Internet

Digital Rights Management - Part IV

IPR protection requirements shape complex and challenging management issues. Audio and visual material protection is especially problematic due to the existence of the various known vulnerabilities, and there are even suggestions that effective DRM is logically impossible. Common techniques for audio and video file infringement include unlawful interception, decryption, reverse engineering, authentication manipulation, and analog format capture. Therefore, additional information asset protection mechanisms are required to ensure adequate safeguarding controls, such as instituting continuous security improvement plans for IPR information.

“View Part I of the Digital Rights Management series here“

Digital Rights Management - Part III

As previously stated, DRM software is generally considered an access control technology deployed to limit unauthorized usage. However, arguably, a technology cannot in principle, know what legal restrictions and rights apply in a specific jurisdiction, allowable usage context, contractual conditions, or the individual author, owner, or publisher without human intervention. Therefore, as with other information assets protection related software, vulnerabilities may exist that can be exploited by unscrupulous or curious individuals.

Even if adequate IPR security protection is deployed, based on the laws of judgmental probability, widely-used DRM systems eventually yield to hackers and crackers intent on defeating or circumventing deployed access controls. Supporting this projected outcome is Internet advertised software allowing DRM circumvention. However, those with an interest in preserving DRM systems have attempted to initiate proceeding restricting the distribution and development of information piracy enabled software.

“View Part I of the Digital Rights Management series here“

Digital Rights Management - Part II

Intellectual property protection has ushered in an era of technological solutions that attempt to prevent asserted rights infringement. Digital Rights Management (DRM) can be considered a response to legal requirements which criminalize the production and dissemination of technology that allows individuals to circumvent technical copy-restriction methods. Specifically, as a preventive control, DRM software usually manages the downloading of sound files, movies, and other copyrighted materials through diverse security features. Globally, DRM systems have received international legal reinforcement through the World Intellectual Property Organization (WIPO) Copyright Treaty (WCT) and the World Trade Organization (WTO) Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) national implementations.

“View Part I of the Digital Rights Management series here“

Digital Rights Management - Part I

Intellectual property right (IPR) issues affect Information Security Governance as well as Internet Governance deployments through a direct impact on ‘ Trust Management ‘. Since knowledge and ideas are an important part of cultural heritage, social interaction and business transactions, they retain a special value for many societies. Logically, if the associated electronically formatted information is valued, preventive and detective measures are necessary to ensure minimum organizational impact from an IPR security breach.

Electronic Commerce - Part IV

EDI is commonly defined as the transfer of data between different companies utilizing networks. For the vast majority of entities, enhanced transactional traceability, reliability, and accessibility are derived EDI benefits; but without appropriate controls, communication interdependency can elevate legal, security and operational risks. As an accepted remedial risk measure, public key infrastructure (PKI) is the primary technological resource permitting E-commerce portable trust. However, to achieve E-commerce security transparency requires an appropriate trading partner compatibility solution that addresses various entity-centric encryption and digital signature techniques.

“View Part I of the Electronic Commerce series here“

Electronic Commerce - Part III

EDI between trading partners can be interpreted as legally binding contracts. For instance, when a transaction is initiated by one of the trading partners, such as a purchase order, it constitutes an “offer”. In turn, if a trading partner agrees to supply the merchandise requested, it normally is considered “acceptance” of the offer. Thus, interpretively, under the U.S. Uniform Commercial Code a contract between buyer and seller is established.

Regarding effective security, two topics have gained notoriety: managerial ease and portable trust. Managerial ease focuses on making the security infrastructure’s integration and utilization with various applications transparent to enable adoption by trading parties. Portable trust supports telecommunication links with external parties through faith in resource authorizations and reliable message delivery. Inadvertent data loss during transmission reduces the cost savings generally associated with EDI deployment. Furthermore, message integrity issues can jeopardize connectivity status.

“View Part I of the Electronic Commerce series here“

Electronic Commerce - Part II

Delineated, B2B is E-commerce between discernibly distinct entities. B2B links enable the exchange of products, services, or information between entities. Cascading down, Electronic Data Interchange (EDI) methodologies are the precursors and pillars of Internet integrated B2B relationships. Depending on activity frequency and application, EDI control risk can become material. Where EDI is implemented, lack of direction, reliance on third parties, and system dependencies potentially expose an entity to additional legal, security, and operational risks.

“View Part I of the Electronic Commerce series here“

Electronic Commerce - Part I

With an ever-increasing number of organizations and individuals relying on the Internet to exchange confidential and sensitive information, adequate message security continues to be a technological management concern. Serviceable standard electronic commerce (E-commerce) models include Business-to-Business (B2B), Business-to-Consumer (B2C), Business-to-Employee (B2E), and Business-to-Government (B2G) architectures. In order to programmatically manage E-commerce related IT security risks, management must designate an information assets protection perimeter. Axiomatically, the primary purpose of establishing a security perimeter is to provide a defined ambit for entity-centric policies and safeguards. However, with the advent of E-commerce, erecting layered protective barriers that preserve IT configurations can introduce a tactical security quagmire.