A summary of twenty-one principles of defence against industrial espionage.

From Chapter 13, Espionage and Subversion in an Industrial Society - An examination and philosophy of defence for management, by Peter Hamilton. No ISBN. Publ: 1967, Hutchinson & Co.

1) Protective measures must be so designed that when documentary information is stolen or copied or photographed without authority the fact becomes known as quickly as possible.

2) The initial breach of security of information occurs when it becomes known that a secret exists.

3) Protection of information is the responsibility of the owner.

4) The best person to organise protection against industrial espionage is the owner of the information.

5) Security measures should be commensurate with the threat.

6) Concentration of risk into as small an area as possible.

7) The criterion of access is need. Knowledge and physical access. 'After twenty know it, a secret becomes extremely difficult to keep.'

8) Security must have a good image - ie: not sinister.

9) It is not one measure that will give security, but the sum of all practicable and possible measures.

10) That which protects must itself be protected.

11) A security system is as strong as its weakest link.

12) All security systems should contain an element of surprise for the spy or thief. Frequent but irregular changes to routines. Repositioning equipment, changes of locks and combinations. Cover and deception plans.

13) Quality is more important than quantity.

14) Co-operation (with others involved in security).

15) Maximum complicity - design to require collaboration. Internal spies may need third party to know a whole secret. External agencies may try to subvert staff - subverting more than one is harder than just one.

16) Guilt must be pinned. Narrow the number of people that may be held to be responsible, upon any loss. Narrow the area.

17) Security tasks are usually irreconcilable with others.

18) While the strongest barrier should be that closest to the target, the most effective burglar alarm is that which gives the earliest warning. Consider the cost.

19) The effectiveness of delaying devices such as barriers should be measured in terms of the delay in time which they inflict on an intruder. Risk of detection increases with time spent attacking. Up to 30 minutes, arithmetical progression, after 30 minutes, geometrical.

20) The security system must be designed to prevent reconnaissance of the target.

21) Security measures (of whatever kind) must ultimately defer to the concept of human freedom.

NB. This book was published in 1967 and mainly refers to protectin of industrial information. This was a long, long time before widespread use of computers and way way before the internet! Not at all sure how reliable some of these ideas are, so this is really only intended to provide food for thought.