The __________ attempts to prevent trade secrets from being illegally shared.
The terms data and information are often used synonymously, but information refers to data that have meaning. For example, "87 percent" is data. It has no meaning by itself until it is reported as a "graduation rate," and then it becomes information. Show Introduction to Information Security As stated throughout this document, one of an organization's most valuable assets is its information. Local, state, and federal laws require that certain types of information (e.g., individual student records) be protected from unauthorized release (see Appendix B for a FERPA Fact Sheet). This facet of information security is often referred to as protecting confidentiality. While confidentiality is sometimes mandated by law, common sense and good practice suggest that even non-confidential information in a system should be protected as well-not necessarily from unauthorized release as much as from unauthorized modification and unacceptable influences on its accessibility. Components of Information SecurityConfidentiality:Preventing unauthorized disclosure and use of informationIntegrity:Preventing unauthorized creation, modification, or deletion of informationAvailability:Preventing unauthorized delay or denial of informationCommonly Asked Questions Q. If an organization maintains physical, software, and user access security, isn't information security addressed by default? While encryption prevents others from reading your information, encrypted files can still be damaged or destroyed so that they are no longer of any use to you. Q. Isn't there software that can protect my information? Q. Doesn't it make sense to just go ahead and encrypt all information? Guidelines for security policy development can be found in Chapter 3. Policy Issues Perhaps more than any other aspect of system security, protecting information requires specific procedural and behavioral activities. Information security requires that data files be properly created, labeled, stored, and backed up. If you consider the number of files that each employee uses, these tasks clearly constitute a significant undertaking. Policy-makers can positively affect this effort by conducting an accurate risk assessment (including properly identifying sensitive information maintained in the system). They should also provide organizational support to the security manager as he or she implements and monitors security regulations. The security manager must be given the authority and budget necessary for training staff appropriately and subsequently enforcing information security procedures at all levels of the organizational hierarchy. A final consideration for policy-makers is information retention and disposal. All information has a finite life cycle, and policy-makers should make sure that mechanisms are in place to ensure that information that is no longer of use is disposed of properly. As discussed more completely in Chapter 2, a threat is any action, actor, or event that contributes to risk. Information Threats (Examples) As discussed more completely in Chapter 2, a threat is any action, actor, or event that contributes to risk. Examples of information threats include:
Information Security Countermeasures The following countermeasures address information security concerns that could affect your site(s). These strategies are recommended when risk assessment identifies or confirms the need to counter potential breaches in your system's information security. Countermeasures come in a variety of sizes, shapes, and levels of complexity. This document endeavors to describe a range of strategies that are potentially applicable to life in education organizations. In an effort to maintain this focus, those countermeasures that are unlikely to be applied in education organizations are not included here. If after your risk assessment, for example, your security team determines that your organization requires high-end countermeasures like retinal scanners or voice analyzers, you will need to refer to other security references and perhaps hire a reliable technical consultant. Transmit Information Securely (including e-mail):
Select only those countermeasures that meet perceived needs as identified during risk assessment and support security policy. Countermeasures like biometrics are probably beyond the realm of possibility (and necessity) in most, if not all, education organizations. Pre-arranged transmission times set for the middle of the night (e.g., 1:37 a.m.) may seem odd, but they can increase security because there is less traffic on telephone lines and fewer hackers snooping around at such odd hours. Present Information for Use in a Secure and Protected Way:
Back up Information Appropriately (see Chapter 4):
Many organizations prefer that users back up only their own data files-leaving software and operating system backups in the responsible hands of the security manager or system administrator. Store Information Properly (see Chapter 5):
It Really Happens! As Principal Brown's secretary, Marsha didn't have time for all the difficulties she was having with her computer--well, it wasn't really her computer that was having problems, but her most important files (and that was worse). Fed up with having to retype so many lost files, she finally called in the vendor who had sold the school all of its equipment. The vendor appeared at her office promptly and asked her to describe the problem. "Well," Marsha explained, "I keep a copy of all of my important files on a 3 1/2 inch disk, but when I go to use them, the files seem to have disappeared. I know that I'm copying them correctly, so I just can't understand it. I don't know if it's the word processing software or what, but I'm tired of losing all of my important files." The vendor asked whether it was possible that Marsha was using a bad disk. "I thought about that," she replied as if prepared for the question, "but it has happened with three different disks. It just has to be something else." Marsha reached for a disk that was held to the metal filing cabinet next to her desk by a colorful magnet. "You try it." "That's a very attractive magnet," the vendor said as Marsha handed over the disk. "Do you always use it to hold up your disks?" "Yes, it was a souvenir from Dr. Brown's last conference. I just think it's beautiful. Thanks for noticing." "It is beautiful," the vendor replied, "but you know that it's also the root of all your problems. Every time you expose a disk to that magnet, it erases the files. That's just the way magnets and computer disks get along-like oil and water. Try storing the disk away from the magnet and your troubles, not your files, will soon disappear." Dispose of Information in a Timely and Thorough Manner:
It Really Happens! Trent couldn't believe his eyes. Displayed before him on a monitor in the high school computer lab were the grades of every student in Mr. Russo's sophomore English classes: Student NameGradesCommentsLinda Foster:C-, C, C+, CImproving slightly, but unable to make sufficient gains; a candidate for learning disability testing?All Trent had done was hit the "undelete" function in the word processing software to correct a saving mistake he had made, and suddenly a hard drive full of Mr. Russo's files were there for the taking. Luckily for Mr. Russo, his sophomores, and the school, Trent realized that something was very wrong. He asked the lab supervisor, Ms. Jackson, where the computers had come from. "Most of them have been recycled," she admitted. "Teachers and administrators were given upgrades this year, so their old machines were put to good use in the labs. They should still be powerful enough to handle your word processing. Why?" Trent showed Ms. Jackson what he had uncovered about the sophomore English students. She gasped, "Oh my goodness, they gave us all these computers without clearing the hard drives properly. I bet it's that way across the district. Trent, you may have just saved us from a potentially disastrous situation. That information is private and certainly shouldn't be sitting here for anyone in the computer lab to see. I've got some phone calls to make!" Which law attempts to prevent trade secrets from being illegally shared?In 1996, Congress enacted the Economic Espionage Act ("EEA"), codified as 18 U.S.C. §§1831-1839.
What are trade secrets used to protect quizlet?trade secrets are protected under state laws, and most states have ratified the Uniform Trade Secrets Act . owners of trade secrets seek to protect trade secret information from competitors by instituting special procedures for handling it, as well as technological and legal security measures.
What is the goal of a white hat hacker quizlet?A white hat hacker is a computer security specialist who breaks into protected systems and networks to test and asses their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them.
What is a trade secret quizlet?A trade secret is any information that can be used in the operation of a business or other enterprise and that is sufficiently valuable and secret to afford an actual or potential economic advantage over others.
|