cpp review - 2006 john hewitt, cpp, cipm senior security manager trammell crow company 214-438-8861...
Post on 14-Dec-2015
215 Views
Preview:
TRANSCRIPT
CPP Review - 2006
John Hewitt, CPP, CIPM
Senior Security Manager
Trammell Crow Company
214-438-8861
Information Security
Information Security – Part V
Proprietary Information
Information over which the possessor asserts ownership and which is related to the activities or status of the possessor in some special way
All Proprietary Information is confidential, but not all confidential information is proprietary.
Information Security
Proprietary Information
“Property Concept” regards the information as having independent value if it amounts to a trade secret
“Fiduciaries” Imposition of duties upon certain classes of people, other than the owner not to use or divulge info without owner’s consent.
Information Security
Proprietary Information
It can be lost through inadvertent disclosure
It can be deliberately stolen by an outsider
It can be deliberately stolen by an insider
There are 3 broad threats to proprietary information:
Information Security
Trade Secret
A trade Secret is a process or device for continuous use in the operation of the business
For trade secret protection, must prove Secrecy Value Use in the owner’s business
Information Security
Trade Secret
The following are not trade secrets:
Salary informationRank surveysCustomer usage evaluationProfitability marginsUnit costsPersonnel changes
Information Security
Trade Secret
Trade Secret information is entitled by law to more protection than other kinds of proprietary information
Information Security
Trade Secret/Patent
A trade secret remains secret as long as it continues to meet
trade secret tests but the exclusive right to patent protection expires after 17 years
Information Security
The most important function of competitive intelligence gathering is to alert senior management to marketplace changes in order to prevent surprise
Competitive Intelligence Gathering
Information Security
Competitive Intelligence Gathering
A rich source of information is in the information provided to government regulators
Never reveal information to anyone that you would not reveal to a competitor
Information Security
Industrial Espionage
Industrial espionage is the theft of information by legal or illegal means. It is more dangerous than inadvertent disclosure by employees in that highly valuable information is stolen for release to others who plan to exploit it.
Information Security
Industrial Espionage
The vulnerability assessment is conducted from the perspective of the competitor and considers:
What critical information exists
The period of time when the information is critical.
This may be a short period or may be for the life of a product
The identity of employees and indirect associates who have access to the information
Information Security
“Wiretapping” - is the interception of communication over a wire w/o participants consent and requires physical entry into the communication circuit
“Bugging” - interception of communication w/o participants consent by means of electronic devices and w/o penetration of a wire.
Eavesdropping Tactics / Equipment
Information Security
Eavesdropping Tactics / Equipment
Carbon microphone
commonly used in a standard telephone handset
Crystal microphone
generates a small electrical current when the crystal is vibrated by sound waves
Contact microphone
installed on a common wall with the target area
Information Security
Eavesdropping Tactics / Equipment
Spike microphone
installed in a hole in the common wall (not fully through)
Dynamic microphone
movement of a small wire near a permanent magnet converts sound into electrical energy. Good eavesdropping device which operates as a loudspeaker in reverse
Information Security
Eavesdropping Tactics / Equipment
Pneumatic cavity devicehas a specially designed small cavity which picks up surface vibrations. (Glass tumbler effect)
Condenser microphonehigh fidelity use. Fragile and sensitive
Electret microphoneused primarily in P.A. and audio recording. (Extremely small)
Information Security
Eavesdropping Tactics / Equipment
Omnidirectional microphone
used in conferences. Picks up sound from many directions around the room
Cardioid microphone
picks up sound from directly in front of mic
Parabolic microphone
gathers audio energy and directs it to a conventional microphone in the center of a dish-type reflector
John Hewitt, CPP, CIPM
A radio frequency (RF) device. Consists of:
– A microphone– A transmitter– A power supply– An antenna; and,– A receiver
Information Security
John Hewitt, CPP, CIPM
Information Security
• Digital systems - originally thought to be secure:• Digit stream can be recorded and converted to analog and
speech.• The control system is available from an on-site terminal or
from off-site through the network. (Remote Maintenance Access Terminal) (RMAT)
Telephone Eavesdropping
John Hewitt, CPP, CIPM
Information Security
• Risk for the electronic eavesdropper is low:
– electronic eavesdropping is easily committed
– chances are low that victim will find the device
– chances low, if found, can be tied to eavesdropper
– prosecution of eavesdropping cases is rare; and,
– the reward far outweighs the risk
Eavesdropping Threat
John Hewitt, CPP, CIPM
Information Security
• Audio masking
– generation of noise at the perimeter of the secure area to cover or mask conversation. Music is not used; “white” or “pink” noise is not as easily filtered from the tape
Miscellaneous
John Hewitt, CPP, CIPM
Information Security
Information Technology Security ** New**
Virus – Any hidden computer code that copies itself onto other programs.
Trojan Horse – Code that has been downloaded attached to unsuspecting programs, that later damage or affect data.
Bomb – Code inserted by programmers into legitimate software. (1) sensitive to a time schedule, triggered by date/time. (2) Triggerd by an event, copying a file or opening a program, etc.
Trapdoors / Back doors – Intentionally created and inserted when developing software, IE : Microsoft’s XP, etc.
John Hewitt, CPP, CIPM
Information Security
Cookie Monster / Cookies – Data maintained form your PC for resource sharing, by use of text files sent to the machine via each website. Allows data such as credit card information to be collected, by unauthorized parties.
Information Technology Security
Theft of Hardware – The unlawful taking of PC or laptop with the intent of gaining access to a company network or other vital information, or sensitive data.
John Hewitt, CPP, CIPM
Information Security
Fax Security
Security Products
Tamperproof security enclosures for fax machines
Automated fax distribution systems, stores documents in employee mail boxes, employees can access with a PIN.
Encryption – Transmitting and receiving to prevent reading an intercepted fax.
John Hewitt, CPP, CIPM
Information Security
Cellular Phones
Cellular and cordless telephones, digital and anolog, transmit RF signals which can be intercepted.
Digital signals, thought to be sure can be taped and converted back to analog signals for use by an interloper.
When a cellular phone is turned on, it transmits a mobile Identification number (MIN) and an electronic serial number which identify cellular set. These signals can be cloned for illicit use.
John Hewitt, CPP, CIPM
Information Security
Test
John Hewitt, CPP, CIPM
1. Any formula, pattern, device or compilation of information which is used in one’s business and which gives him an opportunity to gain an advantage over competitors who do not know or use it is:
• a. A monopoly
• b. An unfair trade practice
• c. A trade secret
• d. A patent
John Hewitt, CPP, CIPM
1. Any formula, pattern, device or compilation of information which is used in one’s business and which gives him an opportunity to gain an advantage over competitors who do not know or use it is:
• a. A monopoly• b. An unfair trade practice• c. A trade secret• d. A patent
John Hewitt, CPP, CIPM
2. Probably the main reason for loss of sensitive information is:
• a. Inadvertent disclosure
• b. Deliberately stolen by outsider
• c. Industrial espionage
• d. Deliberately stolen by insider
John Hewitt, CPP, CIPM
2. Probably the main reason for loss of sensitive information is:
• a. Inadvertent disclosure
• b. Deliberately stolen by outsider
• c. Industrial espionage
• d. Deliberately stolen by insider
John Hewitt, CPP, CIPM
3. The primary tool of pre-employment screening is the:
• a. Interview
• b. Application form
• c. The investigation
• d. The investigator
John Hewitt, CPP, CIPM
3. The primary tool of pre-employment screening is the:
• a. Interview
• b. Application form
• c. The investigation
• d. The investigator
John Hewitt, CPP, CIPM
4. Competitive intelligence gathering is a legitimate activity which is engaged in by many firms throughout the world. The most important function of competitive intelligence is to:
• a. Alert senior management to marketplace changes in order to prevent surprise
• b. Alert senior management as to the personal habits of competitive senior management
• c. Alert government intelligence agencies to marketplace changes
• d. Alert senior management to changes in protocol in foreign countries
John Hewitt, CPP, CIPM
4. Competitive intelligence gathering is a legitimate activity which is engaged in by many firms throughout the world. The most important function of competitive intelligence is to:
• a. Alert senior management to marketplace changes in order to prevent surprise
• b. Alert senior management as to the personal habits of competitive senior management
• c. Alert government intelligence agencies to marketplace changes
• d. Alert senior management to changes in protocol in foreign countries
John Hewitt, CPP, CIPM
5. The instrument used to monitor telephone calls by providing a record of all numbers dialed from a particular phone is called:
• a. A wiretap
• b. A bug
• c. An electronic surveillance
• d. A pen register
John Hewitt, CPP, CIPM
5. The instrument used to monitor telephone calls by providing a record of all numbers dialed from a particular phone is called:
• a. A wiretap
• b. A bug
• c. An electronic surveillance
• d. A pen register
John Hewitt, CPP, CIPM
6. A clandestine listening device, generally a small hidden microphone and radio transmitter is known as :
• a. A bug
• b. A wiretap
• c. A tempest
• d. A beeper
John Hewitt, CPP, CIPM
6. A clandestine listening device, generally a small hidden microphone and radio transmitter is known as :
• a. A bug
• b. A wiretap
• c. A tempest
• d. A beeper
John Hewitt, CPP, CIPM
7. A microphone with a large disk-like attachment used for listening to audio from great distances is known as:
• a. Contact microphone
• b. Spike microphone
• c. Parabolic microphone
• d. Moving coil microphone
John Hewitt, CPP, CIPM
7. A microphone with a large disk-like attachment used for listening to audio from great distances is known as:
• a. Contact microphone
• b. Spike microphone
• c. Parabolic microphone
• d. Moving coil microphone
John Hewitt, CPP, CIPM
8. Sound waves too high in frequency to be heard by the human ear, generally above 20 KHZ are known as:
• a. Microwaves
• b. Ultrasonic
• c. High frequency
• d. Short-wave
John Hewitt, CPP, CIPM
8. Sound waves too high in frequency to be heard by the human ear, generally above 20 KHZ are known as:
• a. Microwaves
• b. Ultrasonic
• c. High frequency
• d. Short-wave
John Hewitt, CPP, CIPM
9. Two methods of protection against telephone line eavesdropping are apparently reliable. The first method is “don’t discuss sensitive information” and the other is:
• a. To use a wire tap detector
• b. To use a radio jammer
• c. To use an audio jammer
• d. To use encryption equipment
John Hewitt, CPP, CIPM
9. Two methods of protection against telephone line eavesdropping are apparently reliable. The first method is “don’t discuss sensitive information” and the other is:
• a. To use a wire tap detector
• b. To use a radio jammer
• c. To use an audio jammer
• d. To use encryption equipment
John Hewitt, CPP, CIPM
10. The unauthorized acquisition of sensitive information is known as:
• a. Industrial espionage
• b. Embezzlement
• c. Larceny
• d. False pretenses
John Hewitt, CPP, CIPM
10. The unauthorized acquisition of sensitive information is known as:
• a. Industrial espionage
• b. Embezzlement
• c. Larceny
• d. False pretenses
John Hewitt, CPP, CIPM
11. Proprietary information is:
• a. Information which must be so classified under government order
• b. Private information of highly sensitive character
• c. Defense data which must be classified according to federal regulations
• d. Anything that an enterprise considers relevant to its status or operations and does not want to disclose publicly
John Hewitt, CPP, CIPM
11. Proprietary information is:
• a. Information which must be so classified under government order
• b. Private information of highly sensitive character
• c. Defense data which must be classified according to federal regulations
• d. Anything that an enterprise considers relevant to its status or operations and does not want to disclose publicly
John Hewitt, CPP, CIPM
12. A trade secret is:
• a. Any formula, pattern, device or compilation of information which is used in one’s business and which gives that business an opportunity to gain an advantage over competitors who do not know or use it
• b. All information about a company which the company desires to protect
• c. Information of a company which is registered as such with the Patent Office
• d. Information so designated by the government
John Hewitt, CPP, CIPM
12. A trade secret is:
• a. Any formula, pattern, device or compilation of information which is used in one’s business and which gives that business an opportunity to gain an advantage over competitors who do not know or use it
• b. All information about a company which the company desires to protect
• c. Information of a company which is registered as such with the Patent Office
• d. Information so designated by the government
John Hewitt, CPP, CIPM
13. The control software of a Private Board Exchange (PBX) can be accessed and compromised by calling the telephone number of a device on the PBX from a computer and modem. The name of this PBX device is the:
• a. Time Domain Reflectometer
• b. Remote Maintenance Access Terminal
• c. Current Carrier Signaling Port
• d. Internal and Remote Signal Port
John Hewitt, CPP, CIPM
13. The control software of a Private Board Exchange (PBX) can be accessed and compromised by calling the telephone number of a device on the PBX from a computer and modem. The name of this PBX device is the:
• a. Time Domain Reflectometer
• b. Remote Maintenance Access Terminal
• c. Current Carrier Signaling Port
• d. Internal and Remote Signal Port
John Hewitt, CPP, CIPM
14. Which of the following is generally not true in regard to proprietary information?
• a. Secret information does not have to be specifically identifiable
• b. Secret information must be such that it an be effectively protected
• c. The more narrowly a business defines what it regards as secret, the easier it is to protect that body of information
• d. It is difficult to protect as a trade secret that which can be found in publicly accessible sources
John Hewitt, CPP, CIPM
14. Which of the following is generally not true in regard to proprietary information?
• a. Secret information does not have to be specifically identifiable
• b. Secret information must be such that it an be effectively protected
• c. The more narrowly a business defines what it regards as secret, the easier it is to protect that body of information
• d. It is difficult to protect as a trade secret that which can be found in publicly accessible sources
John Hewitt, CPP, CIPM
15. With respect to trade secrets, it may be decided that its disclosure by another was innocent rather than wrongful even in the case where the person making the disclosure really was guilty of malice or wrong intent. This situation may occur when:
• a. There is absence of evidence that an owner has taken reasonable precautions
to protect confidential information
• b. The trade secret was not registered
• c. The trade secret did not involve national defense information
• d. The trade secret was not in current use
John Hewitt, CPP, CIPM
15. With respect to trade secrets, it may be decided that its disclosure by another was innocent rather than wrongful even in the case where the person making the disclosure really was guilty of malice or wrong intent. This situation may occur when:
• a. There is absence of evidence that an owner has taken reasonable precautions to protect confidential information
• b. The trade secret was not registered
• c. The trade secret did not involve national defense information
• d. The trade secret was not in current use
John Hewitt, CPP, CIPM
16. The class of person under a duty to safeguard a proprietary secret is known as:
• a. Agents
• b. Principals
• c. Fiduciaries
• d. Business Associates
John Hewitt, CPP, CIPM
16. The class of person under a duty to safeguard a proprietary secret is known as:
• a. Agents
• b. Principals
• c. Fiduciaries
• d. Business Associates
John Hewitt, CPP, CIPM
17. Which of the following is not a correct statement, or a general rule, involving the protection of proprietary information?
• a. By operation of common law employees are presumed to be fiduciaries to the extent they may not disclose secrets of their employers without authorization
• b. As a class, employees are the largest group of persons bound to secrecy because of their status or relationship
• c. Other than employees, any other persons to be bound to secrecy must agree to be so bound
• d. Any agreements to be bound must always be in writing and are not implied from acts
John Hewitt, CPP, CIPM
17. Which of the following is not a correct statement, or a general rule, involving the protection of proprietary information?
• a. By operation of common law employees are presumed to be fiduciaries to the extent they may not disclose secrets of their employers without authorization
• b. As a class, employees are the largest group of persons bound to secrecy because of their status or relationship
• c. Other than employees, any other persons to be bound to secrecy must agree to be so bound
• d. Any agreements to be bound must always be in writing and are not implied from acts
John Hewitt, CPP, CIPM
18. Probably the chief reason for the loss of information about sensitive operations is:
• a. Deliberately stolen by an outsider
• b. Loss by fire or other disaster
• c. Deliberately stolen by insider
• d. Lost through inadvertent disclosure
John Hewitt, CPP, CIPM
18. Probably the chief reason for the loss of information about sensitive operations is:
• a. Deliberately stolen by an outsider
• b. Loss by fire or other disaster
• c. Deliberately stolen by insider
• d. Lost through inadvertent disclosure
John Hewitt, CPP, CIPM
19. The term “eavesdropping” refers to:
• a. Wiretapping only
• b. “Bugging” only
• c. Both wiretapping and “bugging”
• d. Mail covers
John Hewitt, CPP, CIPM
19. The term “eavesdropping” refers to:
• a. Wiretapping only
• b. “Bugging” only
• c. Both wiretapping and “bugging”
• d. Mail covers
John Hewitt, CPP, CIPM
20. A microphone which has the characteristics of requiring no power source to operate it, is quite small, relatively difficult to detect, and is offered by equipment suppliers in such items as cuff links and hearing aides is known as:
• a. Carbon microphone
• b. Dynamic microphone
• c. Contact microphone
• d. Parabolic microphone
John Hewitt, CPP, CIPM
20. A microphone which has the characteristics of requiring no power source to operate it, is quite small, relatively difficult to detect, and is offered by equipment suppliers in such items as cuff links and hearing aides is known as:
• a. Carbon microphone
• b. Dynamic microphone
• c. Contact microphone
• d. Parabolic microphone
John Hewitt, CPP, CIPM
This presentation was designed to be used in accordance with other study materials and was not intended to be used solely as a study guide. This presentation does not contain all material from the “Information Security” section of the CPP Study Guide© . The presentation was intended to give you the “Golden Nuggets” which will assist you with taking the CPP Exam. Thanks, John Hewitt, CPP - 5/23/ 2006.
Recommended for study: CPP Study Guide – 12th Edition
Information Security
John Hewitt, CPP, CIPM
top related