Securing Intellectual Property
eBook - ePub

Securing Intellectual Property

Protecting Trade Secrets and Other Information Assets

  1. 288 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Securing Intellectual Property

Protecting Trade Secrets and Other Information Assets

About this book

Most employeers are astounded at how easily and quickly their proprietary information can get out of their control. In a large number of cases, theft of trade secrets often involves employees leaving a company to start their own business or work for a direct competitor.Nearly all books that address the topic of trade secrets have the "spy vs. spy perspective. The author approaches the topic from a practical business perspective and not simply creating "paranoia for paranoia's sake. The material for this book comes from the author's extensive work experience as a computer forensics consultant and manager on numerous theft of trade secrets cases.- No-nonsense solutions to the most common intellectual property problems facing security managers, computer security professionals, corporate legal counsel, and human resource managers- Sample agreements and forms that address specific business needs- Coverage of threats ranging from physical security lapses to hackers to social engineering

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Securing Intellectual Property by Information Information Security,Information Security in PDF and/or ePUB format, as well as other popular books in Law & Information Management. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Butterworth-Heinemann
Year
2008
eBook ISBN
9780080941417
Topic
Law
Subtopic
Information Management
Index
Law

Chapter 1. Elements of a Holistic Program

Introduction

In many environments, security as an element of business culture has been hit with the double-whammyā€”that is, it suffers from both an image problem and an identity crisis. Many people think of corporate security as the ā€œguards, guns, and gatesā€ guys and cyber security as those ā€œsnoops who read employees' e-mail.ā€
Security often is seen as a controlling or constricting force within an enterprise. It is frequently thought of as something that gets in the way of business. And lacking either a real mandate or a bold vision, many people within security slip into a reactive mode and resort to playing whack-a-mole, thus contributing to the bad image and deepening the identity crisis.
Security also is harried from a pack of false memes, which hound it, as well as some structural impairment, which hobbles it.

False Memes Lead People the Wrong Way

For example, a false meme tells you that teenage hackers with purple Mohawks and skateboards are responsible for most network break-ins; they don't really mean any real harm or do much damage. That might have been true fifteen years ago, but it hasn't been true for quite some time.
Another false meme assures you that 80 percent of all serious cyber-crime is perpetrated by insiders, for example, by dishonest or disgruntled employees. Again, looking in the rear-view mirror, at a great distance, that might have been true years ago, but it is a dangerous assumption in today's world. It is not that the insider threat has been diminished; it is that the threat from outside has increased dramatically. Furthermore, the lines between insider and outsider have been blurred both by technology and business practice.
A third false meme (there are several others) states that ā€œmost industrial espionage is done by the turning of insiders.ā€ Like the notion about ā€œinsidersā€ being the cause of most problems, this meme about the turning of insiders is particularly dangerous because it is a half-truth. The turning of insiders was the principle method, and it still is a major factor, but the business environment has changed radically, and methods of collection, and those eager to collect, have changed along with it.

From the Industrial Age to the Information Age

Of course, just as the Agricultural Age did not drop away when we entered into the Industrial Age, the Industrial Age is still with us, but an added dimension, the Information Age, is laid over the top of the two earlier paradigms. We are up to our necks in what Toffler called the Third Wave, and it has brought with it tremendous opportunity and profound challenge.
Unfortunately, this Third Wave has yet to sweep away a lot of Second Wave thinking about the nature of security.
To understand what security should look and feel like in the twenty-first century, pull out a piece of black paper. First, draw a big circle on it, and write along the curve of the circle, ā€œGlobal Economy.ā€ Next, draw a second big circle of the same circumference on top of the first circle, and then write along side of the curve of this second, superimposed circle, ā€œCyberspace.ā€
Within these two dimensions, which share the same space, you cannot draw a perimeter for your enterprise. And certainly, if you cannot draw a perimeter, you cannot protect it. Of course, you could draw a smaller circle, or a square, within the shared circle of the global economy and cyberspace, and you could imagine that the lines of the smaller shape delineated your enterprise's perimeter, but you would be deluding yourself. The reality is that the smaller shape is permeated by both the global economy and cyberspace, both are inside of your enterprise, you cannot keep them outside, and they are integral to how we do business today.
This new world demands a new security paradigm. We think of it as a holistic vision of security.
We have described the bad image, the identity crisis, and the false memes, but what about the structural impairment? Just as intelligence suffers from stove-piping (i.e., unless intelligence can be cross-referenced and aggregated in many ways, and analyzed afresh from different angles, something very important will probably slip by), so does security; if personnel security, physical security, and information security are all stove-piped within an enterprise, each is less than it could be, and all could well be working at cross-purposes. Figure 1.1 shows how awareness and intelligence can help mitigate risk and threats within an organization.
Figure 1.1. Personnel, Physical, and Information Security Mitigate the Scope of Risks and Threats
In life, in nature, in business, and in security, everything is interconnected, one way or another, just as the size of the glacier pack impacts the flow of the river, which, in turn, impacts the irrigation and reservoirs upon which human habitation has come to rely. In security, all the various elements interconnect for good or bad. If your most sensitive information is stored on an insecure server, your investment in physical and personnel security will be wasted. Conversely, if inadequate attention is paid to your physical security, then all your diligence in implementing personnel and information security controls could be for naught. Figure 1.2 shows how integration of physical, personnel, and cyber security helps narrow the scope of risks and threats within an organization.
Figure 1.2. Integrating Physical, Personnel, and Cyber Security
Each has to strengthen the other; each has to resonate with the whole (see Figure 1.3).
Figure 1.3. Serious Commitment to Awareness/Education and Intelligence Optimize Mitigating Factors
Here are some recommendations for a comprehensive program:
  • Organization: Where security reports within an organization is perhaps the most vital issue of all. Consider appointing a Chief Security Officer (CSO), who reports to either the Chief Executive Office (CEO) or the Chief Financial Officer (CFO). This person should hold the reins of personnel security, physical security, and information security, and should not be a stranger to the boardroom.
  • Awareness and Education: Educate your workforce on an ongoing basis about the threats of economic espionage, intellectual property theft, counterfeiting, and piracy. Help them understand your expectation that they will protect the enterprise's intellectual property, and by extension, their own livelihood. Provide general education for the entire workforce, and specialized education for executives, managers, technical personnel, among others.
  • Personnel Security: Implement a ā€œPersonnel Securityā€ program that includes both background investigations and termination procedures. You need policies that establish checks and balances, and you need to enforce them. Know the people you are going to hire. Don't lose touch with them while they work for you. Consciously manage the termination process if and when they leave the enterprise.
  • Information Security: Recruit certified information security professionals (e.g., CISSP, CISM, etc.). Adopt best practices, and establish a baseline. Utilize appropriate information security technologies, such as fire...

Table of contents

  1. Brief Table of Contents
  2. Table of Contents
  3. Copyright
  4. Preface
  5. Chapter 1. Elements of a Holistic Program
  6. Chapter 2. Trade Secrets and Nondisclosure Agreements
  7. Chapter 3. Confidentiality, Rights Transfer, and Noncompetition Agreements for Employees
  8. Chapter 4. IT Servicesā€”Development, Outsourcing, and Consulting
  9. Chapter 5. How to Sell Your Intellectual Property Protection Program
  10. Chapter 6. Case Study
  11. Chapter 7. When Insiders and/or Competitors Target a Business's Intellectual Property
  12. Chapter 8. When Piracy, Counterfeiting, and Organized Crime Target a Business's Intellectual Property
  13. Chapter 9. Physical Security
  14. Chapter 10. Protecting Intellectual Property in a Crisis Situation
  15. Chapter 11. Top Ten Ways to Shut Down Hackers
  16. Appendix 1. Mutual Non-Disclosure Agreement
  17. Appendix 2. Evaluation Agreement (Pro-Recipient)
  18. Appendix 3. Employee Agreement
  19. Appendix 4. Software Development Agreement
  20. Appendix 5. Software Consulting Agreement (Favors Consultant)
  21. Appendix 6. Software Consulting Agreement (Favors Customer)
  22. Appendix 7. Web Site Development Agreement
  23. Appendix 8. Web Hosting Agreement
  24. Appendix 9. U.S. Department of Justice Checklist for Reporting a Theft of Trade Secrets Offense
  25. Index