Nothing is perfect. But it takes at least a little longer to take screenshots from a 400 page word document, then just to save it to a USB stick. If this small security improvement is worth the money of the product, I don't know.
On Tue, 2003-03-18 at 19:57, [EMAIL PROTECTED] wrote: > > But what about print screens? If I can access a document I can almost > invariably make a copy of some sort. > > Neil Buchanan > 610-407-2141 > > > > > > > > > ullmic > > <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] > > Sent by: cc: > > [EMAIL PROTECTED] Subject: Re: Physical Security & > Protecting Information > > > > > 03/17/2003 01:23 > > PM > > > > > > > > > > Today at the Cebit I saw a product by a company called airzip called > document secure that let's you contol the access rights on a document > level. You can allow a person to only view a document. The person then > will not be possible to print it or save it somewhere if you don't allow > it. The product basically creates a wrapper around the doc that stores > this info. If you have extremly sensitive information you might use a > tool like this to prevent this documents to be walked out of your > systems on disk, USB sticks or paper. > > > > On Fri, 2003-03-14 at 01:17, Philip Storry wrote: > > Hello discipulus, > > > > Thursday, March 13, 2003, 3:13:44 AM, you wrote: > > > > d> I've read about corporate espionage cases where a perpetrator > > d> at one company busts into the network of another company and > > d> stumbles into a directory named "Proposals" of all things but > > d> employees who walk out the front doors carrying protected information > > d> seems just as damaging or more so to me. > > > > There's not much that you can practically do here, I think. > > > > The problem is that although there are many good technical and > > procedural methods of ensuring that only authorised people have access > > to your systems - and therefore your information - there are few > > technical or procedural things you can (realistically) do to control > > what those authorised people do with the information they have access > > to. > > > > Content security systems (like Mimesweeper) can check outbound emails, > > and block anything that contains project codenames. But that won't > > stop someone printing it out and putting the paper in their briefcase. > > > > Because this is such a low-tech crime, you're left with policy and > > procedure as your only tools. > > > > You should consider making it policy that information does not leave > > your sites, without written permission from a senior person. This will > > cause trouble for those that telework, however. You could also brief > > security staff on what to look for - keep them appraised of new > > storage media (like those nifty USB pen drives), and give them the > > authority to do random stop and search jobs. > > > > Make sure that all emails and documents have - by policy - a > > boilerplate on them saying who owns that intellectual property. Tacky, > > but it might be useful in a court of law - and it reminds employees of > > the stark reality. > > > > All of these safeguards (except boilerplating, which could be enforced > > via templates etc.) are the sort of things people get complacent on > > very quickly, because they stand in the way of people working. Within > > six months of implementing them, senior people will be signing off > > that John Smith can take home "anything relating to projects X, Y and > > Z" simply because they don't want to sign it off three times - even > > though John Smith doesn't actually work on Y and Z. > > > > So really, the only defence against this is contractual. All employees > > must sign an NDA, stating that they will not divulge proprietary > > intellectual property. Make them sign it, and understand why they are > > signing it. Don't make it too draconian - you don't need the ability > > to search their home, for instance. (That's what law enforcement > > agencies are for.) But you should make it clear that if they steal, > > they'll be sued. Having to spend that pay rise you got when switching > > jobs on legal fees is not an attractive proposition. > > > > > > Finally, it should be pointed out that many companies won't actually > > accept stolen IP, because it's a legal minefield. But NDA's make it > > difficult for both the person acting as a conduit as well as the > > ultimate recipient, and may make employees who were only casually > > thinking about it think twice. > > > > Nothing, however, will stop the determined person who's miffed at the > > company and leaving for a competitor. Nothing except the competitor's > > honesty and their own legal team's advice, anyway. :-) > > > > -- > > Best regards, > > Philip mailto:[EMAIL PROTECTED] > > > > > > > > > >
