Magazine article Risk Management

Too Much Information

Magazine article Risk Management

Too Much Information

Article excerpt

Using a Security Assessment to Balance Collaboration and Information Protection

As companies in foreign markets face increasing domestic competition, striking the right balance between open information sharing and protecting intellectual property assets is of growing importance. Many companies with core technologies believe they can maintain their technological advantage in a foreign market by continuously developing new innovations.

However, this is not always the case. For many companies, working with a domestic partner can be successful, but a number of scenarios, such as a dispute over rights to future joint innovations, can result in accidental or intentional leaks of critical intellectual property or trade secrets. To guard against this, companies should ensure that they follow a structured and facility-specific approach to protecting information when operating in a collaborative environment.

To more clearly illustrate these challenges and how they should be addressed, the following is a hypothetical scenario:

A project manager named Zhang is in the process of setting up a joint R&D and sales facility with a local partner to launch a new product in Western China. Zhang has been tasked by the company's China head office to put together a risk treatment plan focused on protecting information related to the company's core technology. The facility from which his company and its local partner will operate just began construction. Confronted by the challenge of preserving an open and collaborative work environment with the new partner and the need to protect certain key business and technological information, he seeks professional advice on how to balance open information sharing and security.

Zhang's company has already established contractual and legal procedures necessary to address legal and financial control issues for the new operation. These plans include contractual terms related to how to terminate the venture in the event that there is a dispute or other reason for dismantling the new entity. The company's legal counsel and senior management have reviewed and are able to prove the value of all intellectual property and trade secrets and have established that the company is in a défendable legal position.

In particular, the senior management has adjusted its contracts to manage disputes over inventors' rights within the new venture, as this is increasingly an issue in R&D operations. Zhang has learned that part of the company's defense depends on being able to demonstrate that the company put in place procedures to label, protect and prevent trade secrets from being leaked into the market.

His main objective is to establish practical measures and practices in the new facility to protect critical business and technological information. After further consideration of best practices for managing potential risks, he decides to reach out to an information security provider for advice. In conjunction with input from Zhang and other key members of his team, the security provider undertakes a risk assessment related to the facility and information requirements of the new partnership.

A critical part of this process involves understanding what information the local partner's employees need to know and what information is essential to protect. As a result, Zhang undertakes a detailed inventory of the intellectual property and other proprietary business information to be present at the facility. He then maps the information flow of key business and research processes taking place at the facility. After reviewing the information flow, he and the security provider conduct an assessment of where information is most vulnerable and develop a risk treatment plan. The treatment options available for risk managers are broken into four main categories: physical, technical, people, and policies and procedures.

Physical

When reviewing the physical characteristics of the blueprints and existing shell of the new facility, Zhang and the provider identify several key areas of the facility that are more vulnerable to information leakage. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.