Security Basics mailing list archives
Re: Physical Security & Protecting Information
From: Todd <tod () megachump com>
Date: Thu, 13 Mar 2003 19:42:06 -0500
I would make sure that HR and Legal have armed themself with a signed confidentiality agreement from all employees, vendors, and contractors(include something about intellectual property rights). Ensure they make it part of the new employee orientation process and a reminder upon the termination/exit of an employee. Also, confirm existence of copyright notices in source code, clear audit trails and custodial efforts for any media in hardcopy of paper or disc are a standard policy and part of regular auditing. Try to get this in your security policy and endorsed by upper management to keep line managers as sole heirs of responsibility in this task. Finally, keep a good awareness program. Remind end-users that security is best served through their diligence and reporting of suspicious activities. Also, try to remind upper management by sending them occassional articles on same. Hope that gives you somewhere to start. -- Todd Plesco On Wed, Mar 12, 2003 at 08:13:44PM -0700, discipulus wrote:
Hi, I've read a lot of posts on this list and others and a good deal of security related articles on this site and others like http://www.sans.org and http://www.cert.org Most of what I have read focuses on network and/or computer security but I haven't found very much information that focuses on physical security, specifically in the area of protecting confidential proprietary company information. Here's a scenerio that should clarify what I'm trying to explain: Bob who works as a developer for StealOurStuff inc. tells Mary in the next cube that he's had a job offer from a competitor, plans to quit soon but hasn't told anybody. In the afternoon the following day, Mary notices Bob loading up a box with CDs, floppies and other media, including reams of documentation. She also notices Bob loading this box into the trunk of his car at the end of the day. What can be done to keep this type of potential compromise from happening? From my perspective, even if you have armed security guards that check bags & boxes going in and out of a building, people can still find creative or not so creative ways to get it out. A standard CD isn't that big and flash cards are even smaller. Are there ways to keep someone from getting the information in the first place or at least record what they've obtained? How do you do this when they haven't yet provided notice they are leaving and still have access to loads of confidential information? I've read about corporate espionage cases where a perpetrator at one company busts into the network of another company and stumbles into a directory named "Proposals" of all things but employees who walk out the front doors carrying protected information seems just as damaging or more so to me. Any insight would be appreciated. Thanks
-- Todd tod () megachump com
Current thread:
- Physical Security & Protecting Information discipulus (Mar 13)
- Re: Physical Security & Protecting Information Philip Storry (Mar 17)
- Re: Physical Security & Protecting Information ullmic (Mar 18)
- Re: Physical Security & Protecting Information Lists (Mar 18)
- Re: Physical Security & Protecting Information Mike Dresser (Mar 18)
- RE: Physical Security & Protecting Information Duston Sickler (Mar 19)
- Re: Physical Security & Protecting Information ullmic (Mar 18)
- Re: Physical Security & Protecting Information Todd (Mar 17)
- Re: Physical Security & Protecting Information discipulus (Mar 17)
- RE: Physical Security & Protecting Information Filip Maertens (Mar 17)
- Re: Physical Security & Protecting Information discipulus (Mar 17)
- Re: Physical Security & Protecting Information pablo gietz (Mar 19)
- <Possible follow-ups>
- Re: Physical Security & Protecting Information A B (Mar 17)
- RE: Physical Security & Protecting Information Mike Heitz (Mar 17)
- Re: Physical Security & Protecting Information ullmic (Mar 20)
- Re: Physical Security & Protecting Information Philip Storry (Mar 17)