📘 Topic: Intellectual Property, Copyright, and Confidentiality

Domain: D1 – Security and Risk Management
Tags: #cissp

---

🧾 Definition

Organizations often rely on third-party technology, software, or know-how. Legal protections such as copyright, patents, trade secrets, and non-disclosure agreements define what can be used, how it may be shared, and how sensitive information should be protected.

---

🔑 Key Points

• Copyright protects original expression such as software code, documentation, and music.
• Patents protect inventions and technical processes.
• Trade secrets protect confidential business knowledge that holds commercial value.
• NDAs and licensing terms define permitted use and confidentiality obligations.

---

⚠️ CISSP Insight

• Security professionals must support legal and compliance requirements while protecting confidential information.
• A control environment should address both technical protection and contractual obligations.

---

⚔️ Key Difference / Trap

• Copyright vs Patent vs Trade Secret
  • Copyright = expression of an idea
  • Patent = invention or novel technical process
  • Trade secret = confidential know-how
• “Publicly available” does not always mean free to use
  • Licensing and ownership still matter

---

🏗️ Example

A company uses a vendor’s software platform. The contract defines licensing terms, the vendor’s source code remains protected by copyright, and the company must safeguard customer data under confidentiality obligations.

---

📚 References

• WIPO, Intellectual Property Basics
• NIST SP 800-53, SC-28 and AC-4
• ISO/IEC 27001:2022, Annex A 5.12 and 5.14

---

🔁 Quick Recall

• Copyright = creative expression
• Patent = invention
• Trade secret = confidential know-how