Information leakage a.k.a. competitive intelligence




	All organizations, even those for whom secrecy is paramount, leak information to various degrees. If this were not true, the police would be completely powerless to stop drug smugglers or paedophiles, and secret agents would be out of a job. Nevertheless, modern society continues to develop in this sea of information. But how much information leakage is acceptable? What are the actual consequences and what can be done about it anyway? “Competitive Intelligence” is a term for legitimately gathering and analysing publicly available information on competitors, markets, products etc. Like most commercial organizations, we use legitimate Competitive Intelligence techniques to track our competitors and potential customers. We also advise clients on how to make better use of information available to them, and how to implement the information management systems internally to coordinate and direct the sources of information to greatest effect. Common examples of the sources of Competitive Intelligence include: Information of all sorts available on the Internet, including informal sources such as bulletin boards or discussion groups and job advertisements Official publications including annual accounts, marketing brochures, press releases, white papers, the European Journal, product brochures, user guides, training materials etc. Information on suppliers and competitors collected by Procurement staff, customer relationship managers etc. going about their normal business Information on customers, markets, competitors and products collected by Marketing and Sales staff Information on suppliers, competitors and customers collected by HR staff during the course of interviews, or by staff from casual conversation with colleagues in other companies Various other sources of intelligence such as industry conferences, training courses, professional associations and personal relationships Of course, ‘not everything you read is true’. Deliberate disclosure of false information is one of the more proactive “information warfare” countermeasures we can discuss - and conversely, of course, this demonstrates the need to be wary of information obtained from third parties. We help clients design and implement appropriate information security controls to limit the leakage of information, including that lost through industrial espionage and Data Leak Prevention (DLP). Given the sheer amount of information circulating in most companies, it is important to focus the effort - we therefore normally assess the overall extent of information leakage and undertake an impact assessment to identify the most important risk areas. For more information on IsecT’s consultancy services relating to information leakage and information security, contact us. Information security awareness is an extremely important control against this threat.

				Copyright © 2008 IsecT Ltd.