CISSP PRACTICE QUESTIONS – 20210118

Effective CISSP Questions

The in-house development team developed a microservices-based customer relationship management (CRM) system, deployed as a private cloud solution utilizing containerization services. Your company is expected to gain a sustainable competitive advantage because of the novel software architectural design and innovative data analytics. Which of the following is the best intellectual property law to protect your source code?
A. Patent
B. Trade secret
C. Copyright
D. Trademark

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Trade secret.

Your company treats the source code as confidential information; trade secrets protect its confidentiality. Both copyright and patent require the disclosure of the source code, but your company intends to keep it secret as a private cloud. A trademark uniquely identifies and distinguishes your company or products; it doesn’t protect the source code.

  • According to the Berne Convention, copyright protection is typically obtained automatically without registration. In the U.S., formally registered copyrighted software shall be “deposited” and made available to the public.
  • Besides, copyright protection extends only to expressions and not to ideas, procedures, methods of operation, or mathematical concepts as such. The architectural design and algorithms for data analytics are not protected by copyright; however, they can be protected by patent.
  • A patent protects inventions but requires the inventor to “publish an enabling public disclosure of the invention” as an exchange.
  • As your company doesn’t sell or license the source code as a software product, it doesn’t need to register for the copyright to prevent customers from claiming ownership and reselling or relicensing source code.

Trade Secret

Trade secrets are a type of intellectual property that comprise formulas, practices, processes, designs, instruments, patterns, or compilations of information that have inherent economic value because they are not generally known or readily ascertainable by others, and which the owner takes reasonable measures to keep secret. In some jurisdictions, such secrets are referred to as confidential information.

Source: Wikipedia

The following is an excerpt from WIPO:

Trade secrets are intellectual property (IP) rights on confidential information which may be sold or licensed.

In general, to qualify as a trade secret, the information must be:

  • commercially valuable because it is secret,
  • be known only to a limited group of persons, and
  • be subject to reasonable steps taken by the rightful holder of the information to keep it secret, including the use of confidentiality agreements for business partners and employees.

The unauthorized acquisition, use or disclosure of such secret information in a manner contrary to honest commercial practices by others is regarded as an unfair practice and a violation of the trade secret protection.

“Copyright is a type of intellectual property that gives its owner the exclusive right to make copies of a creative work, usually for a limited time.” (Wikipedia)

Berne Convention

In the majority of countries, and according to the Berne Convention, copyright protection is obtained automatically without the need for registration or other formalities.

Most countries nonetheless have a system in place to allow for the voluntary registration of works. Such voluntary registration systems can help solve disputes over ownership or creation, as well as facilitate financial transactions, sales, and the assignment and/or transfer of rights.

Source: WIPO

Registration

However, while registration isn’t needed to exercise copyright, in jurisdictions where the laws provide for registration, it serves as prima facie evidence of a valid copyright and enables the copyright holder to seek statutory damages and attorney’s fees. (In the US, registering after an infringement only enables one to receive actual damages and lost profits.)”

Source: Wikipedia

Disclosure of Source Code

The code is already public and can be reverse-engineered. However, if your code resides on a secure server and customers do not directly access it—as with an online data analytic service or financial model provider—registering your copyright may be a bad idea.

Copyrighted software requires the author to provide an example. That example will be available to anyone who seeks it at the Library of Congress—including your competitors. If you copyright your software, you will make a portion of your source code available to the public. As you learn more about registering a copyright for your software, be sure that the protection that registration gives is worth making your source code public.

Source: Joe Runge, Esq.

Computer Program Functions

A computer program is a set of statements or instructions to be used directly or indirectly in a computer to bring about a certain result. Copyright protection for a computer program extends to all of the copyrightable expression embodied in the program. The copyright law does not protect the functional aspects of a computer program, such as the program’s algorithms, formatting, functions, logic, or system design.

Source: copyright.gov

Software License

A software license is a legal instrument (usually by way of contract law, with or without printed material) governing the use or redistribution of software.

A typical software license grants the licensee, typically an end-user, permission to use one or more copies of software in ways where such a use would otherwise potentially constitute copyright infringement of the software owner’s exclusive rights under copyright.

Source: Wikipedia

Patent

A patent is a form of intellectual property that gives its owner the legal right to exclude others from making, using, or selling an invention for a limited period of years in exchange for publishing an enabling public disclosure of the invention.

Source: Wikipedia

Trademark

A trademark is a word, phrase, symbol, and/or design that identifies and distinguishes the source of the goods of one party from those of others. A service mark is a word, phrase, symbol, and/or design that identifies and distinguishes the source of a service rather than goods. Some examples include brand names, slogans, and logos. The term “trademark” is often used in a general sense to refer to both trademarks and service marks.

Source: USPTO

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

內部開發團隊開發了基於微服務的客戶關係管理(CRM)系統,該系統被部署為利用容器化服務的私有云解決方案。 由於軟件新穎的架構設計和創新的數據分析,您的公司預計將可獲得可持續的競爭優勢。 以下哪項是保護您的原始程式的最佳知識產權法?
A. 專利
B. 商業秘密
C. 版權
D. 商標

1 thought on “CISSP PRACTICE QUESTIONS – 20210118

Leave a Reply