Get Prepared And Pass The CISSP Exam

Legal Regulations, Investigations and Compliance

Software Licensing

Software license is a legal contract that governs the use and/or redistribution of computer software. Under the USA copyright law, all software is copyright protected, except the one in the public domain. A typical software license grants an end-user permission to use one of more copies of software in ways where such a use would otherwise potentially constitute copyright infringement.

Types of Software Licenses

Individual Licenses

Perpetual License Agreement

Perpetual license agreement allows the customer to install and use the software indefinitely. Technical support is included for a limited term, usually 90 days.

Subscription License

Subscription license allows the user to use the software for a specified time period. This license usually includes technical support and access to upgrades and patches released during the term of the subscription. At the end of the term the user has several options: (1) renew the subscription; or (2) purchase a perpetual license at a discounted cost; or (3) remove the software from the computer.

Freeware License

Freeware license is a license type offered as freeware by the author and does not require paying any fee for use.

Shareware License

Shareware license is a license to use software for a trial period and then, if you continue to use the software, you must pay a shareware fee or cease using the software.

Special Channel Licenses

Original Equipment Manufacturer (OEM)

The OEM licenses cover software for stand-alone PC’s and notebooks and MUST stay bundled with the computer system and NOT distributed as a separate (or stand-alone) product. This software will be identified or labeled “For Distribution Only With New Computer Hardware.”

Educational or Academic Software

Software marked for distribution to educational institutions and students at reduced prices. This software is usually labeled that it is an academic product and for use only by academic or educational institutions.

Not for Resale (NFR)

Specific and restricted licenses that are made available by software vendors directly to the distribution channel and are typically marked NFR with explicit conditions that it is NOT FOR RESALE. The NFR software is not licensed for normal commercial distribution.

Individual/Multi-user licensing

Volume Licenses

Volume licenses allow the Licensee to install the software on a certain number of computers. The licensee usually has to satisfy a minimum purchase requirement and obtains reduced prices in exchange. When purchasing the licenses, the licensee usually receives one copy of the media and documentation with the option of purchasing more.


This license provides access to software at a single location. Typically, these licenses are individually negotiated with the publisher and vary widely in their provisions.


See Site/Enterprise license above.


Server (Network)

Licensed per server – This license type requires that you have a single copy of the software residing on the file server. With Per Server licensing, a specified number of CALs are associated with a particular server. The number of devices that can legally access that server simultaneously is limited in Per Server licensing to the number of CALs purchased for that particular server.

Per Seat (Machine)

Licensed per machine/seat – This license requires that you purchase a license for each client computer and/or device where access to services is needed. This license is typically used in conjunction with a network license.

Per Processor

Under the Per Processor model, you acquire a Processor License for each processor in the server on which the software is running. A Processor License usually includes access for an unlimited number of users to connect. You do not need to purchase additional server licenses, CALs, or Internet Connector Licenses.

Per Mailbox (Education customers only)

If you are an education customer using Exchange Server, you have the additional option of deploying licenses in Per Mailbox mode. With this model, you acquire one CAL for each unique mailbox accessing Exchange Server.

Add-on’s to existing or new licenses


This license is acquired when a user has a previously acquired software license and would like to move up to a newer version. This is not the same as a maintenance or subscription agreement. The previous version becomes void and you cannot transfer the previous version to another user.

Student use

This allows students to use the software as long as they are students of the institutions. Students are required to uninstall software upon leaving the University.

Secondary use

Allows the licensed end user to use the software on a second computer.

Work-at-home rights

Allows Faculty/Staff to use software at home. This is effective for as long as the primary work computer is licensed and as long as the person is an employee. Termination of employment also terminates this benefit.

Home use

Similar to Work-at-home rights


This is an agreement between the license holder and the software developer that allows the user to obtain all updates or upgrades for software during the term of a contract. This is usually purchased in addition to a license and at the same time as the license. Subscription/Maintenance is usually renewable at the conclusion of the term of the contract. Subscription/Maintenance added to an existing license may change the original license (e.g. Microsoft select software assurance added to an OEM license changes the OEM license to a Microsoft select license; with all benefits)

Patent, Trademark, Copyright


Patent is the process of protecting an idea, that is described with enough details so that it others can make use of it. The patent, however the right to exclude others from making, using, offering for sale, or selling the invention into the United Stated or importing the invention into the United States. The term of a new patent is 20 years from the date on which the application for the patent was filed in the United States .


A trademark is a word, name, symbol or device which is used in trade with goods to indicate the source of the goods and to distinguish them from the goods of others. Trademark rights may be used to prevent others from using a confusingly similar mark, but not to prevent others from making the same goods or from selling the same goods or services under a clearly different mark. As long as the trademark is kept registered others will not be able to use it.


Copyright is a form of protection provided to the authors of “original works of authorship” including literary, dramatic, musical, artistic, and certain other intellectual works, both published and unpublished. The 1976 Copyright Act generally gives the owner of copyright the exclusive right to reproduce the copyrighted work, to prepare derivative works, to distribute copies of the copyrighted work, to perform the copyrighted work publicly, or to display the copyrighted work publicly.


Copyleft is the practice of using copyright law to offer the right to distribute copies and modified versions of a work and requiring that the same rights be preserved in modified versions of the work. An example of a copyleft free software is the GNU General Public License agreement.

Software Export Limitations

The software export limitations apply to software that has cryptography involved. The export of cryptography technology in any form from the US to another country is prohibited.
Export Administration Regulation (EAR) and the International Traffic in Arms Regulation (ITAR) require US residents to seek and receive authorization from the US Government before releasing to foreign parties in the US controlled technology or technical data. Under EAR and ITAR release of such data to foreign parties, even by an employer - is deemed to be an export to that party’s country. A US company must document that a license is not required or seek and receive a license from the US Government before it releases controlled technology or technical data to its nonimmigrant workers.

US Law Types

Criminal Law

Criminal law involves prosecution by the government of a person for an act that has been classified as a crime. Violations of criminal law result in imprisonment, fines or both. Criminal offenses are stealing, assault, illegal drug use.

Civil Law or TORT Law

Civil law involves individuals and organizations seeking to resolve legal disputes. Persons found liable in a civil case may only have to give up property or pay money, but are not incarcerated. Civil offenses are violating a contract, not paying your bills, selling a shoddy product.

Administrative or Regulatory Law

United States administrative law encompasses a number of statutes and cases which define the extent of the powers and responsibilities held by administrative agencies of the United States Government. Such agencies are delegated power by the Congress to act as agents for the executive.

Trans Border Data Flow

The trans border data flow deal with the issues that arise under US law related to outsourcing arrangements often involve the processing of large volumes of personal information about a company’s customers or employees. In many cases, this information includes sensitive information,such as financial data, medical data, payroll and benefits information, social security numbers and purchasing histories. This paper outlines the general issues that companies must consider when they permit outsourcing partners to transfer personal data across national boundaries.