On Thursday 13 March 2003 05:42 pm, Todd scribbled: > I would make sure that HR and Legal have armed themself with a signed > confidentiality agreement from all employees, vendors, and > contractors(include something about intellectual property rights). Ensure > they make it part of the new employee orientation process and a reminder > upon the termination/exit of an employee.
Yes, I agree and believe this is standard practice with a lot of corporate HR and Legal departments. > > Also, confirm existence of copyright notices in source code, Agreed, this should be standard with most commercial software companies. > clear audit > trails and custodial efforts for any media in hardcopy of paper or disc are > a standard policy and part of regular auditing. Do you mean mechanisms and/or procedures used to conduct audits on copy activity, i.e., via printing, floppy or CD burning? How would one go about this? How could I find out what files Bob secretly copied to a floppy or CD? > Try to get this in your > security policy and endorsed by upper management to keep line managers as > sole heirs of responsibility in this task. This sounds logical and I also think the endorsement you speak of should include a "get out of jail free" card for security personnel tasked with conducting the audits. > > Finally, keep a good awareness program. Remind end-users that security is > best served through their diligence and reporting of suspicious activities. > Also, try to remind upper management by sending them occassional articles > on same. > > Hope that gives you somewhere to start. Yes, thanks for the informative response. I personally feel that awareness and employee/management involvement is a very important part of this.
