• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Bridging the Gap: Securing IP

Bridging the Gap: Securing IP



By Curtis Coleman

By Curtis Coleman



Total Views
Views on SlideShare
Embed Views



2 Embeds 2

http://ipsociety.hopefoundry.com 1
http://www.slideshare.net 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Bridging the Gap: Securing IP Bridging the Gap: Securing IP Presentation Transcript

    • Intellectual Property Society presenting Bridging the Gap: Securing IP Curtis Coleman, CISSP, CISM Director, Electronic Security Seagate Technology
    • Agenda
      • Introductions
      • IP and E-Commerce
          • Why should I care? I’m a small company.
          • IP Audit – Take Inventory
      • Is snooping really a threat?
      • Primer on how they operate?
      • High Tech & Non-Tech Solutions
    • Senior Computer Security Officer for the B-2 Stealth Bomber
      • US Air Force - 20 years
      • Top Secret Clearance
      • Operations Officer
        • Minuteman Missiles
        • Electronic Warfare
        • Computer Security
        • B-2 Stealth System
      • USAF Medal of Achievement
        • Computer Systems Security Research
        • Authored Book USAF WCCS Security
    • Commander of a team of Information Warfare Specialists (CyberKnights)
    • The CyberKnight Mission
    • IBM Executive Computer Security Specialist “Ethical Hacker”
      • Goal:
      • Identify Critical Business Processes & Intellectual Property
      • Penetrate
      • Secure IP
        • United Nations World Bank
        • Morgan Stanley - Dean Witter
        • AT&T Global Networks
        • Ernst & Young Security Services
        • Bank of America
        • Hallmark, Inc.
        • US Military & Government Agencies
    • IP Relates to E-Commerce
      • E-Commerce involves selling products or services that are based on IP
        • Music, Video, Pictures
        • Software, Graphics, Designs
        • Training material, systems, etc.
      • IP is involved in making E-Commerce work:
        • Software, networks, routers/switches
        • Chips, designs, user interfaces, etc.
    • Small or Middle Sized Businesses Have Need to Protect Their IP
      • E-Commerce businesses and Internet related businesses are based on product or patent licensing
        • Different technologies are required to create a product
        • Companies often outsource the development of some components
      • E-Commerce based businesses usually hold a great deal of their value in IP
        • The value of the E-Commerce business is directly affected by whether you have protected your IP
    • IP Audit – Take Inventory
      • Patents, patent applications, innovations that could be patentable
      • Copyright
        • Software, designs, documentation or technical writing, software scripts, user interface material, schematics, artwork, web site designs, music, photos, video
      • Distinct signs, company name, product names, logos
      • Trade secrets – has commercial value to you, not generally known
        • Product formulas, customer lists, business strategies & models, plans for technical enhancements to products
      • Any valuable that is intangible
    • The Purpose of IP Audit
      • The purpose of the IP Audit is to review what IP your company has and determine how to protect, exploit, and enhance its value.
      • Example: Your E-Commerce business is affected by Patents
        • Patents are not just for large companies. Patents are not only for high technology
        • Some of the most successful E-Commerce companies have used patents for business methods:
          • Amazon
          • America On-Line
          • DoubleClick
          • eBay
          • PriceLine
    • Is Snooping Really A Threat?
      • American Society of Industrial Security
          • Sept 2002 – surveyed 138 companies
          • Reported lost in R&D or financial data at $53Billion
      • Society of Competitive Intelligence Professional
          • Govern by a set of legal and ethical guidelines
      • Foreign governments
      • Chinese Proverb – “the death of a thousand cuts”
          • Most companies don’t have a means of tracking the loss of IP
          • They go on hemorrhaging, losing market share
          • Gradually it takes the vitality out of the company
          • Usually seen as, “Oh well, that’s just bad luck in business”
    • Training Material – Easy to Obtain
      • Art of Deception
      • Netspionage
      • Your Secrets Are My Business
      • Naked in Cyberspace
    • Five Step Primer: How Snoops Operate
      • Step 1: Find Out What’s Public
      • The number one damage to companies is their own people don’t know how to handle the company’s IP
        • Salespeople Tradeshows
        • Detail R&D facility to attract recruits
        • Suppliers brag about sales on Website
        • Public Relations press release on patents
        • EPA/OSHA over reported on facilities
        • Employees chat on Yahoo boards
    • Five Step Primer: How Snoops Operate
      • Step 2: Work the Phones
      • List of employee names, titles, extentions
      • Internal newsletters, promotions, retirements, new hires
        • The more the snoop knows about the person answering the phone, the easier to work that person for information
        • Snoop won’t ask direct questions
        • Snoop will guide the conversation in ways that seem innocuous
        • Snoop shows high interested in the target and what he does
        • A 5 minutes survey becomes 20 minutes of IP gathering
    • Five Step Primer: How Snoops Operate
      • Step 3: Go into the Field
      • Any public place where employees go, snoops go too!
        • Airports
        • Coffee shops
        • Restaurants
        • Bars near company offices or factory
        • Tradeshows
      • Snoops use Job Interviews
        • Sees what you are asking for in new hires (skills, technology)
        • Asks one of your employees in for a job interview
    • Five Step Primer: How Snoops Operate
      • Step 4: Put it Altogether
      • It is not only trade secrets that are valuable!
      • Example: 3 Grad Students
        • Company was interested in a new technology
        • Students publishing papers for 2 years on new technology
        • Suddenly they stopped writing
        • Investigation showed all 3 moved to same town and worked for high tech competitor
        • Talk to them on phone about previous published papers
        • Figured out when new technology would hit the market
        • Gave an 18 months heads up on the competition plans
    • Five Step Primer: How Snoops Operate
      • Step 5: And If All Else Fails . . .
      • Other countries have vastly different ethical and legal guidelines for information gathering!
        • Bugs, bribes, theft, extortion
        • Widely practiced throughout the world
        • Espionage is sometimes sanctioned or even carried out by foreign governments, which may view helping local companies keep tabs on foreign rivals as a way to boost the country’s economy.
    • A Growing Concern IP Rights vs. Privacy
      • Everything in Cyberspace is composed of bits (1s & 0s)
      • Digital works are perfectly reproducible, an infinite number of times without degradation
      • On the Web, a copy is the original
      • The need for Digital Rights Management (DRM)
          • Security & integrity features of computer OS
          • Rights-management and tracking
          • Encryption
          • Digital Signatures
          • Fingerprinting and other “marking” technology
      • The Consumer’s Privacy vs DRM
    • High Technology & Non-Technology Solutions
      • High Technology Non-Technology
      • Firewalls Policies
      • Intrusion Detection Systems Standards
      • Content Filtering Procedures
      • Access Control Lists Security Awareness
      • Digital Rights Management
      • Cryptography
          • SSL
          • Certificates
          • Digital Signatures
          • Steganography
      • Any Questions ?
      • Contact Info:
      • Curtis Coleman, CISSP, CISM
      • Phone: 831-439-7194
      • eMail: curtis.coleman@seagate.com