This week, your internship assignment takes you to the Corporate Security office, headed by the Chief Security Officer (CSO). This office has recently completed an investigation into how a competitor may have obtained copies of the confidential architectural drawings and design plans for a new type of resort that the company had planned for a recently acquired island property. At least one competitor is known to have received copies of the company’s intellectual property through an economic development office within its country’s government. It is suspected that an Advanced Persistent Threat mechanism may have been used to exfiltrate information from Padgett-Beale’s existing hotel property within that geopoliticall jurisdiction. Another competitor, also operating in that geographic area, contacted Padgett-Beale’s Corporate Security Office and disclosed that it had been sent URLs for web pages containing links to the resort plans by an unknown party. The other firm wanted to make it clear to Padgett-Beale that they did not condone nor participate in such illegal and unethical taking or receiving of another company’s intellectual property.
As part of the company’s response to this theft, the CSO’s office has been asked to prepare a background briefing for company’s executives that addresses the problem of protecting intellectual property stored in digital form. The briefing must include recommendations for best practices that the company’s executives should be adopting to prevent / respond to such thefts.
Begin by reading the readings for this week. Then find additional information through your own research.
Write a 2 page summary of your research and analysis for review by the CSO’s senior staff. Your summary should begin by explaining the problem of intellectual property theft. Next, address the reasonable and customary processes and procedures which should be used to discourage or make it difficult for employees, managers, and executives to inadvertently misuse and/or steal the company’s intellectual property (at a minimum, you must address data classification and marking, separation of duties, and least privilege). You should also identify and explain five or more best practices which the company should implement as it responds to this growing problem.