Only the Government needs Security Levels, Right?
I'll let you decide the answer to that question since only you know your business and organizational structure.
We are all familiar with the standard levels of Classified, Secret, Top Secret and the highest of the high which is Top Secret with need to know only. Anyone familiar with the government, in particular the Federal and military arms, know these designate access rights to information that is under control or restricted for various reasons of National Security. What of the commercial world? Shouldn't we be just as concerned as the government?
Think about this, most of the espionage activity today that we hear about is not from the government sector, though you may never hear about it in the news, it comes from the private sector. Information that is stolen and passed to the competition for cold hard cash. In particular, this information typically comes from sources that are trusted within the organization as reliable, loyal and trustworthy and who have access to information they might not have a need to access.
Corporate or economic espionage costs corporation billions of dollars every year in lost revenue. The window of opportunity as the first or only current provider is the competitive advantage every business seeks yet are we as diligent at protecting out intellectual assets as we could be? After all, is it not those same assets that has given us the advantage to begin with and should we not treat these as all of the Gold in the Kingdom.
Some businesses really get the concept but many do not and when presented with this scenario of losing their intellectual assets through espionage, often waive it off as the never happen to me perspective. The question is, if your trusted employees were presented with an opportunity to make a lot of money for the minimal risk of making a copy for someone, would they?
Why take the chance? Incorporating and implementing a security scheme that reflects the government for the sake of protecting the wealth of your kingdom should be inherent to the way you do business. It also eliminates most temptations because if it cannot be accessed it cannot be copied. It also provides tighter controls and auditing in that if information should make out of your organization, you may quickly be able to identify who based upon the type of information leaked.
So I ask again, only the government needs security levels, right?
By Bob Larrivee
Comments