Are unauthorised parties listening in when your company holds important meetings where sensitive issues are discussed and significant decisions made? Perhaps. If the matters discussed are important to your company, they may also be of great interest to your competitors and even the press. Concurrently, there are reasonable expectations from your shareholder, employees and customers that you handle and protect valuable information in a professional and responsible manner.
As part of the effort to combat industrial espionage and work towards the establishment of essential information security, CERTA has developed a sweeping concept directed at protecting locations where sensitive meetings and negotiations are held.
Sweeping, performed both physically and technically entails a methodical inspection of specific locations to uncover vulnerabilities and installations, which can be exploited to convey information to unsanctioned parties.
The sweeping concept is relevant to all companies handling sensitive information that can be misused by others, resulting in financial loss or other damages to the company and its reputation.
The sweeping concept covers relevant aspects related to the risk of unauthorised information interception and is additionally a component of CERTA’s more comprehensive concept of information security and prevention of industrial espionage.
The sweeping concept is based on working experience with information security and counter-espionage in Denmark and abroad, gained from the police and civilian intelligence and security agencies working in Denmark and abroad.
The sweeping concept contains the following elements which can be customised to suit the individual company’s needs and situation:
RISK ASSESSMENT OF THE COMPANY
CERTA maps and describes those risks that the company should actively be concerned with, based on threats and the existing counter-measures. The overall risk assessment is based on descriptions of threat-characteristics and modus operandi as well as developments and tendencies of importance to the company. A technical assessment of the company’s information and communications technologies can also form a part of the risk assessment.
SECURITY EVALUATION OF THE COMPANY’S PROCESSING OF SENSITIVE INFORMATION
CERTA performs an inspection and evaluation of the company’s processing of sensitive information. The security evaluation includes inspection and testing as well as assessments and recommendations.
IDENTIFICATION AND ASSESSMENT OF SUITABLE LOCATIONS
CERTA will in cooperation with the company, identify specific locations that are suitable for the hosting of sensitive meetings.
SWEEPING OF SPECIFIC LOCATIONS
CERTA is responsible for physical and/or technical sweeping (TSCM) of specific locations, which will be used for meetings including the exchange of sensitive information. CERTA will also be responsible for an acoustic examination of the relevant location. Technical examinations to uncover ”false” cellular towers, can also be added to the sweeping.
SECURING AND USING SWEPT LOCATIONS
CERTA will in cooperation with the company, identify opportunities and ways in which, the risk of compromising swept locations can be reduced.