Page 275 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 275

manufacturing company may want to keep secret a certain
               manufacturing process that only a few key employees fully

               understand, or a statistical analysis company might want to safeguard
               an advanced model developed for in-house use.

               Two of the previously discussed intellectual property tools—copyrights
               and patents—could be used to protect this type of information, but
               with these two major disadvantages:

                    Filing a copyright or patent application requires that you publicly
                    disclose the details of your work or invention. This automatically
                    removes the “secret” nature of your property and may harm your

                    firm by removing the mystique surrounding a product or by
                    allowing unscrupulous competitors to copy your property in
                    violation of international intellectual property laws.

                    Copyrights and patents both provide protection for a limited period
                    of time. Once your legal protection expires, other firms are free to
                    use your work at will (and they have all the details from the public

                    disclosure you made during the application process!).

               There actually is an official process regarding trade secrets. By their
               nature you don’t register them with anyone; you keep them to
               yourself. To preserve trade secret status, you must implement
               adequate controls within your organization to ensure that only
               authorized personnel with a need to know the secrets have access to
               them. You must also ensure that anyone who does have this type of

               access is bound by a nondisclosure agreement (NDA) that prohibits
               them from sharing the information with others and provides penalties
               for violating the agreement. Consult an attorney to ensure that the
               agreement lasts for the maximum period permitted by law. In
               addition, you must take steps to demonstrate that you value and
               protect your intellectual property. Failure to do so may result in the

               loss of trade secret protection.

               Trade secret protection is one of the best ways to protect computer
               software. As discussed in the previous section, patent law does not
               provide adequate protection for computer software products.
               Copyright law protects only the actual text of the source code and
               doesn’t prohibit others from rewriting your code in a different form
   270   271   272   273   274   275   276   277   278   279   280