Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 33

Protection of intellectual property must consider three possible exposures to loss: exfiltration, inadvertent disclosure, and failure to aggressively assert one's claims to protection and compensation. Each of these is a failure by the organization's management and leadership to exercise due care and due diligence.

 Exfiltration generally occurs in part because decisions have been made to ignore risks, disregard alarm indications, and knowingly operate information systems in insecure ways. (There are cases of data breaches that happen to highly secure systems, hardened to the best possible standards, but these are few and far between.)

 Inadvertent exposure can happen due to carelessness, due to accident, or through faulty design of business processes or information security measures.

 An expression of an idea must, in almost all cases, be labeled or declared as a protected idea; this is how its owner asserts rights against possible infringement. This first assertion of a claim of ownership provides the basis for seeking legal means to stop the infringement, seek damages for lost business, or enter into licensing arrangements with the infringers.

Each of these possible exposures to loss starts with taking proper care of the data in the first place. This requires properly classifying it (in terms of the restrictions on handling, use, storage, or dissemination required), marking or labeling it (in human-readable and machine-readable ways), and then instituting procedures that enforce those restrictions.