afghanistan."
Videos from the event and downloadable report are available at http://www.usip.org/events/can-you-help-me-now-mobile-phones-and-peacebuilding-in-afghanistan
A breakdown of the top misconceptions enterprises are facing when assessing the security levels of cloud computing environments, and the realities behind them
Trans Armor are you ready for the next level in security encryption in the credit card processing industry? Simplify your PCI DSS, Protect your customers, PROTECT YOUR BUSINESS!
We are now in mid of 2012. As predicted by many techno geeks, this year is phenomenal for IT related technologies including security, networking and web technologies. In April cloud war is started between two big rivals Microsoft & Google. Both making sure that its going to be secure and useful for smart phone users as well. With introduction of new such technologies we must ensure security over the web. Here HTTPS comes into picture and we brought this topic in CHMag's Mom's guide. Along with it topics like Steganography(Tech Gyan), a new toolkit - Kautilya(Tool Gyan), preventing SQL injections(Code Gyan) are covered.
If you have good write up and topic that you think people should know about it then please share with CHMag. Also if you have suggestions, feedback & articles, send it on info@chmag.in. Keep reading!!
Improving Cloud Security Using Data MiningIOSR Journals
Cloud computing is the use of computing resources (hardware and software) that are delivered as a
service over a network (typically the Internet). It does offer great level of flexibility but this advantage comes
with a drawback. With increase in sharing of data over web there is an increase in possibility of data being
subjected to malicious attacks. Attacker/Provider can extract sensitive information by analyzing the client data
over a long period of time. Hence the privacy and security of the user’s data is compromised. In this paper we
propose an efficient distributed architecture to mitigate the risks.
Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. A Pilot study on methodology and complexity of digital forensics and how digital forensics can be applied in a live environment without the loss or spoilage of valuable data and evidence.
Infrastructure Security by Sivamurthy HiremathClubHack
With the development of technology, the interdependence of various infrastructures has increased, which also enhanced their vulnerabilities. The National Information Infrastructure security concerns the nation’s stability and economic security. So far, the research in Internet security primarily focused on securing the information rather than securing the infrastructure itself.
The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber attacks we need immediate solutions for securing the Internet infrastructure. Given the prevailing threat situation, there is a compelling need to develop Hardware redesign architectures, Algorithms, and Protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. These attempts to fulfil this important step by providing classification of Security attacks are classified into four main categories: DNS hacking, Routing table poisoning, Packet mistreatment, and Denial-of-Service attacks. We are generally discussing on the existing Infrastructure solutions for each of these categories, and also outline a methodology for developing secured Nation.
Berif description on NAT, Internal VS External IP Addresses, IP Address Hiding, Perfect Cyber Crime, Proxy Server, Unblocking Websites, People Hacking, VPN and HTTP Tunneling
Introduction:
In the fast-evolving digital age of the 21st century, cybersecurity has emerged as a paramount concern for governments, businesses, and individuals. The Workshop on Cybersecurity is a comprehensive and immersive event designed to address the challenges posed by cyber threats and equip participants with the knowledge and tools to safeguard their digital assets. This workshop, to be held over five days, seeks to empower attendees with the latest insights and practices in cyber defense, fostering a culture of resilience and proactive security measures.
Day 1: Understanding the Cyber Landscape
The workshop commences with a deep dive into the complex cyber landscape that defines modern society. Distinguished experts from the cybersecurity field will present an overview of the ever-changing cyber ecosystem, highlighting its interconnectedness and vulnerabilities. Participants will gain valuable insights into the roles of governments, corporations, and individuals in shaping the cyber landscape.
Key topics covered will include the global impact of cyberattacks, the importance of international collaboration in countering cyber threats, and the significance of public-private partnerships. This foundational knowledge will serve as the basis for the subsequent discussions on cyber defense strategies.
Day 2: Unraveling Cyber Threats and Attack Vectors
Day two focuses on understanding the multitude of cyber threats and attack vectors that can target individuals and organizations. Renowned cybersecurity researchers will present real-life case studies of recent cyber incidents, ranging from nation-state-sponsored attacks to financially motivated hacking campaigns. Participants will gain a comprehensive understanding of the tactics employed by threat actors and the motivations behind their actions.
Through interactive sessions, attendees will be immersed in simulated cyber-attack scenarios, enabling them to identify and mitigate potential threats effectively. The day will emphasize the need for a proactive and adaptive approach to cybersecurity, as well as the importance of threat intelligence sharing to bolster collective defense capabilities.
Day 3: Building Robust Cyber Defense Strategies
Day three delves into the development and implementation of robust cyber defense strategies. Experts in the field will introduce participants to cutting-edge tools and technologies that can effectively detect, prevent, and respond to cyber threats. Topics covered will include advanced threat hunting techniques, next-generation firewalls, intrusion detection systems, and incident response best practices.
Participants will engage in practical workshops, enabling them to apply the newly acquired knowledge and skills to real-world scenarios. Emphasis will be placed on the importance of continuous monitoring, vulnerability management, and the establishment of an agile security infrastructure capable of adapting to emerging
This presentation will highlight the key legal issues associated with cloud computing and some implementation methods for minimizing or mitigating those risks.
There are numerous legal issues in cloud computing like operational, legislative or regulatory, security, third party contractual limitations, risk allocation or mitigation, and jurisdictional issues. Security, privacy and confidentiality remain the biggest concern for the data owner, as when the data is stored on the cloud the same might be accessible to multiple users. There is concern for its safety and protection of valuable data and trade secrets. Then there are intellectual property issues regarding ownership of and rights in information and services placed in the cloud.
Cloud Computing Webinar: Legal & Regulatory Update for 2012itandlaw
Cloud computing has revolutionized computing, providing organizations with the opportunity to outsource their computing capability to a third party provider of networks, servers, storage, applications or services located in multiple jurisdictions. This webinar explored the global legal and regulatory developments in cloud computing that have occurred during 2012
Using the Hedera Consensus Service with Hyperledger FabricHedera Hashgraph
- Webinar Recording: https://www.youtube.com/watch?v=elWRmHqRoww
Watch this on-demand webinar to learn how to get a Hyperledger Fabric network up and running with the Hedera Consensus Service. The Hedera team walks through how to create a Hyperledger Fabric network with the IBM Blockchain Platform using HCS for ordering transactions.
Developer resources mentioned in the webinar:
- Official IBM Blockchain Platform tutorial: https://github.com/IBM/Create-BlockchainNetwork-IBPV20
- HCS Hyperledger Fabric plugin repo: https://github.com/hyperledger-labs/pluggable-hcs/blob/master/first-network/README.md
- Hedera Getting Started tutorial: https://docs.hedera.com/guides/tutorials/getting-started-with-the-hedera-consensus-service-fabric-plugin
Slides for talk by Prof Chris Reed, Cloud Legal Project http://cloudlegalproject.org on who owns information in the cloud, at Cloud Computing: Legal, Organisational and Technological Issues conference, University of the West of England, on 23 February 2011, Bristol, UK.
The New Data Protection Regulation and Cookie ComplianceLewis Silkin
This presentation is from Lewis Silkin’s The New Data Protection Regulation and Cookie Compliance breakfast briefing on the 23 February 2012. Simon Morrissey, Lewis Silkin, and Meriel Lenfestey, Foolproof, look at the new Data Protection Regulations and some of the options available when thinking about cookie compliance and the end user experience.
You can visit http://www.lewissilkin.com for more information.
Mark Holland, Managing Partner, Baker Tilly Revas Limited
Understanding the security, credibility and flexibility of hosted suppliers and how to make sure the one you choose meets your needs.
Summarising Snowden and Snowden as internal threatClubHack
A quick lookback at snowden's revelation and also lookign at snowden as an insider threat
*This presentation end abruptly because during the talk it ends as food for thought and kickstart of next session*
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
What is FatCat Sql injector: This is an automatic SQL Injection tool called as FatCat.
Fatcat Purpose? : For testing your web application and exploit your application into more deeper.
FatCat Support:
1)Mysql 5.0
FatCat Features?
Union Based Sql Injection
Error Based Sql Injection
MOD Security Bypass (WAF)
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
The paper shall focus on the following:
The paper shall focus on the following:
1) Introduction to the problem: Focus on “security awareness”, not “behavior”
2) Real life case study of why a US$100, 000 “security awareness” project failed
a. Identifying the human component in information security risks
b. Addressing the human component using “awareness” and “behavior”
strategies
4) Sample real-life case studies where quantifiable change has been observed
Original research and Publications
The talk is modeled on the methodology HIMIS (Human Impact Management for Information
Security) authored by Anup Narayanan and published under “Creative Commons,
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
NFC or the Near Field Communication allows cell phones to perform specified actions whenever they detect NFC tags or signals from other NFC enabled device. Most of the recent phones including Samsung Galaxy S3, Nokia Lumia 610, Blackberry Bold etc have NFC enabled with them. NFC even helps enterprise/payment gateways to ease up users actions, such as connecting to a wifi, setting a bookmark, making payments etc.
Gone are the days of sending Android malware links through URL or attachments. In this talk, we will be showing how an attacker could steal the private and sensitive information from one’s phone and even perform malicious actions on user’s phone, using NFC as an attack vector. NFC attack vectors come in two forms : Active(setting attacker’s phone as a proxy between victim’s smartphone and the payment terminal) and Passive(using NFC tags).For our demonstrations, we would be creating malicious NFC tags which when detected by any smartphone(NFC enabled) would steal sensitive informations from the phones (without the users knowledge) as well as trick user to install malicious applications to his phone. Thereafter, we would also be talking about how an attacker could get in close proximity of another NFC-enabled phone, get a remote shell on the victim’s phone and compromise the phone’s security. We would also be discussing how viral an NFC attack could go in future, if proper security measures are not enforced.
Smart grids is an added communication capabilities and intelligence to traditional grids,smart grids are enabled by Intelligent sensors and actuators, Extended data management system,Expanded two way communication between utility operation system facilities and customers,Network security ,National integration ,Self healing and adaptive –Improve distribution and transmission system operation,Allow customers freedom to purchase power based on dynamic pricing ,Improved quality of power-less wastage ,Integration of large variety of generation options.
We have seen the more complex and critical infrastructure the more vulnerable they are. From the Year of 1994 we have seen lots of incidents where SmartGrid were Hacked the latest and booming incident was Stuxnet Worm which targeted Nuclear Power System of Iran and Worldwide.There are different types of Attacks we will see. Security needed for Smart Grid.
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
Today there is a flood of tools to help with the automation of active scanning and exploitation of web applications. Once you move beyond these two functions the flood reduces down to a trickle. Vulnerability hunting is a fine art that requires a knack for seeing hidden patterns and connections. Tests like hidden parameters guessing are seldom performed by even skilled testers because of the time and effort involved in preparing for and performing them. When was the last time you identified a piece of sensitive data hidden in plain sight because it was hex encoded in to a very inconsequential looking string?
Do you enumerate all possible avenues for stored XSS in an application? A lot of times checks are missed because there is no good tooling available to perform them effectively and efficiently. HAWAS is the tool you have been missing for a long time now. It is an open source tool that is designed for hybrid analysis. It performs automated passive analysis of a web application with no input from the user for some cases and with specific application specific input for some other cases. Based on the initial set of findings the user can perform further checks from within HAWAS. HAWAS will help you hugely increase your test coverage with very little additional effort.
Hacking and Securing iOS Applications by Satish BomissttyClubHack
iOS applications share common set of classes and highly depends on the operating system solutions for data communication, storage and encryption. Solely depending on the Apple implementation made them less complex but it affects security of the applications. Though iOS comes with a great set of security features like code signing, ASLR, DEP, sand boxing and Data Protection, all of them are subject to attack. Relying only on the iOS security could lead to demise the sensitive data stored within the application when the iOS is compromised. Application security can be improved by understanding the weaknesses in the current implementation and incorporating own code that work better.
The presentation illustrates several types of iOS application attacks like run time manipulation, custom code injection, SSL session hijacking and forensic data leakage. It gives an insight into the iOS Keychain & data protection API and explains the techniques to circumvent it. The presentation will provide guidelines and suggests best practices for secure iOS application development.
Critical Infrastructure Security by Subodh BelgiClubHack
Industrial Automation & Control Systems are an integral part of various manufacturing & process industries as well as national critical infrastructure. Concerns regarding cyber-security of control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to corporate networks. These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability and performance can preclude using contemporary cyber-security solutions. To address cyber-security issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. The session will highlight some of the latest cyber security risks faced by industrial automation and control systems along with essential security controls & countermeasures.
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
With the increased in security awareness it’s very difficult to compromise the network/workstation, as most of network administrator put very restrictive firewalll policy for incoming network traffic i.e. allow only traffic for http/https service and antivirus software can easily detect any virus/worm infected file. This talk is about content type attack that cannot be blocked at network perimeter/firewall and undetectable by antivirus. The discussion also includes demonstration of attack vector to compromise the system. At last it includes analysis of malicious file used to compromise the system.
Abstract of the paper;Cross site scripting (XSS) attacks are considered one of the most dangerous attacks. When an application accepts un-validated user inputs and sends it back to the browser without validation, it provides attackers with an opportunity to execute malicious scripts in victim users’ browsers. By using this attack vector, malicious users can hijack user accounts, deface websites, carry out phishing attacks etc .XSS shell is a cross domain tool to carry out XSS attack in more controlled manner. It is used to setup a channel between attacker and victim’s browser and controlling the victim’s browser.
It gives me immense pleasure to tell you that from 06-02-10 to 06-02-12 our magazine has completed two successful and rejoicing years. We at ClubHack are super excited! I hope you people are enjoying the magazine and would continue doing so it in the coming future too. We enjoy making this for you all.It is said that “A lot can happen over a cup of coffee”. We experienced this amazing moment over a cup of coffee when we had the idea of starting a hacking magazine and it now it has come all this way… :). 2 years looks small when we look back.For this incredible success we at ClubHack would like to thank all our readers, volunteers and authors for giving us such unbelievable support. As we want to keep up the growth and progress therefore we request you all to keep throwing in articles, suggestions, support and your love!
Coming to this issue we have Network Security in Tool Gyan which will put light on how to set up a secured network, Who wants to be a Millionaire in Tool Gyan, check out yourself of what exactly its all about ;)TOR in Mom's guide for all those who thought 'It sounds very complicated to use, I’m not a hacker! I can’t use it!' by our Author- Federico from Italy.
From this month’s issue we plan to start a new section on secure coding. This section will essentially focus on good coding practices and snippets to mitigate various vulnerabilities. To begin with we have an article on PHP based RFI/LFI vulnerability. I hope you will like reading it. We also have some cool articles on XSS attacks, ROT decoding and Matriux section.
Do send us your feedback on abhijeet@chmag.in this will help us improve further.
There was a time when mobile phones were of the size of a shoe and had no features other than calling and sms and at that time I used to play the game - Snake on my dads phone :p Now as the time has passed we have reached the age of smart phones which are capable of doing lot of stuff and world wide web of application causing serious concern where an attacker can use this platform to steal data. This issue of CHMag is dedicated Mobile/Telecom Hacking and Security.
The coverpage of this December issue was released at ClubHack 2011, India’s Pioneer International Hacking Conference held last week. Talking about ClubHack Conference, if you missed ClubHack here are the presentations available at - http://www.slideshare.net/clubhack and videos at http://www.clubhack.tv/event/2011/
We recently released CHMag's Collector's Edition Volume II. If you wish to buy the Collectors Editions (vol1 – from issue 1 to 10 & vol2- from issue 11 to 20), please write back to us: info@chmag.in. As of now its on demand printing.
Like the game - Snake, I have played lots of other games too which have reflected in the previous coverpages I have designed and yes I promise another awesome coverpage based on a game on the theme of android security which would be the theme for an upcoming issue, for which send in your articles to info@chmag.in
How Android Based Phone Helped Me Win American Idol (Elad Shapira)
Legal Nuances to the Cloud by Ritambhara Agrawal
1. LEGAL NUANCES TO THE CLOUD
CLUBHACK 2012
RITAMBHARA AGRAWAL
01 DECEMBER 2012
2. ISSUES, RISKS & MITIGATION
• Encryption of
• Security & Data
Privacy of Data • Define each
• Confidentiality Risks Party’s liability
• Ownership • Pre-contract
due-
• Liability
• Loss of Data diligence, contra
• Attacks ct
• Choice of Law
• Compliances negotiation, pos
• Disclosure of
• Contracts trade secrets t-contract
• Termination & monitoring, ter
• Recovery
Exit mination
• Data
• Jurisdiction • Right to Audit to
Segregation
check location &
• Portability compliances
Legal Issues • Sharing of Data
with 3rd Party
Mitigation
2
4. SECURITY & PRIVACY
Security & Privacy Physical Location of the data centers
Encryption of Data
Multi-tenant architecture
Adversity and intrusion
Data mining by the service provider
Access rights management
Different user data are usually stored
on a single virtual server
Multiple virtual servers run on a single
physical server
4
5. SERVICE LEVEL AGREEMENTS
Service Level Agreements Non-negotiable SLAs (often click wrap agreements)
If the SLA is non-negotiable, higher degree of
reporting should be integrated in the Agreement
Additional options for termination should be
available
Little opportunity to conduct due diligence
Strong limits on liability are included (including direct
liability)
Terms often subject to change without prior
intimation
Risk is usually shifted to user through provider
friendly agreements
5
6. MULTIPLE PARTIES
Involvement of multiple parties makes onus & liability shift on
one another
Multiple Parties
Liability of sub-contractors is often limited or disclaimed in
entirety
Lack of contractual privity makes it difficult to make the
provider accountable for any breach
Liability of provider for the acts of the sub-contractor
Right to conduct due diligence and to understand the model
of delivery of services should be given to the customer.
6
7. DATA PROTECTION, RIGHTS & USAGE
Data Protection & IP Rights Define data clearly, it’s not standard that all
data belongs to the customer
Specify ownership rights
Define rights granted and the restrictions to
monitor and access data by the provider
Third-party access to the data
Non-Disclosure Agreement with the service
provider
Ensuring no rights are transferred to the
service provider
Ensure if back up and transfer of data is
permitted
7
8. JURISDICTION
Cross-Border Data Flow Data flows across various borders
Cloud servers located in different countries, location of
data is uncertain
Complications of conflicting laws
Dispute can be subject to various countries legal system
Jurisdictional Issues & Dispute Resolution Mechanism
8
9. COMPLIANCES
Country and data specific compliances
The owner is equally liable as the service provider to
ensure compliance of law
Compliances
HIPPA, SOX, SAS 70 I & II, GLB, PCI DSS, FERPA and
State Laws
Eg. HIPPA mandates standard practices to ensure
security, confidentiality and data integrity for
healthcare-related data
Default in the respective compliances can bring in
legal implications
9
10. TERMINATION & EXIT
Termination & Exit Interoperability of data after termination
Data portability from one vendor another and bringing it
entirely back-in house
In case of exit, can the records be successfully accessed?
Can data be extracted from the cloud
Obligations of each party in case of exit
10
11. ATTACKS
Hacking, virus, malware disruptions, browser
attacks, tampering, network security attacks, SQL Injection
Attacks
Inducing threats, like data & network security, data locality, data
integrity, data access, data segregation
Authorization & authentication, data confidentiality, web
application security, data breaches, availability & back-up
11
12. CASE STUDIES- SONY
Attacks on Customers
Dozen data
Sony reusing
breaches, ong
Sony laid off Failure to PlayStation passwords, ris
oing customer
many of its protect over Network, Son ks from
relations
security 100 million y Online attackers
fallout &
personnel user records Entertainment accessing
class-action
& Sony their other
lawsuits.
Pictures accounts also
12
13. CASE STUDIES
• Spear-phishing attack leading to breach affecting it’s clients and
customer’s data
EPSILON • Approximately 60 million customer email addresses were breached
• Lesson: The Company outsourcing the job is equally responsible for
security of the customer data
• Hackers used SQL attack method to access the database that fed
the server hosting the site
• Exposing 4,50,000 usernames and passwords
YAHOO • Yahoo didn’t store the data in cryptographic form and left it in plain
text making it vulnerable to attack
• Hackers breached the site, stealing more than 6million customer’s
passwords, which were very lightly encrypted & posted them on a
LINKEDIN Russian hacker forum
13
14. MITIGATION OF RISK
• Evaluation of service provider’s security policy
Security • Encryption to protect confidentiality & integrity of data
• Suspected data breach must be addressed
• Identifying relative risks between the parties, like ownership of data, data
protection guidelines, trade secrets, indemnities, jurisdiction
• Pre-contract due-diligence, negotiable SLA
Contract • Planned & unplanned termination of the Agreement & return of data &
assets
• Liability of each party in the event of breach of contract
• Ownership of data
• Right to audit to check the compliances
Audit • To check the location of the data to ensure compliance of legal & statutory
provisions
14
15. Thank you
INDIA
A-42/6, Sector-62, Noida-201301
Tel: +91-0120-47040722, +91 -0120-4740700
Fax: + 91 11 2741 8595
USA
Suite 119, 2 Davis Drive, Research Triangle
Park, Durham (NC)-27709
Ph: 1 262 432 1718; Fax: 1 877 895 9706
E-mail: info@intelligere.in
www.intelligere.in
15