Free Essay

Protection Corporate Secrets

In:

Submitted By rpford89
Words 372
Pages 2
In the White Paper by Kroll, the interesting recommendation is the fundamental rule for determination as to who should be granted access to protected information is the “NEED TO KNOW” concept. For example, in the military a soldier can have Top Secret clearance. But because his current job description does not require the access to Top Secret information, some security managers will downgrade that person's access level to secret based on both the duty position and description or for adverse actions.

With role-based access control, access decisions are based on the roles that individual users have as part of an organization. Users take on assigned roles (such as doctor, nurse, teller, manager). The process of defining roles should be based on a thorough analysis of how an organization operates and should include input from a wide spectrum of users in an organization (Ferraiolo and Kuhn, 1995).

I will continue to use the case of Army PFC Manning who is currently facing charges for espionage. PFC Manning is accused of downloading over 500, 000 military reports and releasing the information to Wikileaks. PFC Manning held a grudge with his unit and decided to retaliate by disclosing classified information that could possible cause devastation to the lives of many. This young soldier was known for having mental problems and was, at some point, viewed as a threat to himself and others. This is where his chain of command needed to exercise command authority notifying the security manager suspend Manning's access to classified information.

By controlling users' access according to their roles and the attributes attached to those roles, the RBAC model provides a companywide control process for managing IT assets while maintaining the desired level of security (Grueling and Lord, 2003). Manning could have been reassigned to working in the company headquarters, but still have access to the organization's classified information.

Ferraiolo, D. and Kuhn, R. (1995). An introduction to Role-Based Access Control. Retrieved from: http://csrc.nist.gov/groups/SNS/rbac/documents/design_implementation/Intro_role_based_access.htm

Grueling, T. and Lord, R. (2003). How role-based access control can provide security and business benefits. Retrieved from http://www.computerworld.com/s/article/86699/How_role_based_access_control_can_provide_security_and_business_benefits

McQuade, S. C. (2006). Understanding and managing cybercrime. Boston, MA: Pearson.

Similar Documents

Free Essay

Cyberespionage and Intellectual Property Theft

...world where everything that is said and done online leaves behind a massive ever-growing bread-crumb trail of information. With this ever larger quantity of data being transmitted on a range of devices as well as third party service providers being increasingly relied upon to store it; the threat of loss of confidential and sensitive data continues to expand exponentially (Online Trust Alliance, 2014, p. 3). “Breaches and data loss incidents have become a fact of life for organizations of every size and throughout the public and private sectors” (Online Trust Alliance, 2014, p. 4) making no organization immune. Given the growth of data and, therefore, data breaches the threat to the U.S. economy and individual U.S. businesses from trade secret theft is real and growing, therefore; a multi-pronged approach must be implemented by the public and private sectors alike. “Businesses must do their part to harden their cyber defenses, but the “take-home message here is that protecting IP from ‘them’ is an incomplete and inadequate strategy—understanding that ‘we’ are sometimes our own enemy is important to building good policy and practice for defending the crown jewels” (Verizon DBIR Snapshot, 2012, p. 3). However, to avoid continued, significant and irreversible harm to U.S. companies and the overall economy, robust public policy tools—including in particular trade tools—must also be utilized...

Words: 2645 - Pages: 11

Free Essay

Justification of Protection of Intellectual Property Vis-a-Vis Trade Secrets

...Justification of Protection of Intellectual Property vis-a-vis Trade Secrets PAPER V Submitted By: SARTHAK KAPILA ROLL NO. 48, P.G.D.,I.P.R. – 2014 Justification of Protection of Intellectual Property vis-a-vis Trade Secrets Intellectual property pertains to any original creation of human intellect such as artistic, literally, technical or scientific creation. Intellectual Property Rights (IPR) refers to the legal rights given by the State to the inventor/creator to protect his invention/creation for a certain period of time. These legal rights confer an exclusive right to the inventor/creator or his assignee to fully utilize his invention/creation for a given period of time. Countries have laws to protect intellectual property for two main reasons. One is to give statutory expression to the moral and economic rights of creators in their creations and the rights of the public in access to those creations. The second is to promote, as a deliberate act of Government policy, creativity and the dissemination and application of its results and to encourage fair trading which would contribute to economic and social development. The term ‘Intellectual Property’, denotes rights over intangible object of the person whose mental effort created it and refers to a loose cluster of legal doctrines that regulate the uses of different sorts of ideas and insignias. The subject matter of intellectual property is very wide and includes literary and artistic works, films, computer...

Words: 8264 - Pages: 34

Free Essay

Foreign Economic Collection 2011

...COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E E X E C U T I V E October 2011 Ta b l e o f C o n t e n t s Executive Summary ................................................................................................................................ i Scope Note ........................................................................................................................................... iii US Technologies and Trade Secrets at Risk in Cyberspace.....................................................................1 The Appeal of Collecting in Cyberspace................................................................................. .....1 Security and attribution ....................................................................................................... 1 Faster and cheaper .............................................................................................................. 2 Extra-territoriality ................................................................................................................ 2 Large but Uncertain Costs........................................................................................................... 3 Pervasive Threat from Intelligence Adversaries and Partners ...............................................................4 China: Persistent Collector..............................................................................................

Words: 11021 - Pages: 45

Premium Essay

Corporate Compliance Riordan Manufacturing

...Corporate Compliance Plan for Riordan Manufacturing LAW/531 Corporate Compliance Plan for Riordan Manufacturing Riordan Manufacturing identifies itself as an innovative industry leader that exceeds standards, boasting a robust research and development team with the edge and attitude to create customer solutions while maintaining rigorous quality standards within a reasonable price. This corporate compliance proposal for Riordan Manufacturing will incorporate the existing risk management structure with current recommendations from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) to achieve a viable corporate compliance plan. This plan will allow Riordan Manufacturing to continue its future focus on sustained growth by achieving and maintaining profits for financial and human capital. This proposal will incorporate the recommendations of COSO and address areas of liability, risk management and detail a comprehensive corporate compliance plan that will support Riordan Manufacturing’s sustainability as a global plastics manufacturer. Enterprise Risk Management Enterprise Risk Management (ERM) is a process that is define as a basic set of fundamental concepts, “effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding...

Words: 1994 - Pages: 8

Premium Essay

Security Policy

.....2 2. ACCESS CONTROL.....................................................................3 4. DOCUMENTED DATA SECURITY POLICY.................................4 1. POLICY STATEMENT It shall be the responsibility of the I.T. Department to provide adequate protection and confidentiality of all corporate data and software systems, whether held centrally, on local storage media, or remotely, to ensure the continued availability of data and programs to all authorized members of staff, and to ensure the integrity of all data and configuration controls. Summary of Main Security Policies 1.1. Confidentiality of all data is to be maintained through discretionary and mandatory access controls, and wherever possible these access controls should meet with C2 class security functionality. 1.2. Access to data on all laptop computers is to be secured through encryption or other means, to provide confidentiality of data in the event of loss or theft of equipment. 1.3. The use of unauthorized software is prohibited. In the event of unauthorized software being discovered it will be removed from the workstation immediately. 1.4. Data may only be transferred for the purposes determined in the corporate data- protection policy. 1.5. All disk drives and removable media from external sources must be virus checked before they are used within the corporation. 1.6. Passwords must consist of a mixture of at least 8 alphanumeric characters, and must be changed every 60 days and must...

Words: 1364 - Pages: 6

Premium Essay

Addressing Challenges of Groups and Teams

...RUNNING HEAD: Riordan Corporate Compliance Plan Gregory L. Flanders Business LAW 531 Professor Linda Fried 17 July 2011 Corporate Compliance Plan Date: July 18, 2011 Subject: Riordan Corporate Compliance Plan To: Riordan Executive Officers and Directors I. Introduction Riordan Manufacturing was founded in 1991 with patent awards from processing polymers into strong plastic substrates. Riordan Manufacturing is a profitable plastics manufacturer with annual earnings of $46 million. The company is wholly owned by Riordan Industries, a Fortune 1000 company with revenues over $1 billion. The products include plastic beverage containers produced at the plant in Albany, Georgia, custom plastic parts produced at the plant in Pontiac, Michigan, and plastic fan parts produced at the facilities in Hangzhou, China. The company's research and development is done at the corporate headquarters in San Jose. Riordan’s major customers are automotive parts manufacturers, aircraft manufacturers, the Department of Defense, beverage makers and bottlers, and appliance manufacturers (University of Phoenix, 2003). II. Corporate Compliance Overview Senior leadership for Riordan Manufacturing, Inc. created a corporate compliance plan tailored to the corporation’s specific areas of plastic research and development, design, and manufacturing business. Riordan’s policies set forth in this document applies equally and legitimately to each employee without any regard to...

Words: 2523 - Pages: 11

Premium Essay

Information Security

...COM656 Group Project Security Plan Chunlin Yang Yunzhen Li Peng Yu Yun-Chen Tsao Coleman University COM656 Group Project Security Plan A brief description of the company Company size, employees numbers, Customers Canon Inc is a multinational corporation specialized in the manufacture of imaging and optical products, including cameras, camcorders, photocopiers, computer printers and medical equipment. It has about 190,000 employees worldwide by end of 2015. Canon has Personal, Office, Professional, Industry business sectors, provide products and services to many millions of customers in each sector globally. History Summary From its humble beginnings in a 1933 Tokyo apartment, Canon has grown to become a monolith in the field of imaging. Once only a maker of high-quality cameras, Canon now produces personal as well as multifunction copy machines, laser and inkjet printers, toner and canon ink cartridges, and calculators— all in addition to their high-quality cameras. Canon began under the name Precision Optical Instruments Laboratory with the goal of developing a high-end Japanese camera to compete with the European brands flooding the market. That first camera was named Kwanon after the Buddhist Goddess of mercy. Just a short time later, Precision Optical Instruments Laboratory created the first-ever 35mm focal-plane shutter camera called the Hansa Canon—and thus the Canon brand was born. But it wasn't until 1947 that the company officially changed its...

Words: 3908 - Pages: 16

Free Essay

Nsa Spy Programs

...Since the invention of radio, intelligence-gathering organizations have been developing and using eavesdropping techniques to intercept and review wireless communications. Initially, these capabilities were solely used to spy on hostile nations, and particularly for military purposes. Human operators had to manually review each transmission, and cryptanalysts pored over military ciphers in an attempt to decode important messages. As wireless communication has become an integral part of commercial and individual existence, and potential threats to security are increasingly found in peacetime and on home ground, the scope of this intelligence gathering has likewise broadened. One of the most controversial eavesdropping systems in existence is a classified project known as ‘Echelon.’ Its use of computer hardware and software to filter communications from all over the world brings up many ethical issues related to the impact of computers on privacy. Overview of Echelon Most of the evidence for Echelon is circumstantial, though a few facts have been established. The participating organizations (notably the US Central Intelligence Agency and National Security Agency) have neither confirmed nor denied its existence. In lieu of a discussion of the ethical issues, a brief summary of the current knowledge follows. How it Works Echelon is the product of Cold War efforts to monitor wireless communications in the USSR. It traces its roots back to the clandestine UKUSA...

Words: 5284 - Pages: 22

Premium Essay

History on Secrity

...History of Security CCJS345/6380 25 January 2015 In the beginning of the United States, security over ones business, crops and homestead was generally their responsibility. As the founding fathers and other settlers made their way to the new world and found new lives, they also found new dangers. It was the head of the households responsibility to protect the way of life. As the new world matured and became the United States in 1776, soon after police departments formed up in the major cities on the east coast and eventually making its way out west. It was not until 1865, when the oldest private security origination was stood up known as United States Secret Service. It was not until 1901 the Secret Service became what we know it to be today. As a part of the Treasury Department, they only protected the President on a part-time basis. (Harlow, 2011) Today private security agencies seem to be everywhere, from big sporting events to movie actors and even helping fight the war on terrorism. To understand the private security world, it is important to understand when it started. The American Society for Industrial Security (ASIS) was established in 1955 which took private security to another level. “Today the organization is the American Society for Industrial Security International, reflecting the global emphasis on security operations. For most practitioners, 1955 signifies the beginning of the modern age of security. Before 1955 there were no professional...

Words: 859 - Pages: 4

Premium Essay

Issues Faced by the Company

...Some employees steal from their co-workers. Many employee-victims have complained and reported that personal property was taken from them while on the job. In some cases these issues are never solved. But in other cases the perpetrators of theft have been caught. This type of stealing is considered to be of a more serious offense and some individuals have lost their jobs because they were proven guilty of theft in the workplace. Sadly, some theft victims were unable to retrieve their items that were stolen. B. RESPONSIBILITIES TO SOCIETY -One of the key drawbacks to a corporate social responsibility program is the cost to the company. Efforts such as event sponsorship, charitable donations, product donations and commitment to voluntary environmental standards all cost money that a company is unlikely to make back in the short term. Despite the long-term positive effects of an improved corporate image,...

Words: 474 - Pages: 2

Free Essay

B.U.G. Inc. Paper

... These electronic devices have the ability to tap into telephone wires, cell phone transmissions, and even intercept sound waves and voices through the walls of any room in any house or open areas. BUG wants to expand its product internationally, but is hesitant to pursue because of possible detriments that it may have in regards to the different types of legal protections, civil liabilities, torts, and down to its privacy, security, infringement issues, and email contract validity. BUG Inc. hired a group of specialists to define these problem areas and discuss the importance of why it should be taken care of. Bug, Inc. should have several protections for its intellectual property. The protections include trademarks, trade secrets, copyrights, and patents. The Uniform Trade Secret act and common law protect the secret processes, formulas, methods, procedures, and lists that provide Bug, Inc. with economic advantage. This protection lasts for the life of the entity or owner. For example, customer lists with contact information, buying patterns, and credit histories involving Bug, Inc. are protected by the Trade Secret act. Services marks and trade dress fall into the realm of trademarks. The Lanham act along with some state and federal common law help protect Bug, Inc.’s trademark, which is a logo of a ladybug wearing a set of headphones. Trademarks are defined as words, symbols, or phrases that identify a particular seller’s product or service. Trade dress...

Words: 1663 - Pages: 7

Premium Essay

Torts

...The objective to start a business is to achieve business aims by maximizing its profits. A business is established with a single person or by many people. The legal forms of business are: Sole Proprietorship, Partnership, Limited Liability Partnership, Limited Liability Company, S corporation, franchise, and corporate form are the legal forms of business. The common impacts these forms of businesses have are: liability, tax, legal, and managerial. Sole Proprietorships Sole Proprietorships are the simplest form of business because they have one owner and do not require any registration from federal, state, or local governments. This type of business is suitable for a person who prefers to start a small grocery store, plumbing, consultancy, or a tutor. Sole Proprietorships needs a small amount of capital to start the business. This type of business does not have stocks. A sole proprietor owns the assets. At the same time, he is responsible for all his debts. Sole Proprietorships taxes are straightforward and the reported income on this type of business is reported as regular income. There are no legal restrictions in this business and are flexible for many types of enterprises, products, and services. General Partnership Partnership is a business, when two or more partners combine and share equal responsibilities on the liabilities and operations of that business. This type of business can be preferred if there are two licensed partners to start a business. A good...

Words: 996 - Pages: 4

Premium Essay

Desktop Technician

...Quality Web Design Submitted to: SE571 Principles of Information Security and Privacy Submitted: September 21, 2011 Executive Summary This report was commissioned to inspect and recommend solutions for Quality Web Designs (QWD) hardware equipment and software security concerns. QWD is a small local company concerned about the continual losses of hardware by employees travelling and stationary. The review of software solutions for the company revealed that they were lacking in several areas, the backup and recovery process, as well the lack of an antivirus solution. Hardware solutions were described as weak and require upgrade from the controls at the home and remote offices as well as the equipment that travels with employees to remote locations and on the road. With the commission of this report improvements would minimize the risks associated with these holes in security. Introduction Quality Web Design offers a variety of services such as web hosting, virtual addressing, and marketing just to name a few. The company was founded in 1995 and has over 50 years technical and business experience between the two partners. Based out of Connecticut, the company has made a worldwide positive impression with its site structure ease of access and clientele. The company has made an outstanding reputation for itself in the local community, by helping with local establishments businesses and churches as shown on their web site, in a small town setting. This assessment will...

Words: 1578 - Pages: 7

Premium Essay

Jeannine Goree

...advancement of information technology in the world, about every company that is around at this very moment, has performed some type of surveillance at some time or another in its course of operation. Employers argue that they have every right to protect their assets to ensure their company’s ability to thrive securely. Assets can be the trade secrets of a company, their network, confidential data, computer hardware, and lastly, its employees. Employers have a difficult decision of deciding the rights of their employees versus protection of themselves. Employers also feel that they have the right to monitor their employee’s internet usage, email, and telephone calls to prevent liability from sexual harassment within the company via email (inappropriate jokes) and to monitor computer usage for employee performance instead of second-hand reports from managers. The Fourth Amendment to the U.S. Constitution guarantees "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" (U.S. Const., amend. IV). (Rothstein, n.d.) What about the employee’s rights and protection? The Fourth Amendment is supposed to...

Words: 664 - Pages: 3

Premium Essay

Intellectual Property

...Property Intangible rights protecting the products of human intelligence and creation, such as copyrightable works, patented inventions, Trademarks, and trade secrets. Although largely governed by federal law, state law also governs some aspects of intellectual property. Intellectual property describes a wide variety of property created by musicians, authors, artists, and inventors. The law of intellectual property typically encompasses the areas of Copyright, Patents, and trademark law. It is intended largely to encourage the development of art, science, and information by granting certain property rights to all artists, which include inventors in the arts and the sciences. These rights allow artists to protect themselves from infringement, or the unauthorized use and misuse of their creations. Trademarks and service marks protect distinguishing features (such as names or package designs) that are associated with particular products or services and that indicate commercial source. Patent A patent secures a sole right for a limited period of time to prevent others from using the invention commercially. This sole right represents a key competitive advantage and serves to protect the assets produced by corporate research and development. The actual drafting of a patent application is decisive for the extent of the protection obtained. We possess expertise in all fields of technology. Trademark A trademark often represents a substantial asset and is for many companies far...

Words: 309 - Pages: 2