Presentation is loading. Please wait.

Presentation is loading. Please wait.

CPP Review - 2006 John Hewitt, CPP, CIPM Senior Security Manager Trammell Crow Company 214-438-8861 Information Security.

Similar presentations


Presentation on theme: "CPP Review - 2006 John Hewitt, CPP, CIPM Senior Security Manager Trammell Crow Company 214-438-8861 Information Security."— Presentation transcript:

1 CPP Review John Hewitt, CPP, CIPM Senior Security Manager Trammell Crow Company Information Security

2 Information Security – Part V Proprietary Information Information over which the possessor asserts ownership and which is related to the activities or status of the possessor in some special way All Proprietary Information is confidential, but not all confidential information is proprietary.

3 Information Security Proprietary Information “Property Concept” regards the information as having independent value if it amounts to a trade secret “Fiduciaries” Imposition of duties upon certain classes of people, other than the owner not to use or divulge info without owner’s consent.

4 Information Security Proprietary Information It can be lost through inadvertent disclosure It can be deliberately stolen by an outsider It can be deliberately stolen by an insider There are 3 broad threats to proprietary information:

5 Information Security Trade Secret A trade Secret is a process or device for continuous use in the operation of the business For trade secret protection, must prove Secrecy Value Use in the owner’s business

6 Information Security Trade Secret The following are not trade secrets: Salary information Rank surveys Customer usage evaluation Profitability margins Unit costs Personnel changes

7 Information Security Trade Secret Trade Secret information is entitled by law to more protection than other kinds of proprietary information

8 Information Security Trade Secret/Patent A trade secret remains secret as long as it continues to meet trade secret tests but the exclusive right to patent protection expires after 17 years

9 Information Security The most important function of competitive intelligence gathering is to alert senior management to marketplace changes in order to prevent surprise Competitive Intelligence Gathering

10 Information Security Competitive Intelligence Gathering A rich source of information is in the information provided to government regulators Never reveal information to anyone that you would not reveal to a competitor

11 Information Security Industrial Espionage Industrial espionage is the theft of information by legal or illegal means. It is more dangerous than inadvertent disclosure by employees in that highly valuable information is stolen for release to others who plan to exploit it.

12 Information Security Industrial Espionage The vulnerability assessment is conducted from the perspective of the competitor and considers: What critical information exists The period of time when the information is critical. This may be a short period or may be for the life of a product The identity of employees and indirect associates who have access to the information

13 Information Security “Wiretapping” - is the interception of communication over a wire w/o participants consent and requires physical entry into the communication circuit “Bugging” - interception of communication w/o participants consent by means of electronic devices and w/o penetration of a wire. Eavesdropping Tactics / Equipment

14 Information Security Eavesdropping Tactics / Equipment Carbon microphone commonly used in a standard telephone handset Crystal microphone generates a small electrical current when the crystal is vibrated by sound waves Contact microphone installed on a common wall with the target area

15 Information Security Eavesdropping Tactics / Equipment Spike microphone installed in a hole in the common wall (not fully through) Dynamic microphone movement of a small wire near a permanent magnet converts sound into electrical energy. Good eavesdropping device which operates as a loudspeaker in reverse

16 Information Security Eavesdropping Tactics / Equipment Pneumatic cavity device has a specially designed small cavity which picks up surface vibrations. (Glass tumbler effect) Condenser microphone high fidelity use. Fragile and sensitive Electret microphone used primarily in P.A. and audio recording. (Extremely small)

17 Information Security Eavesdropping Tactics / Equipment Omnidirectional microphone used in conferences. Picks up sound from many directions around the room Cardioid microphone picks up sound from directly in front of mic Parabolic microphone gathers audio energy and directs it to a conventional microphone in the center of a dish-type reflector

18 John Hewitt, CPP, CIPM A radio frequency (RF) device. Consists of: –A microphone –A transmitter –A power supply –An antenna; and, –A receiver Information Security

19 John Hewitt, CPP, CIPM Information Security Digital systems - originally thought to be secure: Digit stream can be recorded and converted to analog and speech. The control system is available from an on-site terminal or from off-site through the network. (Remote Maintenance Access Terminal) (RMAT) Telephone Eavesdropping

20 John Hewitt, CPP, CIPM Information Security Risk for the electronic eavesdropper is low: –electronic eavesdropping is easily committed –chances are low that victim will find the device –chances low, if found, can be tied to eavesdropper –prosecution of eavesdropping cases is rare; and, –the reward far outweighs the risk Eavesdropping Threat

21 John Hewitt, CPP, CIPM Information Security Audio masking –generation of noise at the perimeter of the secure area to cover or mask conversation. Music is not used; “white” or “pink” noise is not as easily filtered from the tape Miscellaneous

22 John Hewitt, CPP, CIPM Information Security Information Technology Security ** New** Virus – Any hidden computer code that copies itself onto other programs. Trojan Horse – Code that has been downloaded attached to unsuspecting programs, that later damage or affect data. Bomb – Code inserted by programmers into legitimate software. (1) sensitive to a time schedule, triggered by date/time. (2) Triggerd by an event, copying a file or opening a program, etc. Trapdoors / Back doors – Intentionally created and inserted when developing software, IE : Microsoft’s XP, etc.

23 John Hewitt, CPP, CIPM Information Security Cookie Monster / Cookies – Data maintained form your PC for resource sharing, by use of text files sent to the machine via each website. Allows data such as credit card information to be collected, by unauthorized parties. Information Technology Security Theft of Hardware – The unlawful taking of PC or laptop with the intent of gaining access to a company network or other vital information, or sensitive data.

24 John Hewitt, CPP, CIPM Information Security Fax Security Security Products Tamperproof security enclosures for fax machines Automated fax distribution systems, stores documents in employee mail boxes, employees can access with a PIN. Encryption – Transmitting and receiving to prevent reading an intercepted fax.

25 John Hewitt, CPP, CIPM Information Security Cellular Phones Cellular and cordless telephones, digital and anolog, transmit RF signals which can be intercepted. Digital signals, thought to be sure can be taped and converted back to analog signals for use by an interloper. When a cellular phone is turned on, it transmits a mobile Identification number (MIN) and an electronic serial number which identify cellular set. These signals can be cloned for illicit use.

26 John Hewitt, CPP, CIPM Information Security Test

27 John Hewitt, CPP, CIPM 1.Any formula, pattern, device or compilation of information which is used in one’s business and which gives him an opportunity to gain an advantage over competitors who do not know or use it is: a.A monopoly b.An unfair trade practice c.A trade secret d.A patent

28 John Hewitt, CPP, CIPM 1.Any formula, pattern, device or compilation of information which is used in one’s business and which gives him an opportunity to gain an advantage over competitors who do not know or use it is: a.A monopoly b.An unfair trade practice c.A trade secret d.A patent

29 John Hewitt, CPP, CIPM 2.Probably the main reason for loss of sensitive information is: a.Inadvertent disclosure b.Deliberately stolen by outsider c.Industrial espionage d.Deliberately stolen by insider

30 John Hewitt, CPP, CIPM 2.Probably the main reason for loss of sensitive information is: a.Inadvertent disclosure b.Deliberately stolen by outsider c.Industrial espionage d.Deliberately stolen by insider

31 John Hewitt, CPP, CIPM 3.The primary tool of pre-employment screening is the: a.Interview b.Application form c.The investigation d.The investigator

32 John Hewitt, CPP, CIPM 3.The primary tool of pre-employment screening is the: a.Interview b.Application form c.The investigation d.The investigator

33 John Hewitt, CPP, CIPM 4.Competitive intelligence gathering is a legitimate activity which is engaged in by many firms throughout the world. The most important function of competitive intelligence is to: a.Alert senior management to marketplace changes in order to prevent surprise b.Alert senior management as to the personal habits of competitive senior management c.Alert government intelligence agencies to marketplace changes d.Alert senior management to changes in protocol in foreign countries

34 John Hewitt, CPP, CIPM 4.Competitive intelligence gathering is a legitimate activity which is engaged in by many firms throughout the world. The most important function of competitive intelligence is to: a.Alert senior management to marketplace changes in order to prevent surprise b.Alert senior management as to the personal habits of competitive senior management c.Alert government intelligence agencies to marketplace changes d.Alert senior management to changes in protocol in foreign countries

35 John Hewitt, CPP, CIPM 5.The instrument used to monitor telephone calls by providing a record of all numbers dialed from a particular phone is called: a.A wiretap b.A bug c.An electronic surveillance d.A pen register

36 John Hewitt, CPP, CIPM 5.The instrument used to monitor telephone calls by providing a record of all numbers dialed from a particular phone is called: a.A wiretap b.A bug c.An electronic surveillance d.A pen register

37 John Hewitt, CPP, CIPM 6.A clandestine listening device, generally a small hidden microphone and radio transmitter is known as : a.A bug b.A wiretap c.A tempest d.A beeper

38 John Hewitt, CPP, CIPM 6.A clandestine listening device, generally a small hidden microphone and radio transmitter is known as : a.A bug b.A wiretap c.A tempest d.A beeper

39 John Hewitt, CPP, CIPM 7.A microphone with a large disk-like attachment used for listening to audio from great distances is known as: a.Contact microphone b.Spike microphone c.Parabolic microphone d.Moving coil microphone

40 John Hewitt, CPP, CIPM 7.A microphone with a large disk-like attachment used for listening to audio from great distances is known as: a.Contact microphone b.Spike microphone c.Parabolic microphone d.Moving coil microphone

41 John Hewitt, CPP, CIPM 8.Sound waves too high in frequency to be heard by the human ear, generally above 20 KHZ are known as: a.Microwaves b.Ultrasonic c.High frequency d.Short-wave

42 John Hewitt, CPP, CIPM 8.Sound waves too high in frequency to be heard by the human ear, generally above 20 KHZ are known as: a.Microwaves b.Ultrasonic c.High frequency d.Short-wave

43 John Hewitt, CPP, CIPM 9.Two methods of protection against telephone line eavesdropping are apparently reliable. The first method is “don’t discuss sensitive information” and the other is: a.To use a wire tap detector b.To use a radio jammer c.To use an audio jammer d.To use encryption equipment

44 John Hewitt, CPP, CIPM 9.Two methods of protection against telephone line eavesdropping are apparently reliable. The first method is “don’t discuss sensitive information” and the other is: a.To use a wire tap detector b.To use a radio jammer c.To use an audio jammer d.To use encryption equipment

45 John Hewitt, CPP, CIPM 10.The unauthorized acquisition of sensitive information is known as: a.Industrial espionage b.Embezzlement c.Larceny d.False pretenses

46 John Hewitt, CPP, CIPM 10.The unauthorized acquisition of sensitive information is known as: a.Industrial espionage b.Embezzlement c.Larceny d.False pretenses

47 John Hewitt, CPP, CIPM 11.Proprietary information is: a.Information which must be so classified under government order b.Private information of highly sensitive character c.Defense data which must be classified according to federal regulations d.Anything that an enterprise considers relevant to its status or operations and does not want to disclose publicly

48 John Hewitt, CPP, CIPM 11.Proprietary information is: a.Information which must be so classified under government order b.Private information of highly sensitive character c.Defense data which must be classified according to federal regulations d.Anything that an enterprise considers relevant to its status or operations and does not want to disclose publicly

49 John Hewitt, CPP, CIPM 12.A trade secret is: a.Any formula, pattern, device or compilation of information which is used in one’s business and which gives that business an opportunity to gain an advantage over competitors who do not know or use it b.All information about a company which the company desires to protect c.Information of a company which is registered as such with the Patent Office d.Information so designated by the government

50 John Hewitt, CPP, CIPM 12.A trade secret is: a.Any formula, pattern, device or compilation of information which is used in one’s business and which gives that business an opportunity to gain an advantage over competitors who do not know or use it b.All information about a company which the company desires to protect c.Information of a company which is registered as such with the Patent Office d.Information so designated by the government

51 John Hewitt, CPP, CIPM 13.The control software of a Private Board Exchange (PBX) can be accessed and compromised by calling the telephone number of a device on the PBX from a computer and modem. The name of this PBX device is the: a.Time Domain Reflectometer b.Remote Maintenance Access Terminal c.Current Carrier Signaling Port d.Internal and Remote Signal Port

52 John Hewitt, CPP, CIPM 13.The control software of a Private Board Exchange (PBX) can be accessed and compromised by calling the telephone number of a device on the PBX from a computer and modem. The name of this PBX device is the: a.Time Domain Reflectometer b.Remote Maintenance Access Terminal c.Current Carrier Signaling Port d.Internal and Remote Signal Port

53 John Hewitt, CPP, CIPM 14.Which of the following is generally not true in regard to proprietary information? a.Secret information does not have to be specifically identifiable b.Secret information must be such that it an be effectively protected c.The more narrowly a business defines what it regards as secret, the easier it is to protect that body of information d.It is difficult to protect as a trade secret that which can be found in publicly accessible sources

54 John Hewitt, CPP, CIPM 14.Which of the following is generally not true in regard to proprietary information? a.Secret information does not have to be specifically identifiable b.Secret information must be such that it an be effectively protected c.The more narrowly a business defines what it regards as secret, the easier it is to protect that body of information d.It is difficult to protect as a trade secret that which can be found in publicly accessible sources

55 John Hewitt, CPP, CIPM 15.With respect to trade secrets, it may be decided that its disclosure by another was innocent rather than wrongful even in the case where the person making the disclosure really was guilty of malice or wrong intent. This situation may occur when: a.There is absence of evidence that an owner has taken reasonable precautions to protect confidential information b.The trade secret was not registered c.The trade secret did not involve national defense information d.The trade secret was not in current use

56 John Hewitt, CPP, CIPM 15.With respect to trade secrets, it may be decided that its disclosure by another was innocent rather than wrongful even in the case where the person making the disclosure really was guilty of malice or wrong intent. This situation may occur when: a.There is absence of evidence that an owner has taken reasonable precautions to protect confidential information b.The trade secret was not registered c.The trade secret did not involve national defense information d.The trade secret was not in current use

57 John Hewitt, CPP, CIPM 16.The class of person under a duty to safeguard a proprietary secret is known as: a.Agents b.Principals c.Fiduciaries d.Business Associates

58 John Hewitt, CPP, CIPM 16.The class of person under a duty to safeguard a proprietary secret is known as: a.Agents b.Principals c.Fiduciaries d.Business Associates

59 John Hewitt, CPP, CIPM 17.Which of the following is not a correct statement, or a general rule, involving the protection of proprietary information? a.By operation of common law employees are presumed to be fiduciaries to the extent they may not disclose secrets of their employers without authorization b.As a class, employees are the largest group of persons bound to secrecy because of their status or relationship c.Other than employees, any other persons to be bound to secrecy must agree to be so bound d.Any agreements to be bound must always be in writing and are not implied from acts

60 John Hewitt, CPP, CIPM 17.Which of the following is not a correct statement, or a general rule, involving the protection of proprietary information? a.By operation of common law employees are presumed to be fiduciaries to the extent they may not disclose secrets of their employers without authorization b.As a class, employees are the largest group of persons bound to secrecy because of their status or relationship c.Other than employees, any other persons to be bound to secrecy must agree to be so bound d.Any agreements to be bound must always be in writing and are not implied from acts

61 John Hewitt, CPP, CIPM 18.Probably the chief reason for the loss of information about sensitive operations is: a.Deliberately stolen by an outsider b.Loss by fire or other disaster c.Deliberately stolen by insider d.Lost through inadvertent disclosure

62 John Hewitt, CPP, CIPM 18.Probably the chief reason for the loss of information about sensitive operations is: a.Deliberately stolen by an outsider b.Loss by fire or other disaster c.Deliberately stolen by insider d.Lost through inadvertent disclosure

63 John Hewitt, CPP, CIPM 19.The term “eavesdropping” refers to: a.Wiretapping only b.“Bugging” only c.Both wiretapping and “bugging” d.Mail covers

64 John Hewitt, CPP, CIPM 19.The term “eavesdropping” refers to: a.Wiretapping only b.“Bugging” only c.Both wiretapping and “bugging” d.Mail covers

65 John Hewitt, CPP, CIPM 20.A microphone which has the characteristics of requiring no power source to operate it, is quite small, relatively difficult to detect, and is offered by equipment suppliers in such items as cuff links and hearing aides is known as: a.Carbon microphone b.Dynamic microphone c.Contact microphone d.Parabolic microphone

66 John Hewitt, CPP, CIPM 20.A microphone which has the characteristics of requiring no power source to operate it, is quite small, relatively difficult to detect, and is offered by equipment suppliers in such items as cuff links and hearing aides is known as: a.Carbon microphone b.Dynamic microphone c.Contact microphone d.Parabolic microphone

67 John Hewitt, CPP, CIPM This presentation was designed to be used in accordance with other study materials and was not intended to be used solely as a study guide. This presentation does not contain all material from the “Information Security” section of the CPP Study Guide©. The presentation was intended to give you the “Golden Nuggets” which will assist you with taking the CPP Exam. Thanks, John Hewitt, CPP - 5/23/ 2006.

68 Recommended for study: CPP Study Guide – 12 th Edition Information Security John Hewitt, CPP, CIPM


Download ppt "CPP Review - 2006 John Hewitt, CPP, CIPM Senior Security Manager Trammell Crow Company 214-438-8861 Information Security."

Similar presentations


Ads by Google