ABSTRACT
A recent “Trends in Proprietary Information Loss Survey Report,” sponsored by PriceWaterhouse Coopers, revealed that the U.S. Chamber of Commerce and the ASIS International Foundation found that both Fortune 1,000 and small to mid-sized businesses were likely to experience proprietary information and intellectual property losses ranging from $53 to $59 billion. These losses involved the following:
Research and development (49 percent)• Customer lists and related data (36 percent)• Financial data (27 percent)•
For information security protection programs it is important to remember that there are more crimes committed against businesses by authorized insiders than by outside penetration of the systems or networks. In the case of industrial espionage, the insider might have been motivated by an outsider, however. Security and IT directors must walk a very thin line
between creating an atmosphere of trust for employees and implementing deterrent programs to prevent those same employees from stealing the company jewels. The best approach to this is to ensure that for highly sensitive or very important information, protection programs exist in such a way as to require that two or more people need to access the complete data in order for someone to get all of the information. This means that there would need to be collusion between multiple employees or the system would have to be circumvented in some way, which will usually leave some evidence of the crime.
