1. The document discusses various types of proprietary information and threats to proprietary information such as inadvertent disclosure, theft by outsiders or insiders, and industrial espionage. 2. It describes trade secrets, patents, and competitive intelligence gathering. Methods of espionage including wiretapping, bugging, and eavesdropping techniques are also outlined. 3. Common threats to proprietary information are inadvertent disclosure, theft by outsiders or insiders, and industrial espionage.

1. CPP Review - 2006 John Hewitt, CPP, CIPM Senior Security Manager Trammell Crow Company 214-438-8861 Information Security

2. Information Security – Part V Proprietary Information Information over which the possessor asserts ownership and which is related to the activities or status of the possessor in some special way All Proprietary Information is confidential, but not all confidential information is proprietary.

4. Information Security Proprietary Information It can be lost through inadvertent disclosure It can be deliberately stolen by an outsider It can be deliberately stolen by an insider There are 3 broad threats to proprietary information:

7. Information Security Trade Secret Trade Secret information is entitled by law to more protection than other kinds of proprietary information

8. Information Security Trade Secret/Patent A trade secret remains secret as long as it continues to meet trade secret tests but the exclusive right to patent protection expires after 17 years

10. Information Security Competitive Intelligence Gathering A rich source of information is in the information provided to government regulators Never reveal information to anyone that you would not reveal to a competitor

11. Information Security Industrial Espionage Industrial espionage is the theft of information by legal or illegal means. It is more dangerous than inadvertent disclosure by employees in that highly valuable information is stolen for release to others who plan to exploit it.

12. Information Security Industrial Espionage The vulnerability assessment is conducted from the perspective of the competitor and considers: What critical information exists The period of time when the information is critical. This may be a short period or may be for the life of a product The identity of employees and indirect associates who have access to the information

13. Information Security “ Wiretapping ” - is the interception of communication over a wire w/o participants consent and requires physical entry into the communication circuit “ Bugging ” - interception of communication w/o participants consent by means of electronic devices and w/o penetration of a wire. Eavesdropping Tactics / Equipment

22. Information Security Information Technology Security ** New** Virus – Any hidden computer code that copies itself onto other programs. Trojan Horse – Code that has been downloaded attached to unsuspecting programs, that later damage or affect data. Bomb – Code inserted by programmers into legitimate software. (1) sensitive to a time schedule, triggered by date/time. (2) Triggerd by an event, copying a file or opening a program, etc. Trapdoors / Back doors – Intentionally created and inserted when developing software, IE : Microsoft’s XP, etc.

23. Information Security Cookie Monster / Cookies – Data maintained form your PC for resource sharing, by use of text files sent to the machine via each website. Allows data such as credit card information to be collected, by unauthorized parties. Information Technology Security Theft of Hardware – The unlawful taking of PC or laptop with the intent of gaining access to a company network or other vital information, or sensitive data.

24. Information Security Fax Security Security Products Tamperproof security enclosures for fax machines Automated fax distribution systems, stores documents in employee mail boxes, employees can access with a PIN. Encryption – Transmitting and receiving to prevent reading an intercepted fax.

25. Information Security Cellular Phones Cellular and cordless telephones, digital and anolog, transmit RF signals which can be intercepted. Digital signals, thought to be sure can be taped and converted back to analog signals for use by an interloper. When a cellular phone is turned on, it transmits a mobile Identification number (MIN) and an electronic serial number which identify cellular set. These signals can be cloned for illicit use.

26. Information Security Test

68. Recommended for study: CPP Study Guide – 12 th Edition Information Security Good Luck ! John Hewitt, CPP, CIPM