Conscience is a mother-in-law whose visit never ends.
H.L. Mencken
John Kanalis, CCO
BECCA Europe Administrator
Authorized BECCA Instructor
www.BECCA-online.org
jkanalis@otenet.gr
becca eu@otenet.gr
We focus on Human Factor
QUESTIONS & ANSWERS
"If your only tool is a hammer, you tend to see every problem as a nail."


Abraham Maslow



Sensitive
critical
infrastructure
protection
related
information, means facts about a critical infrastructure,
which if disclosed could be used to plan and act with a
view to causing disruption or destruction of critical
infrastructure
installations,
Council
Directive
2008/114/EC, Article 2d
but in simple words sensitive business information are
(i) Technical Information.
(ii) Business and Commercial Information.
(iii) Miscellaneous Information and Documentation.
The collection of approaches that address issues covering
physical, electronic, administrational, and procedural
aspects
of
critical/sensitive
business
information
protection and which insure that no breaches of this
critical/sensitive business information will occur.
"Fortuna audaces juvat (Luck helps the brave)" Publius Vergilius Maro
Confidentiality refers to limits on who can get what kind of
information. Confidentiality is an ethical or professional
duty not to disclose information to a third party.
Confidentiality may apply because of the legal or ethical
requirements of certain professionals (Private Security
Companies),board members, staff and visitors that are
legally required to keep certain sensitive/critical business
information confidential. This legal obligation exists even
though any contracts or other documents related to
confidentiality may not have signed.
"I didn’t forget your advice, but Nature forces me to have my
opinion" Aeschylus
Confidentiality applied as a standalone process can help identify whether complete
pathways exist that link to a potential "window of
opportunity". The need for confidentiality exists when
information is designated as “confidential” (e.g. stamped
or announced). It also applies where the need for it is
obvious or evident (nature of the material or context of
the situation), or required by applicable law, even though
the information is not specifically designated as
confidential. Confidentiality as an applied
countermeasure to safeguard sensitive information (single
most valuable asset) is a reflection of a wide variety of
protection techniques due to the number of espionage
techniques that exist.
 To create and sustain a mature risk management
environment
 To enable and develop a results-oriented approach to
security risk management
 To avoid unnecessary costs (Losses) and make quick
responses as crisis arise.
 To establish a good internal management control system
 To protect critical information assets throughout an
enterprise because security is a journey rather than a
one-time event
“Management refers to the process of getting things done, effectively and efficiently through other people”
1.
David A. DeCenzo,PhD, Stephen P. Robbins,PhD,
2.
Human Resource Management, 7th Edition
 The Four Faces of Business Espionage
The Confidentiality Survey
 The Laws of Confidentiality
The Business Confidentiality Management Process & sub
processes
The Five Steps of Direct Approach Process
 The Business Confidentiality Gap
 Awareness
 etc

"We spend all our time searching for security, and then we hate it when
we get it ". John Ernst Steinbeck


Because as it has been proved by BECCA, the basic trigger
for someone to exercise espionage is that;
"if you have a product or service to sell, you have
something worth stealing"
BECCA: Business Espionage Controls & Countermeasures Association
www.BECCA-online.org
"There is always more spirit in attack than in defense."
Titus Livius Patavinus
“The term Industrial Espionage refers to the practice of
obtaining business or technological information through
surreptitious means” (Grolier Multimedia Encyclopedia).
Most definitions and discussions concerning business
espionage will likely be under the heading of “economic
espionage” or “industrial espionage”.
"There's no sense in being precise when you don't even know what you're
talking about". John von Neumann
BECCA members answering the question found four
driving forces at work today in private and public sectors,
in the following order of importance;

MONEY
 ADVENTURE
 IDEALISM
 ALIENATION

"To see what is in front of one's nose needs a constant struggle".

George Orwell
Fundamentally, security is about people. It’s not
really computers that are breaking into different systems,
its people. It’s your adversaries. It’s often actually your
insiders, people that work for you. So understanding the
motivation of those people and, I believe, training your
people -people you trust, people that works for you,
yourself, your employees, your contractors- to be
proactive about security is one of the very best paths you
can take to maintaining a good security stance.
And because CONFIDENTIALITY is an
old but often forgotten preventative
strategy lets remember what Nicholas
Machiavelli said about initiating
changes;
"… there is nothing more difficult to
arrange, more doubtful of success,
more dangerous to carry through than
initiating changes...
The innovator makes enemies of all
those who prosper under the old order,
and only lukewarm support is
forthcoming from those who would
prosper under the new.
Men are generally incredulous, never
really trusting new things unless they
have tested them by experience.“