We have been looking into intellectual property law in brief this month, with an eye towards IP as a part of security. This series kicked off when The Copyright Society of the USA declared April as Copyright Awareness month. If you missed the beginning of this series, follow the "Intellectual Property" tag to view all of the articles.
To continue to safeguard information assets, information security practitioners are obliged to expand beyond the traditional technical controls. The information assets we protect flow over various networks and persist for decades. These properties will be outside of the professional’s direct control more often than not. Therefore, additional controls such as those afforded by intellectual property laws have taken on new significance.
At the same time, consider the ease in which intellectual property laws can be violated. The violations are typically, though not always, by digital piracy through copyright violations. Organizations such as the Recording Industry Association of America (RIAA) and Motion Picture Association of America (MPAA) have stepped up their prosecutions of individuals and organizations for such theft. This creates a climate wherein the information security professional must not only protect his technology from attack but also from misuse, particularly misuse leading to violating other’s IP rights. Knowing the laws and communicating the laws (in policy and training) is crucial in mitigating the risk of lawsuit.
In summary, today’s environment places new demands on information security. New skills are needed. A working knowledge and understanding of intellectual property laws is a critical component in a securing an organization’s information technology.