Knowledge is power!
To close the security folder of Strategic Intelligence, let's have a quick look at confidentiality.
Let's clarify first. The famous "Classified" of the "Special Forces" in "Top Secret Operations" are great for our pleasure with Tom Cruise, Szwardzy and others, but the reality is less sexy but so much more rewarding.
1 - Special forces belong to the Americans, it makes them dream.
2 - Specialized units exist and they are called like that.
3 - The “Bureau des Légendes” and “Papillon” are aptly named!
That being said, let's move into the real world of everyday life which is no less perilous by reading the news ...
Confidentiality, what’s this?
“Confidential” which contains information that must remain discreet, even secret.
To be classified (listed and identified) "confidential", information must be analyzed according to a process giving it a confidentiality level. However, solely what exists materially and whose disclosure is criminally reprehensible regarding the consequences can be classified. This violation will therefore constitute the material element, the last legal constituent element.
A vocal secret is binding only the sender and the receiver, it is not therefore according to the law and codes (commercial, insurance, medical, etc.) and recognized as such. However, knowing information relating to a classified document and even orally disclosing all or part of its content, will, of course, be governed by law. It will need to go back to the transmission's root, to learn the lessons and perhaps, to unmask the fraudsters.
The first measure of any establishment containing classified information is to sensitize its employees and all those who will have to "know about". Thus, acknowledged to being informed, confidentiality will become a non-negotiable and binding requirement. To do it, it is, therefore, necessary to regulate, dissuade and finally protect against any bad voluntary or involuntary action by faults generating temptation.
Confidentiality of information, an important subject of Economic and Strategic Intelligence, leads to undertaken behaviour anytime and anywhere. Business life is at stake because the economy is very competitive in an increasingly procedural society.
The severity of overly restrictive security rules often leads to a loss of productivity through a lack of confidence and consideration feeling. This is particularly the case for professions operating in sensitive environments.
Whatever these professions, we are all more or less concerned by a need of discretion over our actions, our judgments or our projects of greater or lesser importance. Social networks give us an overview on a daily basis. This is why it is necessary to protect oneself from the risks inherent in the loss of information by avoiding an atmosphere of suspicion within the establishments having to protect themselves. Several immutable rules must be implemented. It is the art of the security expert who will know, by guaranteeing the goal to be achieved, to deploy a set of means intended to prevent, protect, and even mitigate losses if necessary because there is no ZERO risk.
This protection' synergy is made up of several steps.
1 - Structural protection permits to strength a site, by slowing (and not stopping) intrusions. Indeed, we will always talk about the slow-down of breaking, but never about forbid breaking. For example, your wooden door will be protected for 2 minutes from the shoulder strike, but only a fraction of a second from the push of a battle tank.
2 - Technical protection makes it possible to deploy increasingly innovative technological devices in order to give alerts. Better still, they can activate response protocols according to well-defined methods. For example, video analysis systems make it possible to send a drone automatically to confirm the presence of a suspicious element perfectly targeted by algorithms.
3 - Human protection is the active security which to discern, according to its free will, the actions to be implemented when the AI solely acts logically. It also makes it possible to educate all the actors of a site, such as group-immunity.
4 - Cyber protection makes it possible to assign rights of entry and exit of information by associating the privileges given. This is a specific subject.
If you want to protect your business information, a few ideas to explore:
On duty, are there more or less sensitive places, how can I access, why?
Are there different degrees of responsibility of the famous "know about", how come?
How can we detect a risk of intelligence "leak", and is it legal?
At my workstation, if I don't have any special access, how can I make a mistake? I work outside of risk or secret areas, why am I subject to the same rules?
Out of duty, does my responsibility remain engaged, how and why?
How should I behave, what are the risks, what is "stamping" and how can I avoid it? How can I be sure that I am not trapped and how do I do self-checking?
What are the ways of forcing myself to reveal information and how can I protect myself and my family against it?
Registering my credit card's code on your phone is already stupid, but the code to open an airlock can be much terrible ... Besides, is it reasonable to have only a personal code to protect my entrances? So many answers that only a security professional can give you.
Security never offers a second chance, but rest assured ...
It only happens to others, isn't it?