To recognize the highly networked nature of the federal computing environment, including the need for federal government interoperability, and in the implementation of improved security management measures, to assure that opportunities for interoperability are not adversely affected To provide effective government-wide management and oversight of the related informa- tion security risks, including coordination of information security efforts throughout the civilian, national security, and law enforcement communities To provide for development and maintenance of minimum controls required to protect fed- eral information and information systems To provide a mechanism for improved oversight of federal agency information security programs The provisions of the GISRA continue to charge the National Institute of Standards and Technology and the National Security Agency with security oversight responsibilities for unclassified and classified information processing systems, respectively. However, GISRA places the burden of maintaining the security and integrity of government information and information systems squarely on the shoulders of individual agency leaders. GISRA also creates a new category of computer system. Mission-critical systems meet one of the following criteria: It is defined as a national security system by other provisions of law. It is protected by procedures established for classified information. The loss, misuse, disclosure, or unauthorized access to or modification of any information it processes would have a debilitating impact on the mission of an agency. The GISRA provides specific evaluation and auditing authority for mission-critical systems to the secretary of defense and the director of central intelligence. This is an attempt to ensure that all government agencies, even those that do not routinely deal with classified national secu- rity information, implement adequate security controls on systems that are absolutely critical to the continued functioning of the agency. Intellectual Property America’s role in the global economy is shifting away from a manufacturer of goods and toward a provider of services. This trend also shows itself in many of the world’s large indus- trialized nations. With this shift toward providing services, intellectual property takes on an increasingly important role in many firms. Indeed, it is arguable that the most valuable assets of many large multinational companies are simply the brand names that we’ve all come to rec- ognize, and company names like Dell, Proctor Gamble, and Merck bring instant credibility to any product. Publishing companies, movie producers, and artists depend upon their cre- ative output to earn their livelihood. Many products depend upon secret recipes or produc- tion techniques—take the legendary secret formula for Coca-Cola or the Colonel’s secret blend of herbs and spices, for example. These intangible assets are collectively referred to as intellectual property, and a whole host of laws exist to protect the rights of their owners. After all, it simply wouldn’t be fair if a music store only bought one copy of each artist’s CD and burned copies for all of their customers— that would deprive the artist of the benefits of their labor. In the following sections, we’ll explore the laws surrounding the four major types of intellectual property—copyrights, trade- marks, patents, and trade secrets. We’ll also discuss how these concepts specifically concern information security professionals. Many countries protect or fail to protect these rights in dif- ferent ways, but the basic concepts ring true throughout the world. Some countries are notorious for violating intellectual property rights. The most notable example is China. China is world-renowned for its blatant disre- gard of copyright and patent law. If you’re planning to do business in this region of the world, you should definitely consult with an attorney who spe- cializes in this area. Copyrights Copyright law guarantees the creators of “original works of authorship” protection against the unauthorized duplication of their work. There are eight broad categories of works that qualify for copyright protection: Literary works Musical works Dramatic works Pantomimes and choreographic works Pictorial, graphical, and sculptural works Motion pictures and other audiovisual works Sound recordings Architectural works There is precedent for copyrighting computer software—it’s done under the scope of literary works. However, it’s important to note that copyright law only protects the expression inherent in computer software—that is, the actual source code. It does not protect the ideas or process behind the software. There has also been some question over whether copyrights can be extended to cover the “look and feel” of a software package’s graphical user interface. Court decisions have gone in both directions on this matter; if you will be involved in this type of issue, you should consult a qualified intellectual property attorney to determine the current state of legislation and case law. There is a formal procedure to obtain a copyright that involves sending copies of the protected work along with an appropriate registration fee to the Library of Congress. For more information on this process, visit the Library’s website at www.loc.govcopyright. However, it is impor- tant to note that officially registering a copyright is not a prerequisite for copyright enforcement.