An overview of the basics of US copyright law for entrepreneurs, business people, and creative professionals. "What Is a Copyright?" includes the following:
A brief definition of copyright.
Definitions of the other forms of intellectual property (trademark, patent, and trade secrets).
How copyrights are acquired.
What rights go along with a copyright.
Copyright registration.
For more information, please go to LizerbramLaw.com
The document discusses copyright infringement under Indian law. It provides information on the duration of copyright protection for different types of works, the exclusive rights granted to copyright holders, and remedies available against infringement. It summarizes a key copyright infringement case between music label T-Series and music search engine Guruji.com, where Guruji was found to have infringed copyright by promoting pirated music links. Criminal remedies against Guruji included the arrest of its CEO and employees, and seizure of company equipment.
Copyright law protects original creative works such as literature, art, music, films, and software. It grants creators exclusive rights over their work, usually for a limited time, including rights to copy, distribute, adapt, and financially profit from the work. Fair use allows limited use of copyrighted works for purposes like criticism, commentary, news reporting, teaching, and research. Infringing on a copyright can result in fines of up to $150,000 per work. Works enter the public domain when copyright expires or if created by the US government. To register a copyright, submit an application, fee, and copies of the work to the US Copyright Office.
This presentation begins with a brief introduction of the history and goals behind copyright. It then explores some of the basics of copyright, including questions about copyright eligibility, copyright duration, registration, obtaining copyright permissions and its distinction from other intellectual property rights (patent, trademark) and plagiarism. Finally, considerable time is spent discussing copyright law's Fair Use Exemption, one of the more confusing -- yet most important -- issues in copyright for student journalists. The presentation includes a number of true-to-life examples that should help students understand where the legal boundaries lie.
This document is the Evidence Act of 1872 from Bangladesh. It consolidates, defines, and amends the laws of evidence in Bangladesh. Some key points:
- It extends to all judicial proceedings in all courts in Bangladesh except for certain military courts.
- It defines important terms related to evidence like "court", "fact", "relevant", "facts in issue", "document", "evidence", "proved", etc.
- It discusses what facts can be submitted as evidence, including facts in issue and other relevant facts. Only facts declared relevant by this act can be submitted as evidence.
Copyright is a legal right that protects original works of authorship including literary, dramatic, musical, and artistic works. It allows the creator to control the use of his/her work for a certain time period. The Copyright Act of 1957 governs copyright laws in India and has been amended several times, including in 1984, 1992, 1999, and 2012 to address issues like video piracy and comply with international treaties. Copyright protection in India lasts for 60 years for most works after the death of the creator or publication depending on the type of work.
An overview of the basics of US copyright law for entrepreneurs, business people, and creative professionals. "What Is a Copyright?" includes the following:
A brief definition of copyright.
Definitions of the other forms of intellectual property (trademark, patent, and trade secrets).
How copyrights are acquired.
What rights go along with a copyright.
Copyright registration.
For more information, please go to LizerbramLaw.com
The document discusses copyright infringement under Indian law. It provides information on the duration of copyright protection for different types of works, the exclusive rights granted to copyright holders, and remedies available against infringement. It summarizes a key copyright infringement case between music label T-Series and music search engine Guruji.com, where Guruji was found to have infringed copyright by promoting pirated music links. Criminal remedies against Guruji included the arrest of its CEO and employees, and seizure of company equipment.
Copyright law protects original creative works such as literature, art, music, films, and software. It grants creators exclusive rights over their work, usually for a limited time, including rights to copy, distribute, adapt, and financially profit from the work. Fair use allows limited use of copyrighted works for purposes like criticism, commentary, news reporting, teaching, and research. Infringing on a copyright can result in fines of up to $150,000 per work. Works enter the public domain when copyright expires or if created by the US government. To register a copyright, submit an application, fee, and copies of the work to the US Copyright Office.
This presentation begins with a brief introduction of the history and goals behind copyright. It then explores some of the basics of copyright, including questions about copyright eligibility, copyright duration, registration, obtaining copyright permissions and its distinction from other intellectual property rights (patent, trademark) and plagiarism. Finally, considerable time is spent discussing copyright law's Fair Use Exemption, one of the more confusing -- yet most important -- issues in copyright for student journalists. The presentation includes a number of true-to-life examples that should help students understand where the legal boundaries lie.
This document is the Evidence Act of 1872 from Bangladesh. It consolidates, defines, and amends the laws of evidence in Bangladesh. Some key points:
- It extends to all judicial proceedings in all courts in Bangladesh except for certain military courts.
- It defines important terms related to evidence like "court", "fact", "relevant", "facts in issue", "document", "evidence", "proved", etc.
- It discusses what facts can be submitted as evidence, including facts in issue and other relevant facts. Only facts declared relevant by this act can be submitted as evidence.
Copyright is a legal right that protects original works of authorship including literary, dramatic, musical, and artistic works. It allows the creator to control the use of his/her work for a certain time period. The Copyright Act of 1957 governs copyright laws in India and has been amended several times, including in 1984, 1992, 1999, and 2012 to address issues like video piracy and comply with international treaties. Copyright protection in India lasts for 60 years for most works after the death of the creator or publication depending on the type of work.
Law, Science & Technology: Copyright & related rights (1 of 2)
- History & developments
- Legal sources
- Copyright harmonization
- Subject matter
- Concept of originality
- Exhaustion + case study
Slide 5: Push and pull relation between technology and copyright
Slide 6: 1450 Invention of printing press
Slide 8: Statute of Ann (1710)
Slide 12: Copyright US Constitution (1790)
Slide 13: The Pirate Publisher
Slide 15: 20th century, cassette, video tape, CDs, Napster, The Pirate Bay, Popcorn Time
Slide 22: The battle of copyright (free culture, corporate capitalism, public domain)
Slide 23: Legal sources (sauces)
Slide 25: Berne convention (1886)
Slide 28: Three step test
Slide 29: Universal Copyright Convention (1952)
Slide 30: Rome convention (1961)
Slide 32: TRIPS - Agreement on Trade-Related Aspects of Intellectual Property Rights (1994)
Slide 35: WIPO Internet Treaties (1996)
Slide 36: EU Copyright Law
Slide 39: Road to harmonization (Regulations, Directives, CJEU practice...)
(...)
Digital Copyright, Digital Agenda by EU Commission, Digital Single Market, Originality, CRM Directive, InfoSoc Directive, Directive 2001/29, Directive 2014/26/EU, UsedSoft, Painer, Football Dataco, SAS Institute, Google Adwords, Svensson, Links and copyright, Caching and copyright, ...
The document is a presentation on Bangladesh Labor Law given by a group of students. It includes:
- An introduction to the group members giving their names and student IDs.
- Background on the development of labor laws in Bangladesh from British rule through independence.
- Key aspects of the Bangladesh Labor Law of 2006 such as working hours, leave policies, safety requirements, and amendments made in 2013.
- Discussion of issues like child labor, roles of trade unions, and common violations of labor laws particularly in industries like tanneries.
- An impact-urgency model identifying the most pressing labor rights issues in Bangladesh that require resolution such as long working hours, lack of benefits, and child labor.
A presentation on Copyright & Copyright InfringementAnand Prabhudesai
This document discusses copyright law in India. It explains that copyright protects original creative works and gives the creator the exclusive right to copy and distribute their work. The Copyright Act of 1957, which has been amended several times, governs copyright in India. It provides protection for literary, dramatic, musical and artistic works, films, and more recently, computer programs and digital content. Copyright arises automatically when a work is created and can last for the creator's lifetime plus 60 years. Infringement of copyright can result in civil and criminal penalties. The document outlines the scope of copyright protection as well as exceptions and exemptions to copyright law.
The document discusses copyright as part of intellectual property rights under TRIPS. It provides background on the history of copyright law in India and defines intellectual property rights. It describes organizations like WIPO and NIPO that deal with intellectual property. It explains key aspects of copyright like related rights, registration, term and infringement remedies. It compares India and Brazil's copyright acts and discusses concepts like copyleft. Statistical data and case studies on copyright issues are also presented.
The document summarizes key aspects of copyright law. It explains that copyright is a set of exclusive rights granted to creators of original works, including the rights to copy, distribute, and adapt their work. It lists what types of works can be copyrighted, such as literary works, music, art, and more. The document notes that copyright is automatic and exists as soon as a work is fixed in a tangible form. It provides a brief history of India's Copyright Acts of 1914 and 1957, which adopted many provisions from English law and introduced new concepts.
This document discusses copyright law in India. It defines copyright as the exclusive legal right given to creators for their original works. In India, the Copyright Act of 1957 protects literary, dramatic, musical and artistic works, films, sound recordings, photographs and computer-generated works. Copyright provides economic rights like reproduction and distribution, and moral rights of attribution and integrity. Infringement of copyright through unauthorized copying is a civil and criminal offense. Fair use and other limitations balance copyright protections with public interests.
The document discusses Philippine copyright law, which is established in the Intellectual Property Code of the Philippines (Republic Act No. 8293). It protects copyrights, patents, trademarks and other forms of intellectual property. The law is enforced by the Intellectual Property Office and its branches, and violations can result in penalties like fines, seizures, or censorship. The Bureau of Legal Affairs has the power to address copyright infringement cases and impose penalties through cease and desist orders, voluntary compliance, or administrative fines.
Copyright is a form of protection granted by law to authors of original creative works. It gives the author exclusive rights over reproduction, distribution, public performance, public display, and creation of derivative works. Copyright protection applies automatically when a work is created and fixed in a tangible form. It covers both published and unpublished works including literary, dramatic, musical, artistic works. Not all creative works are subject to copyright protection which does not extend to facts, ideas, or systems. Copyright's purpose is to promote innovation and creativity by providing incentives for creators while allowing limited use of copyrighted works under exceptions like fair use.
The document provides details about the author's internship at Kaz Software Limited. It discusses the company profile including services provided, tools and technologies used, office location and culture. It also outlines two projects the author worked on around bug fixing and feature development. The author reflects on learning new skills and technologies as well as professional and personal growth during the internship experience.
This document presents a test plan for version 1.0 of the IIT official website. It outlines the test items, features to be tested, approach, environment, responsibilities, and schedule. The test items include the website and its modules like achievements, gallery, news, programs, batches, courses, faculty, exams, results, groups, profile, documents, attendance, projects, calendar, and alumni. Features to be tested include adding, modifying, and viewing albums in the gallery module. The test plan follows IEEE 829 standards and will test the website on different client platforms.
This document discusses deadlock detection in distributed systems. It begins with defining deadlock and providing an example of a deadlock situation. It then explains that deadlock detection is more challenging in distributed systems due to factors like message loss and lack of shared memory. The document outlines three strategies for deadlock handling - detection and recovery, prevention, and avoidance. It proposes two approaches for deadlock detection in distributed systems: 1) using a central coordinator to merge wait-for graphs or 2) having all machines broadcast their wait-for graphs to detect deadlocks in a distributed way. Both approaches have drawbacks like single point of failure or overhead.
This document reports on Remote Procedure Call (RPC) and distributed systems. It provides background on RPC, describing it as a technique that allows a program to execute a subroutine in another address space, such as on another computer, without explicitly coding message passing details. It then gives timelines and information flows for how RPC works. The document also discusses socket programming as an implementation of RPC, showing code examples of a socket server and client that demonstrate how sockets allow message passing between processes similarly to RPC.
This document provides reviews of 3 research papers on distributed systems. The reviews were created by following a structured format including the paper title, authors, main idea, results, impact, evidence, prior work, and ideas for future work. For the first paper, the summary discusses analyzing the cost and resource optimization of running real-life applications on an open source cloud. The second paper proposes a software testing framework called IVRIDIO to provide test-first performance as a cloud service. The third paper presents a formal approach to developing fault tolerant distributed systems using refinement techniques.
The document provides details of the project plan for the game "Ghost in the Town". It discusses the background and scope of the project, which involves creating a single-player strategy game for Android devices. It outlines the project schedule, with stages including planning, design and implementation, testing, and submission. It aims to provide both structured and unstructured information about the virtual world and story of the game.
This document discusses job training methods and processes at an IT firm. It begins by introducing the importance of training for employees and businesses. It then provides background on the growth of the IT sector in India and the increased need for training and skills development. The rest of the document discusses various training models, domains, methods, and essential aspects of training in the IT industry. It also includes surveys on effective training delivery methods and the variation of trainer salaries with experience in the IT sector.
The document describes the architectural design process for a Library Circulation System. It includes 4 steps: 1) Representing the system context, 2) Defining archetypes, 3) Refining the architecture into components, and 4) Describing system instantiations. It then covers the component design process, including identifying classes, elaborating classes, describing data sources, and developing behavioral representations. Finally, it discusses the user interface design process, including analyzing users and tasks.
This document provides a project plan for a software project called "FootStep" that aims to track objects during transportation. The plan outlines the project goals of assisting courier services to notify customers about shipment statuses. It describes the organizational structure including roles and a project schedule with milestones. Requirements analysis was conducted through scenarios, data modeling, use cases and other techniques. The software design section covers the architectural design and component design. Risk management details the process used to identify, analyze, evaluate and treat risks.
The document discusses different approaches to dynamic indexing in information retrieval systems. The simplest approach maintains a main index and auxiliary index, with new documents added to the auxiliary index and merged periodically into the main index. An alternative logarithmic merge approach maintains multiple indexes at increasing sizes, merging them in a logarithmic fashion. While more efficient for indexing, the logarithmic approach requires merging multiple indexes for query processing. Large search engines use dynamic indexing with both incremental changes and periodic full rebuilds of the main index.
The document describes the component level design of a library circulation system. It outlines various classes and their attributes that would make up such a system, including classes for User, Item, Report, Fine, and others. Sequence diagrams and flowcharts are provided showing the logic and flow of key processes like issuing an item, returning an item, and calculating overdue fines.
The document contains class diagrams and sequence diagrams for a library management system. It defines classes like User, Item, Report, Fine with attributes and relationships. It also shows sequence diagrams for operations like searching for an item, renewing a book, calculating fines, and generating reports. The classes will retrieve and store data from a database using Data Access Object (DAO) and database connection classes.
This document outlines the components and functions of a library management system. It includes administrative and user roles with different identification numbers that can perform functions like adding, editing, and deleting data. The system also depends on a database to store information on items, users, and other data needed to manage the library.
The document summarizes reviews of three papers. Paper 1 investigates cost-resource optimization for running real-life applications in open source clouds. It found improved memory utilization and 40% cost savings. Paper 2 proposes a software testing framework called IVRIDIO that provides test-first performance as a cloud service. Paper 3 presents a formal approach to developing fault tolerant distributed systems using action systems and stepwise refinement. It demonstrates abstract specification and refinement of fault tolerant components.
Law, Science & Technology: Copyright & related rights (1 of 2)
- History & developments
- Legal sources
- Copyright harmonization
- Subject matter
- Concept of originality
- Exhaustion + case study
Slide 5: Push and pull relation between technology and copyright
Slide 6: 1450 Invention of printing press
Slide 8: Statute of Ann (1710)
Slide 12: Copyright US Constitution (1790)
Slide 13: The Pirate Publisher
Slide 15: 20th century, cassette, video tape, CDs, Napster, The Pirate Bay, Popcorn Time
Slide 22: The battle of copyright (free culture, corporate capitalism, public domain)
Slide 23: Legal sources (sauces)
Slide 25: Berne convention (1886)
Slide 28: Three step test
Slide 29: Universal Copyright Convention (1952)
Slide 30: Rome convention (1961)
Slide 32: TRIPS - Agreement on Trade-Related Aspects of Intellectual Property Rights (1994)
Slide 35: WIPO Internet Treaties (1996)
Slide 36: EU Copyright Law
Slide 39: Road to harmonization (Regulations, Directives, CJEU practice...)
(...)
Digital Copyright, Digital Agenda by EU Commission, Digital Single Market, Originality, CRM Directive, InfoSoc Directive, Directive 2001/29, Directive 2014/26/EU, UsedSoft, Painer, Football Dataco, SAS Institute, Google Adwords, Svensson, Links and copyright, Caching and copyright, ...
The document is a presentation on Bangladesh Labor Law given by a group of students. It includes:
- An introduction to the group members giving their names and student IDs.
- Background on the development of labor laws in Bangladesh from British rule through independence.
- Key aspects of the Bangladesh Labor Law of 2006 such as working hours, leave policies, safety requirements, and amendments made in 2013.
- Discussion of issues like child labor, roles of trade unions, and common violations of labor laws particularly in industries like tanneries.
- An impact-urgency model identifying the most pressing labor rights issues in Bangladesh that require resolution such as long working hours, lack of benefits, and child labor.
A presentation on Copyright & Copyright InfringementAnand Prabhudesai
This document discusses copyright law in India. It explains that copyright protects original creative works and gives the creator the exclusive right to copy and distribute their work. The Copyright Act of 1957, which has been amended several times, governs copyright in India. It provides protection for literary, dramatic, musical and artistic works, films, and more recently, computer programs and digital content. Copyright arises automatically when a work is created and can last for the creator's lifetime plus 60 years. Infringement of copyright can result in civil and criminal penalties. The document outlines the scope of copyright protection as well as exceptions and exemptions to copyright law.
The document discusses copyright as part of intellectual property rights under TRIPS. It provides background on the history of copyright law in India and defines intellectual property rights. It describes organizations like WIPO and NIPO that deal with intellectual property. It explains key aspects of copyright like related rights, registration, term and infringement remedies. It compares India and Brazil's copyright acts and discusses concepts like copyleft. Statistical data and case studies on copyright issues are also presented.
The document summarizes key aspects of copyright law. It explains that copyright is a set of exclusive rights granted to creators of original works, including the rights to copy, distribute, and adapt their work. It lists what types of works can be copyrighted, such as literary works, music, art, and more. The document notes that copyright is automatic and exists as soon as a work is fixed in a tangible form. It provides a brief history of India's Copyright Acts of 1914 and 1957, which adopted many provisions from English law and introduced new concepts.
This document discusses copyright law in India. It defines copyright as the exclusive legal right given to creators for their original works. In India, the Copyright Act of 1957 protects literary, dramatic, musical and artistic works, films, sound recordings, photographs and computer-generated works. Copyright provides economic rights like reproduction and distribution, and moral rights of attribution and integrity. Infringement of copyright through unauthorized copying is a civil and criminal offense. Fair use and other limitations balance copyright protections with public interests.
The document discusses Philippine copyright law, which is established in the Intellectual Property Code of the Philippines (Republic Act No. 8293). It protects copyrights, patents, trademarks and other forms of intellectual property. The law is enforced by the Intellectual Property Office and its branches, and violations can result in penalties like fines, seizures, or censorship. The Bureau of Legal Affairs has the power to address copyright infringement cases and impose penalties through cease and desist orders, voluntary compliance, or administrative fines.
Copyright is a form of protection granted by law to authors of original creative works. It gives the author exclusive rights over reproduction, distribution, public performance, public display, and creation of derivative works. Copyright protection applies automatically when a work is created and fixed in a tangible form. It covers both published and unpublished works including literary, dramatic, musical, artistic works. Not all creative works are subject to copyright protection which does not extend to facts, ideas, or systems. Copyright's purpose is to promote innovation and creativity by providing incentives for creators while allowing limited use of copyrighted works under exceptions like fair use.
The document provides details about the author's internship at Kaz Software Limited. It discusses the company profile including services provided, tools and technologies used, office location and culture. It also outlines two projects the author worked on around bug fixing and feature development. The author reflects on learning new skills and technologies as well as professional and personal growth during the internship experience.
This document presents a test plan for version 1.0 of the IIT official website. It outlines the test items, features to be tested, approach, environment, responsibilities, and schedule. The test items include the website and its modules like achievements, gallery, news, programs, batches, courses, faculty, exams, results, groups, profile, documents, attendance, projects, calendar, and alumni. Features to be tested include adding, modifying, and viewing albums in the gallery module. The test plan follows IEEE 829 standards and will test the website on different client platforms.
This document discusses deadlock detection in distributed systems. It begins with defining deadlock and providing an example of a deadlock situation. It then explains that deadlock detection is more challenging in distributed systems due to factors like message loss and lack of shared memory. The document outlines three strategies for deadlock handling - detection and recovery, prevention, and avoidance. It proposes two approaches for deadlock detection in distributed systems: 1) using a central coordinator to merge wait-for graphs or 2) having all machines broadcast their wait-for graphs to detect deadlocks in a distributed way. Both approaches have drawbacks like single point of failure or overhead.
This document reports on Remote Procedure Call (RPC) and distributed systems. It provides background on RPC, describing it as a technique that allows a program to execute a subroutine in another address space, such as on another computer, without explicitly coding message passing details. It then gives timelines and information flows for how RPC works. The document also discusses socket programming as an implementation of RPC, showing code examples of a socket server and client that demonstrate how sockets allow message passing between processes similarly to RPC.
This document provides reviews of 3 research papers on distributed systems. The reviews were created by following a structured format including the paper title, authors, main idea, results, impact, evidence, prior work, and ideas for future work. For the first paper, the summary discusses analyzing the cost and resource optimization of running real-life applications on an open source cloud. The second paper proposes a software testing framework called IVRIDIO to provide test-first performance as a cloud service. The third paper presents a formal approach to developing fault tolerant distributed systems using refinement techniques.
The document provides details of the project plan for the game "Ghost in the Town". It discusses the background and scope of the project, which involves creating a single-player strategy game for Android devices. It outlines the project schedule, with stages including planning, design and implementation, testing, and submission. It aims to provide both structured and unstructured information about the virtual world and story of the game.
This document discusses job training methods and processes at an IT firm. It begins by introducing the importance of training for employees and businesses. It then provides background on the growth of the IT sector in India and the increased need for training and skills development. The rest of the document discusses various training models, domains, methods, and essential aspects of training in the IT industry. It also includes surveys on effective training delivery methods and the variation of trainer salaries with experience in the IT sector.
The document describes the architectural design process for a Library Circulation System. It includes 4 steps: 1) Representing the system context, 2) Defining archetypes, 3) Refining the architecture into components, and 4) Describing system instantiations. It then covers the component design process, including identifying classes, elaborating classes, describing data sources, and developing behavioral representations. Finally, it discusses the user interface design process, including analyzing users and tasks.
This document provides a project plan for a software project called "FootStep" that aims to track objects during transportation. The plan outlines the project goals of assisting courier services to notify customers about shipment statuses. It describes the organizational structure including roles and a project schedule with milestones. Requirements analysis was conducted through scenarios, data modeling, use cases and other techniques. The software design section covers the architectural design and component design. Risk management details the process used to identify, analyze, evaluate and treat risks.
The document discusses different approaches to dynamic indexing in information retrieval systems. The simplest approach maintains a main index and auxiliary index, with new documents added to the auxiliary index and merged periodically into the main index. An alternative logarithmic merge approach maintains multiple indexes at increasing sizes, merging them in a logarithmic fashion. While more efficient for indexing, the logarithmic approach requires merging multiple indexes for query processing. Large search engines use dynamic indexing with both incremental changes and periodic full rebuilds of the main index.
The document describes the component level design of a library circulation system. It outlines various classes and their attributes that would make up such a system, including classes for User, Item, Report, Fine, and others. Sequence diagrams and flowcharts are provided showing the logic and flow of key processes like issuing an item, returning an item, and calculating overdue fines.
The document contains class diagrams and sequence diagrams for a library management system. It defines classes like User, Item, Report, Fine with attributes and relationships. It also shows sequence diagrams for operations like searching for an item, renewing a book, calculating fines, and generating reports. The classes will retrieve and store data from a database using Data Access Object (DAO) and database connection classes.
This document outlines the components and functions of a library management system. It includes administrative and user roles with different identification numbers that can perform functions like adding, editing, and deleting data. The system also depends on a database to store information on items, users, and other data needed to manage the library.
The document summarizes reviews of three papers. Paper 1 investigates cost-resource optimization for running real-life applications in open source clouds. It found improved memory utilization and 40% cost savings. Paper 2 proposes a software testing framework called IVRIDIO that provides test-first performance as a cloud service. Paper 3 presents a formal approach to developing fault tolerant distributed systems using action systems and stepwise refinement. It demonstrates abstract specification and refinement of fault tolerant components.
This document summarizes a presentation on HTML versions 4.0, 4.01, and 5. It discusses the presenters and purpose, which is to analyze and compare HTML4 and HTML5 forms. Key differences covered include new form elements in HTML5 like <datalist> and <output>, as well as new form attributes in both HTML4 and HTML5. HTML5 defines 13 new input types.
The document provides an overview of the typical components and structure of long, formal reports. It discusses the preface sections that introduce the report such as the title page, authorization message, and table of contents. The body of the report is organized into sections and covered in detail with introductions, conclusions, and summaries to provide coherence. Appended materials such as appendices and bibliographies are also included to supplement the core report. Maintaining structural coherence through these linking elements is important for orienting the reader in a long report.
The document discusses employee selection and training. It covers assessment methods for selection like psychological tests, interviews, work samples and assessment centers. It also discusses selecting employees through job analysis, validating selection predictors, and making hiring decisions. Finally, it outlines training design, delivery methods, evaluation of training and levels of training from organizational to job to personal levels.
This document appears to be a presentation on accounting topics such as timing issues, deferrals, accruals, adjusting entries, and the basic accounting equation. It includes examples of adjusting journal entries, an unadjusted trial balance, adjusted trial balance, income statement, statement of owner's equity, and balance sheet. The presentation was created by students at the Institute of Information Technology and covers fundamental accounting concepts and financial statements.
4. Vision 2021: Digital
Bangladesh
Implementation of e-governance
Information Security Policy
4 11/18/2014
5. lack of information
protection procedure
weak and
unmanaged security
controls
under skilled
personnel and lack of
expertise
5 11/18/2014
6. Ministry of ICT on behalf of the Government
of
Bangladesh will have the ownership
Ministry of ICT will monitor the
implementation
Bangladesh Computer Council, Office of the
CCA and Bangladesh Telecommunication
Regulatory Commission (BTRC) will jointly
coordinate the implementation
6 11/18/2014
7. Agency Asset Attack
Authentication Authenticity
Availability
Business
continuity
Confidentiality Certification
Classified
Information
Control
Control
objective
Corrective
action
Eavesdropping Exploit
Guideline Information
Information
asset
Information
System
Integrity
IS Policy Information
security
Information
security event
PKI
Policy
Risk Risk analysis
Risk
Risk
assessment
Social
Engineering
Spoofing
assessment
7 11/18/2014
8. • to help agencies of the Government of Bangladesh
to understand the nutshell of Information Security,
• to define the methodology to prepare Information
Security policy
• to give them proper guidance to implement
Information Security Policy
8 11/18/2014
10. Information is an asset that, like other important business assets,
is essential to an organization’s business and consequently be
appropriately safeguarded.
Information can be in any form. It includes:
documents and papers
electronic data
the systems (software, hardware and networks) on which
the information is stored, processed or communicated
intellectual information (knowledge or perceptions)
acquired by individuals
physical items from which information regarding design,
components or use could be derived
Images, audio or video clips.
10 11/18/2014
11. Asset is anything that has a value to the organization, agency or nation.
Information is a key asset for an organization.
databases and data files, contracts and agreements, system documentation including process,
research information, user manuals, training material, operational or support procedures,
business continuity plans, fallback arrangements, audit trails, and archived information;
application software, system software, development tools, and utilities;
computer equipment, communications equipment, removable media, and other equipment;
computing and communications services;
people, and their qualifications, skills, and experience;
intangibles, such as reputation and image of the organization
11 11/18/2014
13. Historical
information
Agencies private
information or
personnel
information
Regular business
information
Static and dynamic
information
Communication/
correspondence,
perception and
knowledge
Information that’s
processed in the
Intranet of the
agency/government
Information that’s
processed in the
internet of the
agency/government
Information that’s
processed in the
extranet
13 11/18/2014
14. 1 • Top Secret
2 • Secret
3 • Confidential
4 • Restricted
5 • Public or Unclassified
14 11/18/2014
15. More Issues Related to
Information
Information
Owner
Information
Custodian
Roles and
responsibilities
Archiving of
Information
Asset
15 11/18/2014
17. Understanding Risk,
Threats and Vulnerabilities
Identification of Risk,
Threats and Vulnerabilities
Risk Management
Risk Management
Template
17 11/18/2014
18. The potential (merely “chance”) for loss, damage or destruction of an
information asset as a result of a threat exploiting a vulnerability.
18 11/18/2014
19. lack of security awareness are
there
Operating procedures are not
documented
Lack of fire prevention system
little support for security measures
information is not classified
no official policy and no
monitoring/intrusion detection
or incident response
team are in place
The building is in an earthquake zone,
where minor quakes are expected
weak access control mechanisms exists
inadequate information security
policy operates
The building is in an flooded
zone or can be affected by flood
because of lack of proper water
disposal system
Employees are not identified adequately, visitors may roam unchecked
19 11/18/2014
20. A threat is a potential cause of an unwanted incident, which may
result in harm to a system or organizations’ information assets.
20 11/18/2014
22. Vulnerabilities are flaws or weaknesses associated with an
agency’s assets or capabilities. Vulnerability is merely a condition
or set of conditions that may allow a threat to affect an asset.
Typically vulnerability results from:
flawed procedures,
under-skilled staff,
incorrectly configured or defective technology.
22 11/18/2014
24. Information
Asset
• Information
asset is
something
what agency
tries to
protect.
Threat
• Threat is
something
against what
an agency
tries to
protect their
information
asset.
Vulnerability
• Vulnerability
is the
weakness or
gap in the
protection
efforts made
by an
agency.
Risk
• Risk is
destruction
(or chance
of
destruction)
of an
information
asset as a
result of
threat
exploiting
vulnerability.
24 11/18/2014
27. Security controls are safeguards or countermeasures to avoid,
counteract or minimize security risks.
27 11/18/2014
28. Preve
ntative
According
to Time
Detecti
ve
Correc
tive
Physica
l
According
to Nature
Proced
ural
Techni
cal
Legal
and
regulat
ory
28 11/18/2014
29. Personnel Security,
Equipment Control,
Access controls,
Physical and Environmental
Protection,
Operational Procedure and
responsibilities,
Third party service delivery
management,
System planning and acceptance,
Application Security,
Protection against malicious code,
Information back-up,
Network security
management,
Removable Media handling,
Information
exchange/transmission,
Information disposal,
Information system security,
Cryptographic controls,
Correct processing,
System files security,
Monitoring
29 11/18/2014
31. ICT Act 2006 (amended in 2009)
ICT Policy 2009
Right to Information Act
Intellectual Property Rights
Copyright, Patent, Trademark related laws
PKI related rules/guidelines for cryptographic controls
Laws on document & records retention
Cyber Security related laws/guideline/policy
UN conventions/Laws related to internet or cyber security
31 11/18/2014
32. Step
s
Including information security in the
business continuity management process;
Business continuity and risk assessment;
Developing and implementing continuity
plans including information security;
Business continuity planning framework;
Testing, maintaining and re-assessing
business continuity plans;
32 11/18/2014
33. Standards and Guideline
Information System Audit and
Certification
Incident Management
Monitoring & Improvement
National Cyber Security Strategy
33 11/18/2014
41. স্বীকৃবি
রকাে রপ্ররক স্বয়ং রকাে
ইনেবিক ররকর্ড রপ্ররণ কনর
থাকনে উক্ত ররকর্ড রপ্ররক এর
রপ্ররক এিং প্রাপক এর র্ানে
রকাে ইনেবিক ররকর্ড রপ্ররনকর
হনি যবদ
• রপ্ররনকর পনক্ষ কাে করার
েেয রপ্ররণ করা হয়
• িথয রপ্ররণ রকৌশনের র্ানে
রপ্ররণ করা হয়
42. প্রাবি স্বীকার
প্রাপক দ্বারা স্বয়ংবিয় িা অেযনকানো রযাগানযানগ দ্বারা
প্রাপক দ্বারা প্রাবি স্বীকার
এর্ে রকাে কর্ডকাণ্ড যা বেবিি কনর ইনেবিক ররকর্ড প্রাপক
পায়নছ
ইলেক্ট্রিক রেকর্ড রেেণ ও গ্রহলেে সময় এবং স্থাে
43. বেরাপদ ইনেবিক ররকর্ড ও বেরাপদ
ইনেবিক স্বাক্ষর
• ইনেবিক ররকর্ড এর েেয রয বেরাপত্তা পদ্ধবি
গ্রহণ করা হয়, িা যাচাই পযডন্ত বেরাপদ
ইনেবিক ররকর্ড িনে গণয হনি
বেরাপদ
ইনেবিক
ররকর্ড
• উহা সংযুক্তকারীর একান্ত বেেস্ব বছে
• সংযুক্তকারীনক সোক্ত করার সুনযাগ বছে
• ইনেবিক সাক্ষনরর সানথ সম্পকড যুক্ত ইনেবিক
ররকর্ড এ রকােরূপ পবরিিডে ো হয়
বেরাপদ
ইনেবিক
স্বাক্ষর
Government of the Peoples Republic of Bangladesh intends to materialize the Vision 2021: Digital Bangladesh. To achieve this vision government Ministries/Divisions, Departments/agencies and their subordinate bodies have started implementing e-Governance . increase the productivity of the government . It is very important to consider information security for a government while implementing e-Governance . This document is a guideline to help government agencies to formulate their own Information Security Policy to protect their information in the cyber space.
In recent past, Bangladesh especially the government sector has faced number of cyber attack incident (e.g. web defacement, information damage, information theft, Distributed Denial of Service, etc.).
Agency: Agency includes ministry/division, departments and sub-ordinate bodies of the Government of Bangladesh.
Asset: Anything of value to an agency.
Attack: Attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.
Authentication: Provision of assurance that a claimed characteristic of an entity is correct.
Authenticity: Property that an entity is what it claims to be.
Availability: Information Systems available to users at any given or specified period of time and being accessible and usable upon demand by an authorized entity.
Business continuity: Processes and/or Procedures for ensuring continued business operations.
Confidentiality: Information is not made available or disclosed to unauthorized individuals, entities, systems or processes.
Certification: Certification is something provided by any standard bodies or by some form of external review to an agency after evaluating their information system infrastructure and information security management system.
Classified Information: It refers to the categories of information classified in accordance with the Security Regulations.
Control: It means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of administrative, technical, management, or legal nature. Control is also used as a synonym for safeguard or countermeasure.
Control objective: Statement describing what is to be achieved as a result of implementing controls.
Corrective action: Action to eliminate the cause of a detected nonconformity or other undesirable situation.
Eavesdropping: Eavesdropping, an unauthorized access to information, is a kind of network attack by capturing packets while communication/transmission of information.
Exploit: A technique or code that uses a vulnerability to provide system access to the attacker.
Guideline: A description that clarifies what should be done and how, to achieve the objectives set out in policies information processing facilities any information processing system, service or infrastructure, or the physical locations housing them
Information: Digitally processed data or digitized information of an agency or an individual.
Information asset: Information or data that has value to the agency or individual.
Information System: An electronic information system that processes data electronically through the use of information technology - including but is not limited to: computer systems, servers, workstations, terminals, storage media, communication devices, network resources and Internet.
Integrity: When authorized persons are allowed to make changes to the information stored or processed by Information Systems in any aspects.
IS Policy: A documented list of management instructions that describe in detail the proper use and management of computer and network resources with the objective to protect these resources as well as the information stored or processed by Information Systems from any unauthorized disclosure, modifications or destruction.
Information security: Preservation of confidentiality, integrity and availability of information; in addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved
Information security event: An information security event is an identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously unknown situation that may be security relevant
Information security incident: An information security incident is indicated by a single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security
PKI: PKI is a framework that consists of hardware, software, policies, and procedures for managing keys and certificates.
Policy: Overall intention and direction as formally expressed by management
Risk: Combination of the probability of an event and its consequence
Risk analysis: Systematic use of information to identify sources and to estimate the risk
Risk assessment: Overall process of risk analysis and risk evaluation
Risk evaluation: Process of comparing the estimated risk against given risk criteria to determine the significance of the risk
Risk management: Coordinated activities to direct and control an organization with regard to risk
Risk treatment: Process of selection and implementation of measures to control or minimize risk
Social engineering: Obtaining information from individuals by trickery.
Spoofing: A form of masquerading where a trusted IP address is used instead of the true IP address as a means of gaining access to a computer system.
Third party: That person or body that is recognized as being independent of the parties involved, as concerns the issue in question
Threat: A potential cause of an unwanted incident, which may result in harm to a system or organization
Vulnerability: A weakness of an asset or group of assets that can be exploited by a threat
Information is an important asset for an agency as well as for a state.
All government, semi-government, autonomous agency or public limited company in Bangladesh who wants to prepare their Information Security Policy document, can use this guideline. This is a baseline for them to prepare their policy to protect their information. Any private organization inside Bangladesh can also adopt this guideline.
Broadly defin. The Government holds information that is operationally, administratively, politically, commercially or personally significant. d Information is the basis on which the agency conducts their business .
Agency before preparing its Information Security Policy should set a plan for integrating process, people, technology, procedures to safeguard its information from threats. The strategy should be reviewed periodically to mitigate newer threats and vulnerabilities in the area of information security.
Objective-safeguard their information from threats in the cyber space
Understanding-Before start developing security policy for the agency, it is required to have a thorough understanding of the agency. It is also required to consider the goals and direction of the agency….. conform to existing policies, rules, regulations and laws that the agency is subject to.
Plan-agency shall prepare its security policy in this stage. This stage may include procedures, standards, guidelines etc along with the policy.
Implementation-educate its personnel and distribute these guidelines to all its implementers…Seminars and awareness campaigns
Check Compliance-It is always recommended that the agency must develop a method to measure compliance with the policy and check compliance in a periodical basis. This compliance method may include the formation of auditing team to ensure that the policy is enforced
Monitor-It is important to have monitoring and review mechanism for future improvement since new threats are being discovered as time passes by. Security controls have to be modified as necessary to mitigate any new threat introduced
While formulating a security policy every organization or agency should be aware of possible risks that can affect the safety and security of their information asset. The organization or agency should also have clear understanding about threats and vulnerabilities that could damage its information assets
This section will assist an agency to understand and identify and analyze threats, risks and vulnerabilities.
Reducing the risk of an organization requires risk identification and risk management process to be done periodically. An agency should know major risks that may cause potential loss of their information asset.
Threats can be occur by natural disaster, intentional or accidental acts originating inside or outside the agency. Most threats exploit vulnerabilities in information assets or their supporting infrastructure (hardware or software).
Therefore, a vulnerability that cannot be exploited by a threat or an asset with no known or suspected vulnerabilities cannot be a security risk
It is always seen that most agencies always mix up the definition of risk, threat and vulnerability. Risk, threat and vulnerability are not terminologies for same meaning. For clear understanding of these three terms, this is a good simple relational definition between information asset, risk, threat and vulnerability
The objective of the risk management process is to identify threats and vulnerabilities and to provide recommendations to ensure protection of information asset.
Establish the context-The purpose of the context establishment is to characterize the target of the analysis and its environment. Criteria against which risk will be evaluated should be established and the structure of the analysis to be defined.
Identify Risk -In this stage, the agency must identify where, when, why and how incident can happen.
Analyze Risk -This is the stage where an agency will do the risk estimation. Here an agency will identify and evaluate existing controls.
---Then the agency will determine the consequences and likelihood and hence the level of risk.
Evaluate Risk -This is a very important stage to make decision how to treat a risk. In this stage, on the basis of the result of analyzing risks, an agency will map the resulting risks with their associated risk values to decide how to treat risks
Treat Risk -As per the result came from previous stage, the agency may prepare effective plans and procedure to mitigate the risks. It is always recommended to prepare plans with maximum effectiveness and minimum cost.
Risk assessment template is a simple form with fields that an agency will periodically fill up after completing the risk analysis.
Before the event, preventive controls;
During the event, detective controls;
After the event, corrective controls.
A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged.
An agency must use digital signature certificate to ensure their cryptographic controls
Authenticity (authenticity of information and parties involved in information exchange)
Confidentiality (ensures confidentiality of information using encryption technology)
Integrity (assures information user about the alteration of information)
Non-repudiation (information originator or signer can not challenge legally that (s)he or they did not sign or originate the information)
While preparing the policy the agency must be aware of legal and compliance issues that may be affected if the policy put in place.
List of some legal and compliance document that an agency must consider while developing their policy:
Business continuity: Processes and/or Procedures for ensuring continued business operations.
To protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption, a business continuity management process should be implemented.
Steps in Business continuity plan (as per ISO/IEC 27002)
Standards and Guideline-there must be some guidance in the policy document. the agency must set the standards and guideline they are going to follow in every stage of protecting their information asset
Information System Audit and Certification -In the context of Bangladesh, agencies those handle critical information system infrastructure, must go through IS audit periodically. The auditor in this case can be internal or external or both. IS audit is very significant to minimize disruptions in operational procedures and to improve performance.
Incident Management -it is very crucial to consider incident management plan before an incident occur. No one can exactly know when and what incident is coming. Information security incidents may occur at any time. It is very important to establish robust and effective processes to deal with incident.
National Cyber Security Strategy -National Cyber Security Strategy needs to be formulated. Moreover, a separate agency may be established in future for addressing cyber security and information security issues and may be titled as “National Information Security Agency, Bangladesh (NISAB)”.