As a Security professional should also be familiar with the legal issues surrounding software licensing agreements. There are four main types of License Agreement in use today. Refer to below mindmap for details.
Also, Import/Export law will help company to control their Information across multiple countries.
Below case study will help us to understand “why” encryption export control is required for a Company/Enterprise.
- Let us assume one of the Hosts in South Africa is trying to communicate to one of the hosts in India & traffic exit from your Perimeter router via the Internet.
- Also assume this host in South Africa is using some form of an encryption algorithm which is allowed in South Africa, India but “not” in “Singapore.” Because different country may have different laws regarding the transmission of data or encryption standard.
- Considering the nature of the IP packet flow, this traffic stream may take many many different routes – let us assume in this case via Singapore.
- In this case, your end to end host communication is violating the Law of Singapore;
- Hence, if there are chances to break a foreign national’s data laws; we must control data flow to avoid violations & this must be included in “Risk Management.”
- The solution of such a problem could be to use Pinned Path(Avoiding flow via Singapore) in WAN Technologies: MPLS, Frame Relay, ATM.