Theft of Intellectual Property Flashcards
Which of the following best illustrates the use of technical surveillance for purposes of corporate espionage?
A. A spy impersonates a help desk representative to obtain an employee’s network password.
B. A spy hacks into a target computer and monitors an employee’s communications.
C. A spy uses a phony employee badge to enter an office and take a sensitive document.
D. A spy creates a deceptive website and tricks employees into entering confidential information.
B. A spy hacks into a target computer and monitors an employee’s communications.
Technical surveillance is the practice of covertly acquiring audio, visual, or other types of data from targets through the use of technical devices, procedures, and techniques.
When spies resort to the use of technical surveillance, it is usually to gather nondocumentary evidence, or information that cannot be found through open sources.
Corporate spies might employ various forms of technological surveillance, such as aerial photography, bugging and wiretapping, video surveillance, photographic cameras, cell phones, monitoring computer emanations, and computer system penetrations.
Which of the following scenarios illustrates a fraudster’s use of social engineering?
A. A fraudster calls a company employee and requests sensitive information while claiming to be another employee whose systems are down
B. A fraudster has lunch at a restaurant where a target company’s employees are known to eat with the intention of overhearing sensitive conversations
C. A fraudster without an employee badge gains access to a secure facility by following legitimate employees who are oblivious to his presence
D. None of the above
A. A fraudster calls a company employee and requests sensitive information while claiming to be another employee whose systems are down
Social engineering is the act of using deceptive techniques to manipulate people into taking certain actions or disclosing information.
Favorite targets for intelligence gathering purposes include employees in all of the following departments EXCEPT:
A. Shipping and receiving
B. Research and development
C. Marketing
D. Manufacturing and production
A. Shipping and receiving
Some of the favorite targets of intelligence gatherers include employees in the following departments: research and development, marketing, manufacturing and production, human resources, sales, and purchasing.
To help promote employee awareness of sensitive information, company data should be classified into different security levels based on value and sensitivity.
T/F
A. True CORRECT
Organizations should have a data classification policy that establishes what protections must be afforded to data of different value and sensitivity levels. Data classification allows organizations to follow a structured approach for establishing appropriate controls for different data categories. Moreover, establishing a data classification policy will help employee awareness.
In short, classifying an organization’s data involves: 1) organizing the entity’s data into different security levels based on the data’s value and sensitivity and 2) assigning each level of classification different rules for viewing, editing, and sharing the data.
