Comments on: Secrets are Secret, unless you work in the UK Cabinet Office http://www.confidentialresource.com/2008/06/19/secrets-are-secret-unless-you-work-in-the-uk-cabinet-office/ Sources & Methods for the Investigator Thu, 20 Nov 2008 12:48:17 +0000 http://wordpress.org/?v=2.3 By: Vinay http://www.confidentialresource.com/2008/06/19/secrets-are-secret-unless-you-work-in-the-uk-cabinet-office/#comment-11182 Vinay Wed, 25 Jun 2008 04:29:47 +0000 http://www.confidentialresource.com/2008/06/19/secrets-are-secret-unless-you-work-in-the-uk-cabinet-office/#comment-11182 Richard: I agree in that hiring of reliable people would be the best option but it is quite hard to find and retain reliable people. We have non-disclosure and non-compete agreements but how far it can be legally implemented is still a question of doubt. All secure details like client information, financial information with mention of client could be witheld from the individual analyst. This makes the process more complicated and strenous. Enforcement of confidentiality is possible within the organisation but once the employee leaves it is pretty much restricted. But then again, secrets have been maintained in kingdoms, nations, intelligence organisations for ages and although information leaks have also occurred I feel it has been handled properly throughout ages.That could give a little hope in this age of information-explosion. Thank you for your insight, Rgrds Vinay Richard:

I agree in that hiring of reliable people would be the best option but it is quite hard to find and retain reliable people. We have non-disclosure and non-compete agreements but how far it can be legally implemented is still a question of doubt. All secure details like client information, financial information with mention of client could be witheld from the individual analyst. This makes the process more complicated and strenous.

Enforcement of confidentiality is possible within the organisation but once the employee leaves it is pretty much restricted.

But then again, secrets have been maintained in kingdoms, nations, intelligence organisations for ages and although information leaks have also occurred I feel it has been handled properly throughout ages.That could give a little hope in this age of information-explosion.

Thank you for your insight,

Rgrds
Vinay

]]> By: Richard McEachin http://www.confidentialresource.com/2008/06/19/secrets-are-secret-unless-you-work-in-the-uk-cabinet-office/#comment-11179 Richard McEachin Tue, 24 Jun 2008 15:40:46 +0000 http://www.confidentialresource.com/2008/06/19/secrets-are-secret-unless-you-work-in-the-uk-cabinet-office/#comment-11179 Vinay: <blockquote>To have a perfect system is impossible; to have a system is indispensable. C.K. Chesterton The Napoleon of Notting Hill</blockquote> The people issue must be approached from several angles. The first is the hiring of reliable people. The next is having all employees and contractors sign nondisclosure and noncompete agreements. Awareness campaigns regarding security must run constantly. Document security must be an ever-present part of the work environment. Finally, enforcement of confidentiality must be swift, publicized, and severe. Vinay:

To have a perfect system is impossible; to have a system is indispensable.
C.K. Chesterton
The Napoleon of Notting Hill

The people issue must be approached from several angles. The first is the hiring of reliable people. The next is having all employees and contractors sign nondisclosure and noncompete agreements. Awareness campaigns regarding security must run constantly. Document security must be an ever-present part of the work environment. Finally, enforcement of confidentiality must be swift, publicized, and severe.

]]> By: Stephen http://www.confidentialresource.com/2008/06/19/secrets-are-secret-unless-you-work-in-the-uk-cabinet-office/#comment-11163 Stephen Sun, 22 Jun 2008 11:27:59 +0000 http://www.confidentialresource.com/2008/06/19/secrets-are-secret-unless-you-work-in-the-uk-cabinet-office/#comment-11163 Best way to understand security is to be around the most scumiest of people on earth and to understand that you yourself are capable of perpertrating the most hideous of acts. You won't learn business security through training courses or through information security books. You just won't ever be "security competitive" that way. Best way to understand security is to be around the most
scumiest of people on earth and to understand that you yourself are capable of perpertrating the most hideous of acts.

You won’t learn business security through training courses or through information security books.

You just won’t ever be “security competitive” that way.

]]> By: Vinay http://www.confidentialresource.com/2008/06/19/secrets-are-secret-unless-you-work-in-the-uk-cabinet-office/#comment-11132 Vinay Fri, 20 Jun 2008 04:44:49 +0000 http://www.confidentialresource.com/2008/06/19/secrets-are-secret-unless-you-work-in-the-uk-cabinet-office/#comment-11132 Dear Richard, I have come to understand that the prime risks associated with Information Security of an organisation can be broadly put into the following categories - Technology, Process, Physical Security & People. Although various measures of Info security can be taken to minimise the risks in the first three categories, how can the risk associated with personnel be handled? Trade secrets in organisation rest in the brains of its people and attrition poses a serious possible breach in security. Neither can intelligence be compartmentalised in organisations as it would definitely affect the quality of functioning. Would like to know your views on that Thanks & Regards Vinay Dear Richard,

I have come to understand that the prime risks associated with Information Security of an organisation can be broadly put into the following categories - Technology, Process, Physical Security & People.

Although various measures of Info security can be taken to minimise the risks in the first three categories, how can the risk associated with personnel be handled? Trade secrets in organisation rest in the brains of its people and attrition poses a serious possible breach in security. Neither can intelligence be compartmentalised in organisations as it would definitely affect the quality of functioning.
Would like to know your views on that
Thanks & Regards
Vinay

]]>