BreachExchange mailing list archives
Companies: Five Steps to Protecting Trade Secrets
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 1 Oct 2015 18:25:50 -0600
http://www.jdsupra.com/legalnews/companies-five-steps-to-protecting-36205/ If your management team knows it needs to better protect company trade secrets but isn’t sure where to start, take note. CREATe.org and PwC have put together a five-step framework to guide companies on how to identify, assess and manage trade secrets. The full framework is included in the CREATe – PwC report: Economic Impact of Trade Secret Theft: A framework for companies to safeguard trade secrets and mitigate potential threats. Here’s a quick overview. Step 1: Identify Trade Secrets: To best protect those trade secrets whose theft would cause the most harm to a company, companies should first document and locate the inventory of their trade secrets. This first step gathers key stakeholders —business and product unit, R&D, legal, finance and risk leaders —to inventory the trade secrets maintained by the company. Ultimately, forming a cross-functional team with senior management support is critical to this step and those that follow. Discussion and debate of what constitutes a trade secret for the company is encouraged, as stakeholders should emerge from this first step with a broad consensus of not only the definition of a trade secret for their company, but also a list of the company’s trade secrets aggregated into categories such as: - Product Information - Research & Development - Critical & Unique Business Processes - Sensitive Business Information - IT Systems & Applications Step 2: Assess Threats and Vulnerabilities A risk assessment focused on threats and vulnerabilities forms a critical step in the framework. Threat actors take many different forms, each of which poses a significant threat to misappropriate a company’s intellectual property. Potential threat actors are further explained in this blog post – and could include malicious insiders, competitors, nation states, organized crime or hactivists. Analysis of existing trade secret protection management systems—the compliance and security program policies, procedures and internal controls—enable management to identify vulnerabilities in its current protocols that may create unnecessary risk and exposure for the company. Evaluating the maturity of the overall trade secret protection program and the specific processes is an effective way to understand the vulnerabilities. Step 3: Rank Trade Secrets According to Relative Value With only limited resources to implement new safeguards around its most critical assets, how should management decide which trade secrets deserve greater protections? How should management rank its trade secrets based on the insights garnered from the initial analyses performed by the first two steps? A Relative Value Ranking analysis provides the company with the means to conduct a qualitative assessment using value-based judgments on the relative importance of a trade secret so that it can perform an initial selection of trade secrets that have the biggest impact on the operations and performance of the business. The CREATe – PwC report provides a system for ranking the value of the trade secrets as ‘low,’ ‘medium’ or ‘high’ based on criteria such as the impact to the company’s reputation, core business, culture, competitive advantage or future revenues. Step 4: Determine Economic Impact of Trade Secret Theft In this step, the company determines the adverse economic impact to the company if an individual trade secret asset is misappropriated. This process enables management to segment the total impact into manageable building blocks. It also provides an understanding of both direct and indirect impacts to help to establish a complete picture of the economic losses attributable to a trade secret theft. - Direct Impact: A measure of the direct financial and economic losses attributable to a trade secret theft event – i.e., lost sales/revenues, lost market share, lost profits, and/or lost economic opportunity; and - Indirect Impact: An assessment of the indirect factors impacting a companies’ short/long-term ability to compete in the marketplace due to the theft of the output of its investment—e.g., reduction in customer trust due to concerns about ongoing relationships or adverse press impacting the company’s reputation in the marketplace. The results of the impact assessment provide the basis for establishing a workable return on investment for improving trade secret protection and within this, IT security. In most companies, compliance is seen as a cost, not an investment. The valuation is critical to helping companies understand that improving trade secret protection is an investment that has a quantifiable ROI. Step 5: Secure Trade Secrets The analysis of trade secrets deemed most important to a company enables management to make informed decisions about how best to use its existing resources to strengthen its ability to mitigate potential threats. CREATe has identified eight categories of effective trade secret protection. These include: - Policies, Procedures & Records - Cross-functional Compliance Team - Scope & Quality of Risk Assessment - Management of Third Parties - Security & Confidentiality Management - Training & Capacity Building - Monitoring & Measurement - Corrective Actions & Improvements Taking these steps provides an organizing framework for companies to better safeguard trade secrets. For more information on the framework, download the full report.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Companies: Five Steps to Protecting Trade Secrets Audrey McNeil (Oct 02)