Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Intellectual Property
you Use
Foundations of Information Security Series
Vicente Aceituno @vaceituno
(c)Inovement Europe 2...
Vicente Aceituno
vac@zenobia.es - Skype: vaceituno
Linkedin - linkedin.com/in/vaceituno
Inovement Europe - inovement.es
Vi...
Foundations of Information Security Series
 Needs
 Secrecy
 Intellectual Property you Own
 Intellectual Property you U...
What is Information Security?
 “Information Security” is an emergent
property of people using information.
 People have ...
What is Information Security?
 When expectations about information are
met, there is “Security”.
 When expectations abou...
What is Information Security?
 Some expectations are things people (or
organizations) want to happen for their own
reason...
Intellectual Property you Use
Intellectual Property you Use
 Some expectations of people about information
are related to ownership, control and use of...
Intellectual Property you Use
 Ownership is defined having legal rights and
duties on something.
 Control is defined as ...
Intellectual Property you Use
Creations of the mind are protected by law, granting
certain exclusive rights to the authors...
Intellectual Property you Use
There are several types of intellectual property, for
example:
 Copyrights (movies, books, ...
Intellectual Property you Use
 There is an expectation that Intellectual Property
you Use will be controlled by their lic...
Intellectual Property you Use
 If these expectations are met or not is independent
of the observer and repeatable.
 Inte...
Intellectual Property you Use related incidents
 When Intellectual Property you Use is controlled by
people who are not o...
Achieving Intellectual Property you Use expectations
 In order to achieve Intellectual Property you Use
expectations, nor...
Intellectual Property you Use
The O-ISM3 Challenge
 This was an exercise designed to throw into sharp
relief the inadequacy of traditional information
...
Secrecy Business Needs
Intellectual
Property
Privacy
Confidentiality
Business
Obligations
Confidentiality
Confidentiality
 ISO Definition: The property that information is not
made available or disclosed to unauthorized
individ...
Intellectual Property you Use and Confidentiality
 Confidentiality can’t be measured (it doesn’t have
units). Therefore i...
Intellectual Property you Use and Confidentiality
 Intellectual Property you Use expectations and
Confidentiality are not...
 Follow the Foundations of Information
Security Series by joining the Linkedin
O-ISM3 Group at: tiny.cc/osim3LG
 Learn A...
Intellectual Property you Use
Upcoming SlideShare
Loading in …5
×

Intellectual Property you Use

13,327 views

Published on

Published in: Technology
  • Be the first to comment

Intellectual Property you Use

  1. 1. Intellectual Property you Use Foundations of Information Security Series Vicente Aceituno @vaceituno (c)Inovement Europe 2014
  2. 2. Vicente Aceituno vac@zenobia.es - Skype: vaceituno Linkedin - linkedin.com/in/vaceituno Inovement Europe - inovement.es Video Blog - youtube.com/user/vaceituno Blog - ism3.com Twitter - twitter.com/vaceituno Presentations - slideshare.net/vaceituno/presentations Articles - slideshare.net/vaceituno/documents
  3. 3. Foundations of Information Security Series  Needs  Secrecy  Intellectual Property you Own  Intellectual Property you Use  Privacy  Availability  Retention  Expiration  Quality  Obligations  Technical  Compliance  Legal
  4. 4. What is Information Security?  “Information Security” is an emergent property of people using information.  People have expectations about information.  If there is no people or no information, “Information Security” is meaningless, as there are no expectations to meet.
  5. 5. What is Information Security?  When expectations about information are met, there is “Security”.  When expectations about information are not met, there is an “Incident”.
  6. 6. What is Information Security?  Some expectations are things people (or organizations) want to happen for their own reasons. These are Needs.  Some expectations are things people (or organizations) want to happen in order to meet technical, legal or standard compliance requirements. These are Obligations.
  7. 7. Intellectual Property you Use
  8. 8. Intellectual Property you Use  Some expectations of people about information are related to ownership, control and use of information over time.
  9. 9. Intellectual Property you Use  Ownership is defined having legal rights and duties on something.  Control is defined as having the ability to:  Grant or deny access to users.  Attribute to specific users their use of information.  Use is defined as having access to read, write or modify information.
  10. 10. Intellectual Property you Use Creations of the mind are protected by law, granting certain exclusive rights to the authors, exclusive rights collectively known as intellectual property. We use a synecdoche by calling this intellectual property “information”.
  11. 11. Intellectual Property you Use There are several types of intellectual property, for example:  Copyrights (movies, books, music, software, etc)  Trademarks.  Patents. The legal use of intellectual property without a license under certain conditions is known as “Fair Use”.
  12. 12. Intellectual Property you Use  There is an expectation that Intellectual Property you Use will be controlled by their licensees or authorized administrators only, for as long as they are authorized.  There is an expectation that Intellectual Property you Use will be used by authorized users only, for as long as they are authorized.
  13. 13. Intellectual Property you Use  If these expectations are met or not is independent of the observer and repeatable.  Intellectual Property you Use expectations can be determined answering the following questions:  Who should control the Intellectual Property you Use?  Who should not control the Intellectual Property you Use?  Who should use the Intellectual Property you Use?  Who should not use the Intellectual Property you Use?  Answering these questions renders lists that can be enumerated, measured and managed.
  14. 14. Intellectual Property you Use related incidents  When Intellectual Property you Use is controlled by people who are not or have never been the licensees or the authorized administrators. For example:  Granting access to unauthorized users.  Denying access to authorized users.  Lack of, or misattribution to specific users of their use of information.  When Intellectual Property you Use is used by people who are not or have never been authorized users. For a more complete list of incidents check tiny.cc/incidents
  15. 15. Achieving Intellectual Property you Use expectations  In order to achieve Intellectual Property you Use expectations, normally Access Control and Inventory measures are taken.  Cryptography is an important technology for Access Control.  The Access Control related O-ISM3 processes are:  OSP-11 Access Control  OSP-12 User Registration  The Inventory related O-ISM3 process is:  OSP-3: Inventory Management
  16. 16. Intellectual Property you Use
  17. 17. The O-ISM3 Challenge  This was an exercise designed to throw into sharp relief the inadequacy of traditional information security concepts.  Check the exercise in full at tiny.cc/indepth  A summary of conclusions from the exercise, in relation to Intellectual Property you Use, follow.
  18. 18. Secrecy Business Needs Intellectual Property Privacy Confidentiality Business Obligations Confidentiality
  19. 19. Confidentiality  ISO Definition: The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.  ITIL Definition: A security principle that requires that data should only be accessed by authorized people.  CobIT Definition: Concerns the protection of sensitive information from unauthorized disclosure.
  20. 20. Intellectual Property you Use and Confidentiality  Confidentiality can’t be measured (it doesn’t have units). Therefore is not independent of the observer nor repeatable like Intellectual Property you Use expectations are.  Intellectual Property you Use expectations can be used to measure, communicate and manage a specific expectation of people about information.  Confidentiality is not necessary to understand or measure Intellectual Property you Use expectations.
  21. 21. Intellectual Property you Use and Confidentiality  Intellectual Property you Use expectations and Confidentiality are not equivalent.  Confidentiality and Intellectual Property you Use expectations are not synonymous.  Confidentiality is not useful to understand Intellectual Property you Use expectations.
  22. 22.  Follow the Foundations of Information Security Series by joining the Linkedin O-ISM3 Group at: tiny.cc/osim3LG  Learn Advanced Information Security Management, joining us at an O-ISM3 Course: tiny.cc/osim3

×