SlideShare una empresa de Scribd logo

GUL Network Infrastructure

Descargar como DOCX, PDF
M
Muhammad Zeeshan
1 de 12
GLYNDWR UNIVERSITY’S SECURITY NETWORK INFRASTRUCTURE Task 1: Prepare a security policy document for Information and Communication Technology (ICT) use in GUL. NETWORK of a university is what connects its students to the plethora of information at different knowledge domains. Its significance lies in the fact that students allocate more time on on-line study than the class. Besides the lecture, the students do also show an equal participation on UGC ‘User Generated Content’ over the net. Network is therefore a prerequisite on university campus, followed by its security. The ICT infrastructure of Glyndwr is what provides a seamless access on information to its students. Unfortunately it runs a very high risk of getting tampered, hacked, attacked or violated. Universities and Government Installations are the soft targets for hackers as the data has a huge commercial value [1]. While drafting the security policy of Glyndwr, it becomes imperative to include everything that makes it robust. It all starts with identifying the core areas on work:- Currently, the university has a separate computer room where the students can use the internet to learn more about the subject. Every student can directly access the internet without any user authentication. This poses a big problem for the university network as an unbarred entry makes the system vulnerable to external threats [2]. There has to be a Unified Software Management that keeps everything centralised – user registration, login details and purpose of visit. In its present state, it is very easy for any student or user to unknowingly upload a virus into the system. The losses incurred for reasons of system crash or break-down run in millions and no university can afford this [3]. Question is also raised over the network performance as it fails to meet the bandwidth demand during the peak hours. Having a centralised server should keep the system simple and ‘unadulterated’. Password Setting should be the first barrier on entry [3]. The network would remain safe only when the key is held responsibly. Every student needs to be provided a login ID as his or her key to the system. The IT Administrator also needs to define the rights for each user. This however depends on the ‘purpose’ that each user has with the system. Students use the system primarily for information and the staff would use it for keeping records. Separate logins for each person would improve traceability and any malicious activity can be instantly spotted. The studies [4] indicate that a lot of students disclose their passwords to other individuals. This is a serious compromise with the security of the network. Biometrics based identification can be a feasible strategy to remove such inadequacies with the system. Also, the university needs to upgrade its networking abilities to match the present technology. It is suggested that routers are used for connecting the campus with internet. Also, WiFi and WiMax can be installed for providing a ubiquitous service on internet facilities [5]. This is expected to bring the burden down on the infrastructure as the students can use their PDA
devices or laptops to surf the net. It is however recommended that the network runs on a very agile anti-virus; one that keeps the viruses from entering the system. The unified software solution should be able to adapt with the different technologies – Firewall, Encryption, VLAN ‘Virtual Exchange Network’, Virtual Private Network and PKI. Also there should be a formal code of conduct on using the secondary devices on the main server. However for the administrator to achieve excellence on network security, the applications should be combined well with anti-viruses – Gateway antivirus, Stand alone antivirus and Server antivirus. Password protected user authentication would keep the system from external threats and anti-viruses would keep the system from internal threats. Also, there has to be an effective control strategy on every layer – Access Control Policy, Operation Control Policy, Network Access Control Policy and Directory Access Control. All the control mechanisms should be complemented with Information Encryption. Using encryption algorithm would make sure that no unauthorised person makes an entry into the system. After an investigation into the core areas, it is time to segregate the different functions to redefine the security policy in its newer version:- Password Authentication: Every student needs to be provided a login ID as his or her key to the system. The IT Administrator also needs to define the rights for each user. Software Licenses: There should be no room for any unlicensed installation in the university campus. Every software and device driver needs to be bought directly from the vendor and with a facility of auto-update. Access to Computer System; Access should be based on the ‘rights’ for the different user groups. As part of the Computer Misuse Act the students shouldn’t be allowed to interfere with other user’s work area and also the network resources should be distributed on each layer. This should keep the different user groups separate from each other. Obscenity: The Computer Misuse Act (1990) mentions it clearly that an individual must not do anything on the computer that makes the other person offended, stressed or disturbed. Obscenity of any form shouldn’t be accepted as part of the code of conduct. Social Media: Studies (7) suggest that 16 of the network sites, including Facebook and Twitter are the biggest carriers of network security threats. Such platforms are potential carriers of Malware and Trojans. The security policy must make a clear mention that social media would be allowed but only to a extent that doesn’t compromise the network security. Physical Security: One of the biggest challenges on networking is to keep it from the internal threats. Mostly it is a PAN drive or a software upload that leads to a crash. Students must therefore be asked to
use secondary devices in a safe environment. Moreover the Network Administrator should update the network layer with the most recent versions of Anti-viruses. Network Security is the key to an organization’s sustainable growth. The policy should be comprehensive enough to include the most recent technology and flexible enough to meet the changes. Task 2: GUL is to establish a sister college in the USA. The Data Protection Act 1998 sets specific limitations on the sharing of personal data with any organisation which is based in a country which does not have data protection legislation. The USA does not have a Data Protection Act. Examine the legal implications for this enterprise with reference to the UK Data Protection Act. Information Technology, like a coin, has 2 sides to it. It brings the world’s information to you and makes your life easier. But, on the other side it also puts your own information at risk. ‘Data Protection’ is therefore one very important aspect of the computing world and especially the Academic Institutions need to be more vigilant on this. As the use of IT based resources get more intense, the business processes too have become more machine centric. Today, tonnes of data is sent over the internet for different purposes; it can be academic, business, informative or personal. It runs the risk of getting copied, every time it leaves the computer. The EU Directives on Data Protection Act, 1998 try to address most issues on this concern. First and foremost, the Act sets the ownership of the data and is very tough on the transfer of data, especially outside of the EEA [European Economic Area]. Any organization, like Glyndwr, with an intention to collaborate on business in US territory, needs to have a look on the Data Protection Act, 1998. The Act has it – If the data of European origin is sent across to a country that does not have adequate data protection levels, it would be considered a criminal offense [8]. For an organization like Glyndwr, this might become a big hurdle as US is ‘not’ considered safe on data transfer. EU has it classification of countries based on data privacy and US is identified as third country on this i.e. one that doesn’t have the right levels of data protection. The Act sets out the rules and regulations on data transfer, Grants rights to those who own the data, Regulates the environment on information processing in EU and outside of EU and Supervises the practices and Data Privacy. Data Transfer, outside the EEA can only be affected through:- [9] ...an agreement over the set preconditions those ensure ‘adequate’ level of data protection ...the destination country already has ‘adequate’ level of data protection to match the EU requirements The term ‘adequate’ is derived through– [10]  The source of the data and its destination country
 The profile of the destination country in terms of data privacy and measures on data protection  The purpose of data transfer  The purpose on data processing EU acknowledges only a few countries that take adequate measures on data protection. For Glyndwr University the solution is to adopt the principles on Safe Harbour [8]. - The European Union along with US have devised the principles on Safe Harbour - The Organizations based in US must give consent on providing ‘adequate’ levels of data protection - The Data once transferred will not be subjected to duplication or processing, without the consent of the data subject - The nature of the data, the purpose on transfer and its processing should match the preconditions The Data Protection Act 1998 applies to – computer based records, information recorded on a paper, public authority records and health records [11]. Processing of this data means any conceivable operation on the data, holding, collection and its disclosure. In the present context, the sister concern of Glyndwr will hold a lot research data, academic records, teaching records and sundry financial papers. The University needs to look after every one of these as this data is of significant academic value. Already there are innumerable instances wherein the data has been stolen from the university and has been subjected to reproduction at different platforms. In absence of any legislative framework the University couldn’t even claim ownership on the same. Also, a mismatch on data protection is considered a negative consequence on the reputation of the university. Glyndwr therefore needs to take adequate measures on keeping the data intact. The literature has shown that US is somewhat flexible on data privacy. But, with Safe Harbour in place Glyndwr can go ahead with its plan to have a sister concern in UK. This would however depend on how it proceeds on Safe Harbour Principles:- [12]  Data should belong rightfully to its Data Subject and it transfer to US would be based on the preconditions  Any further processing of data would depend on the consent given by the Data Subject  The purpose on transfer should be legal and clear  The processing of data would be done once or as approved by the data subject  Personal data should be relevant, adequate and match the purpose of processing  Personal data should be up to date and accurate  Personal data shall not be kept with the data subject, beyond the intended purpose  The sister concern would give consent to taking immediate legal action if the data is lost or damaged Glyndwr University, being an academic institution is also involved with research on different subject areas. This makes it imperative to follow, more consciously, the principles on safe harbour. Also, the university gets shielded by any unwarranted interception by any
intelligence service. Safe Harbour outline it clearly - if the parent company is based in UK then any interception in the name of Patriot Act would demand a Court Order [12]. Being a member of Safe Harbour would also mean that any other entity in UK, while dealing with Glyndwr, will have to follow the preconditions on Data Protection. Any deviation would be considered a legal offense and the Directors of the company would be liable for the same. Besides Data Protection the principles on Safe Harbour have inclusions from the Computer Misuse Act 1990 and the IT Act 2000. The sister concern would be liable for handling the data in a responsible way. There would be no duplication of data and it must be referenced right, wherever it gets quoted. Most importantly, the data would be kept unique and changes would be allowed only if the parent company gives consent to it. Alternatively, the University can also follow the Binding Contracts, but they require a lot of formal procedures and preconditions on keeping the data safe. Safe Harbour seems to be an easier and viable option. Task:3 The UK and US Security Services have recently been exposed as (probably legally) monitoring internet and email traffic of their citizens. Discuss the ethical issues involved in these activities, balancing the needs for national security against individual rights to privacy. ‘Privacy’ has attracted a lot of debate and there are studies which believe that reliance on privacy for mass surveillance is justifiably correct [13]. However some do still believe that Privacy is an individual’s necessity and to correlate it with mass surveillance is to intentionally ‘infringe’ into an individual’s rights. Whether or not it is ethically correct should not be the point of discussion. In European Convention, Article 8 has already given an insight into this – both privacy and surveillance are a necessity, but covert state surveillance should be governed by some degree of legal accountability for denying an individual with an inalienable right [14]. 20 years back there was no such clause on the legislation and only recently the Courts have started to take note of this situation. Today NGOs and Government Institutions take collective measurers to call this illegal. The debate started with the installation of CCTV across every corner of our lives and has now reached our communication. If reports are to be believed then US and UK secret services have run covert operations that intentionally run into our lives and violate our privacy. PRISM is one such program where NSA ‘National Security Agency’ tapped the phone calls of UK citizens. Similarly the internet companies were asked by the government officials to reveal details over cloud computing [15]. Washington Post comments that there is nothing that can be classified as personal. Chances are that any NSA official would be browsing through your personal log as you read this. Without making ‘privacy’ anymore complicated the Computer Misuse Act 1990 mentions it categorically – to interfere with an individual’s privacy to data is illegal. This is pretty much an offence and must be substantiated legally. Article 8 is an step towards this as it makes up for the inadequacies of IOCA 1985. European Convention showed its intention to fight for ‘privacy’ when it represented the RIPA Act in 2000. The Regulation of Investigatory Powers Act 2000 had a more dominant role to play on mass surveillance but it had a similar fate as of IOCA. The researchers criticize it to be plain procedural and nothing substantial could be
achieved out of it. Arguably, the protection of liberty for UK citizens is still a big challenge [13]. Earlier, the governments have responded to the legislative vacuum by introducing minimal laws and still privacy remains a nebulous term. On the ethical part, it is unquestionable that privacy is compromised when the security services read your emails, photographs or personal details. The state should at least make the security services liable to explain such an infringement. There should be an explicit statement on what caused this indiscriminate interception. The situation has gotten complicated with the advent of cloud computing. Today the internet is full of data centres were an individual has his personal data stored. Unfortunately, the same data is easily accessible to security firms. Cloud Computing is a form of distributed processing of data through a remote location over the internet [15]. Since the year 2007, the internet industry is largely been dominated by cloud computing. Internet, in its most commercial form has been a profit centre for most businesses, government organizations and academic institutions. Google was the first to discover the potential of cloud computing, followed by Microsoft. By the year 2012 the researchers started to see the problems with cloud computing. LIBE Committee report ‘Protecting privacy and fighting cybercrime’ concludes that US regulations and Cloud computing are serious threats to the data sovereignty of an individual in European Union [16]. Unfortunately, the legislative control is practically incapable to control this. Article 8 has been found to be slightly effective in regulating the surveillance interception but under the strict government control, nothing much could be achieved out of it. The article could only highlight the fact that covert surveillance cannot be stopped but its overt use can be regulated. This is particularly relevant in reference to the Patriot Act. U.S. is known to use the law for reaching out to data which is highly classified or under public domain. A detailed investigation ‘unveils’ the following complications with the privacy issue:-  Unlawful interception of information media has affected both UK and US citizens  A very deficient 4th amendment protection for non-US citizens [17]  Virtually ‘no’ private rights for the non-us citizens  Insensitivity of US authorities over privacy aspect  Cloud computing that further aggravates the problem  Citizen rights are noticeably vulnerable and full of loopholes  Very strong government support to US FISA for acquiring ‘Foreign Intelligence Information’  Insistence on national security over privacy issues  Political non-commitment towards making an effective legislation Apparently, the citizen rights of a US or UK resident are seriously compromised and the most ironical part is that nothing we can do about it. Legislative control cannot be applied as the law in itself is ambiguous. Starting from IOCA to today’s RIPA, nothing significant could be achieved. As the technology has become more intense, the mass surveillance too has become more dominating. Information technology is literally present on every corner of our life and we put our personal information on it without thinking of how much it is ‘public’ to everyone.
Ethically, yes it is wrong to interfere with citizen’s privacy. How much you undermine privacy in the name of national security, it remains an individual’s own right. National security is a concern and needs no compromise but this doesn’t open up privacy for no substantial reasons. Ironically, we have, in black and white, the court order that mandates a warrant for any such act but NSA doesn’t seem to pay any heed to it. Evidently the Computer Misuse Act, 1990 and the Data Protection Act 1998 get reduced to only a formal code of conduct. Task 4 Patent Wars: Samsung vs.Apple: In view of the series of counter-arguments from Samsung, who seeing the wording of this claim thought Apple may ultimately be after Google. Justify your arguments based on copyright design and patent act. In 2011, Apple started a series of legal actions against Samsung, claiming that: “Instead of pursuing independent product development, Samsung has chosen to slavishly copy Apple’s innovative technology, distinctive user interfaces, and elegant and distinctive product and packaging design, in violation of Apple’s valuable intellectual property rights.” Apple’s stand was finally vindicated at one of the U.S. courts and Samsung was held liable for patent infringement. Does this actually do any good to the Patent Act remains unanswered. The literature gives a suggestion: Intellectual Property Rights and Patent Litigation is indeed expensive, but if you look at it properly, it will ultimately look after you........ [18] Greenhalgh explains it more precisely – reaching a court on IP litigation is probably the most expensive way to settle a dispute and one that the system should be designed to avoid [19]. Looking at the post-war analysis it seem right to say that patent reforms are required to drastically improve the system. The UK office describes patent as – A patent is a set of exclusive rights granted by a country to an inventor or their assignee for a limited period of time in exchange for a public disclosure of an invention (ILO). This outlines it clearly that a patent is out of a knowledge domain and holds considerable value for the customers. Fortunately for the patent market today, Apple, Samsung and finally Google COULD unveil the deficiency more prominently than anything else:- 1. Patent Buying The large 2 years have seen an unprecedented rise on the number of patents being bought or sold. Research papers mention – It was never seen in the patent business and what is surprising is the money being invested in buying and selling rights on a patent [20]. Apple alone spent $4.5 billion for buying 6000 patents acceded by Google ($12.5 billion for 17,000 patents). Evidently the buying was done not to promote research, but to protect the existing patents.
Buying patents to prevent existing patents is how the researchers [21] describe this. Google was forced to buy all these patents so as to prevent any further litigation on the Android smartphone segment. This excluded the 2300 IBM Patents in the mobile telephony segment. All this to make sure that claims on patent infringement are registered against Google and still the company is not sure of litigation. In all 153 cases on patent infringement are registered against Google, Apple and Samsung [20]. 2. FRAND ‘Fair Reasonable and Non Discriminatory’ Contrary to the core objective with the patent technology, today the companies use it more for profit maximization. Whenever a patent of standardized technology is granted, the government would expect the technology to be considered ‘standards essential’ and it would be sold on FRAND basis [22]. The intention with such an arrangement is to take the technology to the public and make it affordable too. Unfortunately the companies are not complying with such policy arrangements and selling licenses on higher rates. Apple came face to face with Google on FRAND issue, however the Wisconsin court turned it down. 3. NPEs ‘Non Practising Entities’ One of the major blows to a patent is the introduction of NPEs. Non Practising Entities are firms that doesn’t have any active role on R&D efforts but they are the ones who get the maximum profit out of this [23]. To explain it simply, a patent remains in effect for 20 years into the market but the technology expires within a couple of years. NPEs would buy patents during the later half of the product life cycle and ask for license fees from organizations that have been using the technology for years. The ambiguous description of a patent and its approval process has allowed the NPEs to flourish in the market. The reports [23] reveal that the today a patent gets approved without much substantiation on research. Just a dubious conceptualization and application of thought is enough to get a patent registered. Probably the procedure was to take the patent technology to as many people. Much to the discontent of the Patent administrators the NPEs started to use this aspect of a patent to their benefit. As discussed earlier the large 2 years have seen an unprecedented rise on the number of patents being bought or sold. Research papers mention – It was never seen in the patent business and what is surprising is the money being invested in buying and selling rights on a patent. Apple alone spent $4.5 billion for buying 6000 patents acceded by Google ($12.5 billion for 17,000 patents). NPEs get all the blame for all this unscheduled investment. Evidently, a patent needs reforms in terms of product description, research backup and application into the market [24]. There has to be a more accurate description of the technology so that it doesn’t ‘infringe’ technology of any other domain. Any confusion can be sorted very early and without any patent litigation. It is said that Apple has spent twice as much amount on its R&D allocations, to the patent lawyers. The same money could have gone easily to the R&D initiatives. Unfortunately, a small infringement on the technology pulled the entire industry into the ring. It is therefore better that every patent gets the right description for its market. To quote it once more – reaching a court on IP litigation is probably the most expensive way to settle a dispute and one that the system should be designed to avoid. The system on patent needs to refurbish some of its processes and especially the one on commercialization of a
technology. FRAND should be observed more frequently into the market, Companies should be able to defend against NPEs and the approval process should be made more specific. No overlapping on any aspect of technology should lead to indiscriminate spend of money. R&D should see the most investment.
REFERENCES 1. Saadat M. Network Security Principles and Practices (CCIE Professional Development) (CCIE Professional Development) (Hardcover) [M].Cisco Press, 2007: 52-78 2. William S. Network Security Essentials: Applications and Standards (3rd Edition) (Paperback) [M]. Oxford: Blackwell business, 2006: 15-47. 3. Mark R, Roberta B, Keith S. Network Security: The Complete Reference [M]. Osborne:McGraw-Hill Osborne Media, 2003-11-17. 4. Kwot T.Fung Network Security Technologies, Second Edition [M]. AUERBACH,2004/10/28, 11-123. 5. Joel S, Stuart M, George K. Hacking Exposed: Network Security Secrets & Solutions [M]. McGraw-Hill, April 2005:23-126. 6. B. Harris , R . Hunt. TCP 1 IP security threats and attack methods .Computer Communications, 1999, (22) :Page.885-897 7. Venter H S, Eloff J H P. Data packet intercepting on the internet : how and why? A closer look at existing data packet -intercepting tools .Computers & Security, 1998, 17(3) :683-692 8. Salbu, supra note 8; University of Minnesota, Directing Digital Dataflows: The EU Privacy Directive and American Communication Practices, available at www.isc.umn.edu/research/papers/EUdatadirective.pdf. 9. Struggle Continues with EU Personal Data Protection Directive, EURO-WATCH, Jan. 15, 1999, at 1. 10. Vera Bergelson, It’s Personal But Is It Mine? Toward Property Rights in Personal Information, 37 U.C. DAVIS L. REV. 379, 396 (2003). 11. Rehder & Erika Collins, “The Legal Transfer of Employment-Related Data to Outside the EU: Is It Still Even Possible?”, 39 INT’L L. 129, 133 (2005). 12. Standard Application for Approval of Binding Corporate Rules, 135. available at www.iccwbo.org/uploadedFiles/ICC/policy/e- business/pages/Standard_Application_for_Approval_of_BCRs.pdf. 13. Fenwick, H. (2002) Civil Liberties and Human Rights. (3rd ed.) London: Cavendish 14. Article 29 Working Party, Letter from the Chairman to Mrs Reding regarding the PRISM program 13th August 2013 15. Walden, Ian (2011), Accessing Data in the Cloud: The Long Arm of the Law Enforcement Agent, QMUL Cloud Legal Project, Research Paper No. 74/2011 16. Lyon, D. (2001) Surveillance Society: Monitoring Everyday Life. Buckingham: Open University Press. 17. Nissenbaum, H. (1998) Protecting Privacy in an Information Age: The Problem of Privacy in Public. Law and Philosophy, 17: 559-596.
18. Phillips, Jeremy (2006): ‘IP Litigation, the New Money-Spinner,’ Editorial, Journal of Intellectual Property Law & Practice, Vol. 1, No. 8, pp. 497. 19. Greenhalgh, Christine, Jeremy Philips, Robert Pitkethly, Mark Rogers, and Joshua Tomalin (2010): ‘Intellectual Property Enforcement in Smaller UK Firms,’ Report for the Strategy Advisory Board for Intellectual Property Policy (SABIP). 20. Berkeley Technology Law Journal, Vol. 27:209, p. 213 (2012) (citing C. Chien, A Race to the Bottom, Intellectual Asset Management, Jan.–Feb. 2012, at 13–14) 21. Supercharging Android: Google to Acquire Motorola Mobility, Official Google Blog (Aug. 15, 2011, 12:52 PM), http://googleblog.blogspot.com/2011/08/ supercharging- android-google-to-acquire.html 22. Ashby Jones, “So What’s Up With this Apple/Google Lawsuit?” The Wall Street Journal, March 30, 2010, 23. Yukari Iwatani Kane and Ian Sherr, “Apple: Samsung Copied Design,” The Wall Street Journal, April 19, 2011, 24. Apple Inc., Business Conduct: The way we do business worldwide, 2010, http://files.shareholder.com/downloads/AAPL/1283312876x0x443008/5f38b1e6- 2f9c-4518-b691-13a29ac90501/business_conduct_policy.pdf
GUL Network Infrastructure

Recomendados

Forensics
ForensicsForensics
ForensicsLaura Aviles
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital FirmMohamad Fathi
 
Network Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaNetwork Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaINFOGAIN PUBLICATION
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MISAmirul Shafiq Ahmad Zuperi
 
Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Editor IJCATR
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorKhalizan Halid
 

Recomendados

Forensics
ForensicsForensics
ForensicsLaura Aviles
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital FirmMohamad Fathi
 
Network Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaNetwork Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaINFOGAIN PUBLICATION
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MISAmirul Shafiq Ahmad Zuperi
 
Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Editor IJCATR
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorKhalizan Halid
 
OCR cybersecurity
OCR cybersecurityOCR cybersecurity
OCR cybersecurityUIUC Corporate Relations
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issuesDhani Ahmad
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2PT Bank Syariah Mandiri
 
Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security Sammer Qader
 
Computer security and_privacy
Computer security and_privacyComputer security and_privacy
Computer security and_privacythinkict
 
CIPA Compliance Information
CIPA Compliance InformationCIPA Compliance Information
CIPA Compliance InformationTũi Wichets
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Ch.8[1]
Ch.8[1]Ch.8[1]
Ch.8[1]Leslee
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Mohan C. de SILVA
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Malaysia University of Science and Technology (MUST)
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3Asad Zaman
 
Information systems security_awareness_fy10
Information systems security_awareness_fy10Information systems security_awareness_fy10
Information systems security_awareness_fy10Wesen Tegegne
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorKnowledge Group
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy Dguest34b014
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Cisco Service Provider Mobility
 

Más contenido relacionado

La actualidad más candente

Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issuesDhani Ahmad
 
Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security Sammer Qader
 
Computer security and_privacy
Computer security and_privacyComputer security and_privacy
Computer security and_privacythinkict
 
CIPA Compliance Information
CIPA Compliance InformationCIPA Compliance Information
CIPA Compliance InformationTũi Wichets
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Mohan C. de SILVA
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3Asad Zaman
 
Information systems security_awareness_fy10
Information systems security_awareness_fy10Information systems security_awareness_fy10
Information systems security_awareness_fy10Wesen Tegegne
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorKnowledge Group
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy Dguest34b014
 

La actualidad más candente (20)

OCR cybersecurity
OCR cybersecurityOCR cybersecurity
OCR cybersecurity
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issues
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2
 
Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security
 
Computer security and_privacy
Computer security and_privacyComputer security and_privacy
Computer security and_privacy
 
CIPA Compliance Information
CIPA Compliance InformationCIPA Compliance Information
CIPA Compliance Information
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
 
Ch.8[1]
Ch.8[1]Ch.8[1]
Ch.8[1]
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
 
Information systems security_awareness_fy10
Information systems security_awareness_fy10Information systems security_awareness_fy10
Information systems security_awareness_fy10
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip Victor
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy D
 

Similar a GUL Network Infrastructure

AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policyeverestsky66
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsSimeon Ogao
 
I want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdfI want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdfamitkhanna2070
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organizationMohammed Mahfouz Alhassan
 
SECURING THE WEB DOMAIN BASED ON HASHING
SECURING THE WEB DOMAIN BASED ON HASHINGSECURING THE WEB DOMAIN BASED ON HASHING
SECURING THE WEB DOMAIN BASED ON HASHINGAM Publications
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
 
Security and Privacy of Big Data in Mobile Devices
Security and Privacy of Big Data in Mobile DevicesSecurity and Privacy of Big Data in Mobile Devices
Security and Privacy of Big Data in Mobile DevicesIOSRjournaljce
 
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...AI Publications
 

Similar a GUL Network Infrastructure (20)

AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policy
 
Ethiopia reba paper
Ethiopia reba paperEthiopia reba paper
Ethiopia reba paper
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
 
I want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdfI want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdf
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organization
 
820 1961-1-pb
820 1961-1-pb820 1961-1-pb
820 1961-1-pb
 
Cyber Security.pptx
Cyber Security.pptxCyber Security.pptx
Cyber Security.pptx
 
SECURING THE WEB DOMAIN BASED ON HASHING
SECURING THE WEB DOMAIN BASED ON HASHINGSECURING THE WEB DOMAIN BASED ON HASHING
SECURING THE WEB DOMAIN BASED ON HASHING
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Security
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
Ijcatr04061002
Ijcatr04061002Ijcatr04061002
Ijcatr04061002
 
Security and Privacy of Big Data in Mobile Devices
Security and Privacy of Big Data in Mobile DevicesSecurity and Privacy of Big Data in Mobile Devices
Security and Privacy of Big Data in Mobile Devices
 
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
 

GUL Network Infrastructure

  • 1. GLYNDWR UNIVERSITY’S SECURITY NETWORK INFRASTRUCTURE Task 1: Prepare a security policy document for Information and Communication Technology (ICT) use in GUL. NETWORK of a university is what connects its students to the plethora of information at different knowledge domains. Its significance lies in the fact that students allocate more time on on-line study than the class. Besides the lecture, the students do also show an equal participation on UGC ‘User Generated Content’ over the net. Network is therefore a prerequisite on university campus, followed by its security. The ICT infrastructure of Glyndwr is what provides a seamless access on information to its students. Unfortunately it runs a very high risk of getting tampered, hacked, attacked or violated. Universities and Government Installations are the soft targets for hackers as the data has a huge commercial value [1]. While drafting the security policy of Glyndwr, it becomes imperative to include everything that makes it robust. It all starts with identifying the core areas on work:- Currently, the university has a separate computer room where the students can use the internet to learn more about the subject. Every student can directly access the internet without any user authentication. This poses a big problem for the university network as an unbarred entry makes the system vulnerable to external threats [2]. There has to be a Unified Software Management that keeps everything centralised – user registration, login details and purpose of visit. In its present state, it is very easy for any student or user to unknowingly upload a virus into the system. The losses incurred for reasons of system crash or break-down run in millions and no university can afford this [3]. Question is also raised over the network performance as it fails to meet the bandwidth demand during the peak hours. Having a centralised server should keep the system simple and ‘unadulterated’. Password Setting should be the first barrier on entry [3]. The network would remain safe only when the key is held responsibly. Every student needs to be provided a login ID as his or her key to the system. The IT Administrator also needs to define the rights for each user. This however depends on the ‘purpose’ that each user has with the system. Students use the system primarily for information and the staff would use it for keeping records. Separate logins for each person would improve traceability and any malicious activity can be instantly spotted. The studies [4] indicate that a lot of students disclose their passwords to other individuals. This is a serious compromise with the security of the network. Biometrics based identification can be a feasible strategy to remove such inadequacies with the system. Also, the university needs to upgrade its networking abilities to match the present technology. It is suggested that routers are used for connecting the campus with internet. Also, WiFi and WiMax can be installed for providing a ubiquitous service on internet facilities [5]. This is expected to bring the burden down on the infrastructure as the students can use their PDA
  • 2. devices or laptops to surf the net. It is however recommended that the network runs on a very agile anti-virus; one that keeps the viruses from entering the system. The unified software solution should be able to adapt with the different technologies – Firewall, Encryption, VLAN ‘Virtual Exchange Network’, Virtual Private Network and PKI. Also there should be a formal code of conduct on using the secondary devices on the main server. However for the administrator to achieve excellence on network security, the applications should be combined well with anti-viruses – Gateway antivirus, Stand alone antivirus and Server antivirus. Password protected user authentication would keep the system from external threats and anti-viruses would keep the system from internal threats. Also, there has to be an effective control strategy on every layer – Access Control Policy, Operation Control Policy, Network Access Control Policy and Directory Access Control. All the control mechanisms should be complemented with Information Encryption. Using encryption algorithm would make sure that no unauthorised person makes an entry into the system. After an investigation into the core areas, it is time to segregate the different functions to redefine the security policy in its newer version:- Password Authentication: Every student needs to be provided a login ID as his or her key to the system. The IT Administrator also needs to define the rights for each user. Software Licenses: There should be no room for any unlicensed installation in the university campus. Every software and device driver needs to be bought directly from the vendor and with a facility of auto-update. Access to Computer System; Access should be based on the ‘rights’ for the different user groups. As part of the Computer Misuse Act the students shouldn’t be allowed to interfere with other user’s work area and also the network resources should be distributed on each layer. This should keep the different user groups separate from each other. Obscenity: The Computer Misuse Act (1990) mentions it clearly that an individual must not do anything on the computer that makes the other person offended, stressed or disturbed. Obscenity of any form shouldn’t be accepted as part of the code of conduct. Social Media: Studies (7) suggest that 16 of the network sites, including Facebook and Twitter are the biggest carriers of network security threats. Such platforms are potential carriers of Malware and Trojans. The security policy must make a clear mention that social media would be allowed but only to a extent that doesn’t compromise the network security. Physical Security: One of the biggest challenges on networking is to keep it from the internal threats. Mostly it is a PAN drive or a software upload that leads to a crash. Students must therefore be asked to
  • 3. use secondary devices in a safe environment. Moreover the Network Administrator should update the network layer with the most recent versions of Anti-viruses. Network Security is the key to an organization’s sustainable growth. The policy should be comprehensive enough to include the most recent technology and flexible enough to meet the changes. Task 2: GUL is to establish a sister college in the USA. The Data Protection Act 1998 sets specific limitations on the sharing of personal data with any organisation which is based in a country which does not have data protection legislation. The USA does not have a Data Protection Act. Examine the legal implications for this enterprise with reference to the UK Data Protection Act. Information Technology, like a coin, has 2 sides to it. It brings the world’s information to you and makes your life easier. But, on the other side it also puts your own information at risk. ‘Data Protection’ is therefore one very important aspect of the computing world and especially the Academic Institutions need to be more vigilant on this. As the use of IT based resources get more intense, the business processes too have become more machine centric. Today, tonnes of data is sent over the internet for different purposes; it can be academic, business, informative or personal. It runs the risk of getting copied, every time it leaves the computer. The EU Directives on Data Protection Act, 1998 try to address most issues on this concern. First and foremost, the Act sets the ownership of the data and is very tough on the transfer of data, especially outside of the EEA [European Economic Area]. Any organization, like Glyndwr, with an intention to collaborate on business in US territory, needs to have a look on the Data Protection Act, 1998. The Act has it – If the data of European origin is sent across to a country that does not have adequate data protection levels, it would be considered a criminal offense [8]. For an organization like Glyndwr, this might become a big hurdle as US is ‘not’ considered safe on data transfer. EU has it classification of countries based on data privacy and US is identified as third country on this i.e. one that doesn’t have the right levels of data protection. The Act sets out the rules and regulations on data transfer, Grants rights to those who own the data, Regulates the environment on information processing in EU and outside of EU and Supervises the practices and Data Privacy. Data Transfer, outside the EEA can only be affected through:- [9] ...an agreement over the set preconditions those ensure ‘adequate’ level of data protection ...the destination country already has ‘adequate’ level of data protection to match the EU requirements The term ‘adequate’ is derived through– [10]  The source of the data and its destination country
  • 4.  The profile of the destination country in terms of data privacy and measures on data protection  The purpose of data transfer  The purpose on data processing EU acknowledges only a few countries that take adequate measures on data protection. For Glyndwr University the solution is to adopt the principles on Safe Harbour [8]. - The European Union along with US have devised the principles on Safe Harbour - The Organizations based in US must give consent on providing ‘adequate’ levels of data protection - The Data once transferred will not be subjected to duplication or processing, without the consent of the data subject - The nature of the data, the purpose on transfer and its processing should match the preconditions The Data Protection Act 1998 applies to – computer based records, information recorded on a paper, public authority records and health records [11]. Processing of this data means any conceivable operation on the data, holding, collection and its disclosure. In the present context, the sister concern of Glyndwr will hold a lot research data, academic records, teaching records and sundry financial papers. The University needs to look after every one of these as this data is of significant academic value. Already there are innumerable instances wherein the data has been stolen from the university and has been subjected to reproduction at different platforms. In absence of any legislative framework the University couldn’t even claim ownership on the same. Also, a mismatch on data protection is considered a negative consequence on the reputation of the university. Glyndwr therefore needs to take adequate measures on keeping the data intact. The literature has shown that US is somewhat flexible on data privacy. But, with Safe Harbour in place Glyndwr can go ahead with its plan to have a sister concern in UK. This would however depend on how it proceeds on Safe Harbour Principles:- [12]  Data should belong rightfully to its Data Subject and it transfer to US would be based on the preconditions  Any further processing of data would depend on the consent given by the Data Subject  The purpose on transfer should be legal and clear  The processing of data would be done once or as approved by the data subject  Personal data should be relevant, adequate and match the purpose of processing  Personal data should be up to date and accurate  Personal data shall not be kept with the data subject, beyond the intended purpose  The sister concern would give consent to taking immediate legal action if the data is lost or damaged Glyndwr University, being an academic institution is also involved with research on different subject areas. This makes it imperative to follow, more consciously, the principles on safe harbour. Also, the university gets shielded by any unwarranted interception by any
  • 5. intelligence service. Safe Harbour outline it clearly - if the parent company is based in UK then any interception in the name of Patriot Act would demand a Court Order [12]. Being a member of Safe Harbour would also mean that any other entity in UK, while dealing with Glyndwr, will have to follow the preconditions on Data Protection. Any deviation would be considered a legal offense and the Directors of the company would be liable for the same. Besides Data Protection the principles on Safe Harbour have inclusions from the Computer Misuse Act 1990 and the IT Act 2000. The sister concern would be liable for handling the data in a responsible way. There would be no duplication of data and it must be referenced right, wherever it gets quoted. Most importantly, the data would be kept unique and changes would be allowed only if the parent company gives consent to it. Alternatively, the University can also follow the Binding Contracts, but they require a lot of formal procedures and preconditions on keeping the data safe. Safe Harbour seems to be an easier and viable option. Task:3 The UK and US Security Services have recently been exposed as (probably legally) monitoring internet and email traffic of their citizens. Discuss the ethical issues involved in these activities, balancing the needs for national security against individual rights to privacy. ‘Privacy’ has attracted a lot of debate and there are studies which believe that reliance on privacy for mass surveillance is justifiably correct [13]. However some do still believe that Privacy is an individual’s necessity and to correlate it with mass surveillance is to intentionally ‘infringe’ into an individual’s rights. Whether or not it is ethically correct should not be the point of discussion. In European Convention, Article 8 has already given an insight into this – both privacy and surveillance are a necessity, but covert state surveillance should be governed by some degree of legal accountability for denying an individual with an inalienable right [14]. 20 years back there was no such clause on the legislation and only recently the Courts have started to take note of this situation. Today NGOs and Government Institutions take collective measurers to call this illegal. The debate started with the installation of CCTV across every corner of our lives and has now reached our communication. If reports are to be believed then US and UK secret services have run covert operations that intentionally run into our lives and violate our privacy. PRISM is one such program where NSA ‘National Security Agency’ tapped the phone calls of UK citizens. Similarly the internet companies were asked by the government officials to reveal details over cloud computing [15]. Washington Post comments that there is nothing that can be classified as personal. Chances are that any NSA official would be browsing through your personal log as you read this. Without making ‘privacy’ anymore complicated the Computer Misuse Act 1990 mentions it categorically – to interfere with an individual’s privacy to data is illegal. This is pretty much an offence and must be substantiated legally. Article 8 is an step towards this as it makes up for the inadequacies of IOCA 1985. European Convention showed its intention to fight for ‘privacy’ when it represented the RIPA Act in 2000. The Regulation of Investigatory Powers Act 2000 had a more dominant role to play on mass surveillance but it had a similar fate as of IOCA. The researchers criticize it to be plain procedural and nothing substantial could be
  • 6. achieved out of it. Arguably, the protection of liberty for UK citizens is still a big challenge [13]. Earlier, the governments have responded to the legislative vacuum by introducing minimal laws and still privacy remains a nebulous term. On the ethical part, it is unquestionable that privacy is compromised when the security services read your emails, photographs or personal details. The state should at least make the security services liable to explain such an infringement. There should be an explicit statement on what caused this indiscriminate interception. The situation has gotten complicated with the advent of cloud computing. Today the internet is full of data centres were an individual has his personal data stored. Unfortunately, the same data is easily accessible to security firms. Cloud Computing is a form of distributed processing of data through a remote location over the internet [15]. Since the year 2007, the internet industry is largely been dominated by cloud computing. Internet, in its most commercial form has been a profit centre for most businesses, government organizations and academic institutions. Google was the first to discover the potential of cloud computing, followed by Microsoft. By the year 2012 the researchers started to see the problems with cloud computing. LIBE Committee report ‘Protecting privacy and fighting cybercrime’ concludes that US regulations and Cloud computing are serious threats to the data sovereignty of an individual in European Union [16]. Unfortunately, the legislative control is practically incapable to control this. Article 8 has been found to be slightly effective in regulating the surveillance interception but under the strict government control, nothing much could be achieved out of it. The article could only highlight the fact that covert surveillance cannot be stopped but its overt use can be regulated. This is particularly relevant in reference to the Patriot Act. U.S. is known to use the law for reaching out to data which is highly classified or under public domain. A detailed investigation ‘unveils’ the following complications with the privacy issue:-  Unlawful interception of information media has affected both UK and US citizens  A very deficient 4th amendment protection for non-US citizens [17]  Virtually ‘no’ private rights for the non-us citizens  Insensitivity of US authorities over privacy aspect  Cloud computing that further aggravates the problem  Citizen rights are noticeably vulnerable and full of loopholes  Very strong government support to US FISA for acquiring ‘Foreign Intelligence Information’  Insistence on national security over privacy issues  Political non-commitment towards making an effective legislation Apparently, the citizen rights of a US or UK resident are seriously compromised and the most ironical part is that nothing we can do about it. Legislative control cannot be applied as the law in itself is ambiguous. Starting from IOCA to today’s RIPA, nothing significant could be achieved. As the technology has become more intense, the mass surveillance too has become more dominating. Information technology is literally present on every corner of our life and we put our personal information on it without thinking of how much it is ‘public’ to everyone.
  • 7. Ethically, yes it is wrong to interfere with citizen’s privacy. How much you undermine privacy in the name of national security, it remains an individual’s own right. National security is a concern and needs no compromise but this doesn’t open up privacy for no substantial reasons. Ironically, we have, in black and white, the court order that mandates a warrant for any such act but NSA doesn’t seem to pay any heed to it. Evidently the Computer Misuse Act, 1990 and the Data Protection Act 1998 get reduced to only a formal code of conduct. Task 4 Patent Wars: Samsung vs.Apple: In view of the series of counter-arguments from Samsung, who seeing the wording of this claim thought Apple may ultimately be after Google. Justify your arguments based on copyright design and patent act. In 2011, Apple started a series of legal actions against Samsung, claiming that: “Instead of pursuing independent product development, Samsung has chosen to slavishly copy Apple’s innovative technology, distinctive user interfaces, and elegant and distinctive product and packaging design, in violation of Apple’s valuable intellectual property rights.” Apple’s stand was finally vindicated at one of the U.S. courts and Samsung was held liable for patent infringement. Does this actually do any good to the Patent Act remains unanswered. The literature gives a suggestion: Intellectual Property Rights and Patent Litigation is indeed expensive, but if you look at it properly, it will ultimately look after you........ [18] Greenhalgh explains it more precisely – reaching a court on IP litigation is probably the most expensive way to settle a dispute and one that the system should be designed to avoid [19]. Looking at the post-war analysis it seem right to say that patent reforms are required to drastically improve the system. The UK office describes patent as – A patent is a set of exclusive rights granted by a country to an inventor or their assignee for a limited period of time in exchange for a public disclosure of an invention (ILO). This outlines it clearly that a patent is out of a knowledge domain and holds considerable value for the customers. Fortunately for the patent market today, Apple, Samsung and finally Google COULD unveil the deficiency more prominently than anything else:- 1. Patent Buying The large 2 years have seen an unprecedented rise on the number of patents being bought or sold. Research papers mention – It was never seen in the patent business and what is surprising is the money being invested in buying and selling rights on a patent [20]. Apple alone spent $4.5 billion for buying 6000 patents acceded by Google ($12.5 billion for 17,000 patents). Evidently the buying was done not to promote research, but to protect the existing patents.
  • 8. Buying patents to prevent existing patents is how the researchers [21] describe this. Google was forced to buy all these patents so as to prevent any further litigation on the Android smartphone segment. This excluded the 2300 IBM Patents in the mobile telephony segment. All this to make sure that claims on patent infringement are registered against Google and still the company is not sure of litigation. In all 153 cases on patent infringement are registered against Google, Apple and Samsung [20]. 2. FRAND ‘Fair Reasonable and Non Discriminatory’ Contrary to the core objective with the patent technology, today the companies use it more for profit maximization. Whenever a patent of standardized technology is granted, the government would expect the technology to be considered ‘standards essential’ and it would be sold on FRAND basis [22]. The intention with such an arrangement is to take the technology to the public and make it affordable too. Unfortunately the companies are not complying with such policy arrangements and selling licenses on higher rates. Apple came face to face with Google on FRAND issue, however the Wisconsin court turned it down. 3. NPEs ‘Non Practising Entities’ One of the major blows to a patent is the introduction of NPEs. Non Practising Entities are firms that doesn’t have any active role on R&D efforts but they are the ones who get the maximum profit out of this [23]. To explain it simply, a patent remains in effect for 20 years into the market but the technology expires within a couple of years. NPEs would buy patents during the later half of the product life cycle and ask for license fees from organizations that have been using the technology for years. The ambiguous description of a patent and its approval process has allowed the NPEs to flourish in the market. The reports [23] reveal that the today a patent gets approved without much substantiation on research. Just a dubious conceptualization and application of thought is enough to get a patent registered. Probably the procedure was to take the patent technology to as many people. Much to the discontent of the Patent administrators the NPEs started to use this aspect of a patent to their benefit. As discussed earlier the large 2 years have seen an unprecedented rise on the number of patents being bought or sold. Research papers mention – It was never seen in the patent business and what is surprising is the money being invested in buying and selling rights on a patent. Apple alone spent $4.5 billion for buying 6000 patents acceded by Google ($12.5 billion for 17,000 patents). NPEs get all the blame for all this unscheduled investment. Evidently, a patent needs reforms in terms of product description, research backup and application into the market [24]. There has to be a more accurate description of the technology so that it doesn’t ‘infringe’ technology of any other domain. Any confusion can be sorted very early and without any patent litigation. It is said that Apple has spent twice as much amount on its R&D allocations, to the patent lawyers. The same money could have gone easily to the R&D initiatives. Unfortunately, a small infringement on the technology pulled the entire industry into the ring. It is therefore better that every patent gets the right description for its market. To quote it once more – reaching a court on IP litigation is probably the most expensive way to settle a dispute and one that the system should be designed to avoid. The system on patent needs to refurbish some of its processes and especially the one on commercialization of a
  • 9. technology. FRAND should be observed more frequently into the market, Companies should be able to defend against NPEs and the approval process should be made more specific. No overlapping on any aspect of technology should lead to indiscriminate spend of money. R&D should see the most investment.
  • 10. REFERENCES 1. Saadat M. Network Security Principles and Practices (CCIE Professional Development) (CCIE Professional Development) (Hardcover) [M].Cisco Press, 2007: 52-78 2. William S. Network Security Essentials: Applications and Standards (3rd Edition) (Paperback) [M]. Oxford: Blackwell business, 2006: 15-47. 3. Mark R, Roberta B, Keith S. Network Security: The Complete Reference [M]. Osborne:McGraw-Hill Osborne Media, 2003-11-17. 4. Kwot T.Fung Network Security Technologies, Second Edition [M]. AUERBACH,2004/10/28, 11-123. 5. Joel S, Stuart M, George K. Hacking Exposed: Network Security Secrets & Solutions [M]. McGraw-Hill, April 2005:23-126. 6. B. Harris , R . Hunt. TCP 1 IP security threats and attack methods .Computer Communications, 1999, (22) :Page.885-897 7. Venter H S, Eloff J H P. Data packet intercepting on the internet : how and why? A closer look at existing data packet -intercepting tools .Computers & Security, 1998, 17(3) :683-692 8. Salbu, supra note 8; University of Minnesota, Directing Digital Dataflows: The EU Privacy Directive and American Communication Practices, available at www.isc.umn.edu/research/papers/EUdatadirective.pdf. 9. Struggle Continues with EU Personal Data Protection Directive, EURO-WATCH, Jan. 15, 1999, at 1. 10. Vera Bergelson, It’s Personal But Is It Mine? Toward Property Rights in Personal Information, 37 U.C. DAVIS L. REV. 379, 396 (2003). 11. Rehder & Erika Collins, “The Legal Transfer of Employment-Related Data to Outside the EU: Is It Still Even Possible?”, 39 INT’L L. 129, 133 (2005). 12. Standard Application for Approval of Binding Corporate Rules, 135. available at www.iccwbo.org/uploadedFiles/ICC/policy/e- business/pages/Standard_Application_for_Approval_of_BCRs.pdf. 13. Fenwick, H. (2002) Civil Liberties and Human Rights. (3rd ed.) London: Cavendish 14. Article 29 Working Party, Letter from the Chairman to Mrs Reding regarding the PRISM program 13th August 2013 15. Walden, Ian (2011), Accessing Data in the Cloud: The Long Arm of the Law Enforcement Agent, QMUL Cloud Legal Project, Research Paper No. 74/2011 16. Lyon, D. (2001) Surveillance Society: Monitoring Everyday Life. Buckingham: Open University Press. 17. Nissenbaum, H. (1998) Protecting Privacy in an Information Age: The Problem of Privacy in Public. Law and Philosophy, 17: 559-596.
  • 11. 18. Phillips, Jeremy (2006): ‘IP Litigation, the New Money-Spinner,’ Editorial, Journal of Intellectual Property Law & Practice, Vol. 1, No. 8, pp. 497. 19. Greenhalgh, Christine, Jeremy Philips, Robert Pitkethly, Mark Rogers, and Joshua Tomalin (2010): ‘Intellectual Property Enforcement in Smaller UK Firms,’ Report for the Strategy Advisory Board for Intellectual Property Policy (SABIP). 20. Berkeley Technology Law Journal, Vol. 27:209, p. 213 (2012) (citing C. Chien, A Race to the Bottom, Intellectual Asset Management, Jan.–Feb. 2012, at 13–14) 21. Supercharging Android: Google to Acquire Motorola Mobility, Official Google Blog (Aug. 15, 2011, 12:52 PM), http://googleblog.blogspot.com/2011/08/ supercharging- android-google-to-acquire.html 22. Ashby Jones, “So What’s Up With this Apple/Google Lawsuit?” The Wall Street Journal, March 30, 2010, 23. Yukari Iwatani Kane and Ian Sherr, “Apple: Samsung Copied Design,” The Wall Street Journal, April 19, 2011, 24. Apple Inc., Business Conduct: The way we do business worldwide, 2010, http://files.shareholder.com/downloads/AAPL/1283312876x0x443008/5f38b1e6- 2f9c-4518-b691-13a29ac90501/business_conduct_policy.pdf