As a Security professionals should also be familiar with the legal issues surrounding software licensing agreements. There are four main types of License Agreement in use today. Refer to below mindmap for details.
Also, Import/Export law will help company to control their Information across multiple countries.
Below case study will help us to understand “why” encryption export control is required for a Company/Enterprise.
- Lets assume one of the Host in South Africa is trying to communicate to one of the host in India & traffic exit from your Perimeter router via Internet.
- Also assume this host in South Africa is using some form of encryption algorithm which is allowed in South Africa , India but “not” in “Singapore”. Because different country may have different laws regarding transmission of data or encryption standard.
- Considering the nature of IP packet flow, this traffic stream may take many many different route – lets assume in this case via Singapore.
- In this case, your end to end host communication is violating the Law of Singapore;
- Hence, if there are chances to violate a foreign national’s data laws; we must control data flow to avoid violations & this must be included in “Risk Management”
- Solution of such problem could be to use Pinned Path(Avoiding flow via Singapore) in WAN Technologies: MPLS, Frame Relay, ATM