Safeguarding Critical E-DocumentsImplementing a Program for Securing Confidential Information Assets
Practical, step-by-step guidance for corporations, universities and government agencies to protect and secure confidential documents and business records Managers and public officials are looking for technology and information governance solutions to "information leakage" in an understandable, concise format. Safeguarding Critical E-Documents provides a road map for corporations, governments, financial services firms, hospitals, law firms, universities and other organizations to safeguard their internal electronic documents and private communications. Provides practical, step-by-step guidance on protecting sensitive and confidential documents—even if they leave the organization electronically or on portable devices Presents a blueprint for corporations, governments, financial services firms, hospitals, law firms, universities and other organizations to safeguard internal electronic documents and private communications Offers a concise format for securing your organizations from information leakage In light of the recent WikiLeaks revelations, governments and businesses have heightened awareness of the vulnerability of confidential internal documents and communications. Timely and relevant, Safeguarding Critical E-Documents shows how to keep internal documents from getting into the wrong hands and weakening your competitive position, or possible damaging your organization's reputation and leading to costly investigations.
Foreword xiii Preface xv Acknowledgments xvii PART I THE PROBLEM AND BASIC TOOLS CHAPTER 1 The Problem: Securing Confidential Electronic Documents 3 WikiLeaks: A Wake-Up Call 3 U.S. Government Attempts to Protect Intellectual Property 5 Threats Persist across the Pond: U.K. Companies on Guard 5 Increase in Corporate and Industrial Espionage 6 Risks of Medical Identity Theft 7 Why Don’t Organizations Safeguard Their Information Assets? 8 The Blame Game: Where Does Fault Lie When Information Is Leaked? 9 Consequences of Not Employing E-Document Security 10 Notes 11 CHAPTER 2 Information Governance: The Crucial First Step 13 First, Better Policies; Then, Better Technology for Better Enforcement 13 Defining Information Governance 14 Accountability Is Key 16 Why IG Is Good Business 17 Impact of a Successful IG Program 18 Critical Factors in an IG Program 19 Who Should Determine IG Policies? 22 Notes 23 PART II INFORMATION PLATFORM RISKS AND COUNTERMEASURES CHAPTER 3 Managing E-Documents and Records 27 Enterprise Content Management 27 Document Management Principles 28 The Goal: Document Lifecycle Security 29 Electronic Document Management Systems 29 Records Management Principles 31 Electronic Records Management 31 Notes 33 CHAPTER 4 Information Governance and Security for E-mail Messages 35 Employees Regularly Expose Organizations to E-mail Risk 36 E-mail Policies Should Be Realistic and Technology Agnostic 37 Is E-mail Encryption the Answer? 38 Common E-mail Security Mistakes 39 E-mail Security Myths 40 E-record Retention: Fundamentally a Legal Issue 41 Preserve E-mail Integrity and Admissibility with Automatic Archiving 42 Notes 46 CHAPTER 5 Information Governance and Security for Instant Messaging 49 Instant Messaging Security Threats 50 Best Practices for Business IM Use 51 Technology to Monitor IM 53 Tips for Safer IM 53 Notes 55 CHAPTER 6 Information Governance and Security for Social Media 57 Types of Social Media in Web 2.0 57 Social Media in the Enterprise 59 Key Ways Social Media Is Different from E-mail and Instant Messaging 60 Biggest Security Threats of Social Media 60 Legal Risks of Social Media Posts 63 Tools to Archive Facebook and Twitter 64 IG Considerations for Social Media 65 Notes 66 CHAPTER 7 Information Governance and Security for Mobile Devices 69 Current Trends in Mobile Computing 71 Security Risks of Mobile Computing 72 Securing Mobile Data 73 IG for Mobile Computing 73 Building Security into Mobile Applications 75 Best Practices to Secure Mobile Applications 78 Notes 80 CHAPTER 8 Information Governance and Security for Cloud Computing Use 83 Defining Cloud Computing 84 Key Characteristics of Cloud Computing 85 What Cloud Computing Really Means 86 Cloud Deployment Models 87 Greatest Security Threats to Cloud Computing 87 IG Guidelines: Managing Documents and Records in the Cloud 94 Managing E-Docs and Records in the Cloud: A Practical Approach 95 Notes 97 PART III E-RECORDS CONSIDERATIONS CHAPTER 9 Information Governance and Security for Vital Records 101 Defining Vital Records 101 Types of Vital Records 103 Impact of Losing Vital Records 104 Creating, Implementing, and Maintaining a Vital Records Program 105 Implementing Protective Procedures 108 Auditing the Vital Records Program 111 Notes 113 CHAPTER 10 Long-Term Preservation of E-Records 115 Defining Long-Term Digital Preservation 115 Key Factors in LTDP 116 Electronic Records Preservation Processes 118 Controlling the Process of Preserving Records 118 Notes 121 PART IV INFORMATION TECHNOLOGY CONSIDERATIONS CHAPTER 11 Technologies That Can Help Secure E-Documents 125 Challenge of Securing E-Documents 125 Apply Better Technology for Better Enforcement in the Extended Enterprise 128 Controlling Access to Documents Using Identity Access Management 131 Enforcing IG: Protect Files with Rules and Permissions 133 Data Governance Software to Manage Information Access 133 E-mail Encryption 134 Secure Communications Using Record-Free E-mail 134 Digital Signatures 135 Document Encryption 137 Data Loss Prevention Technology 137 The Missing Piece: Information Rights Management 139 Notes 144 CHAPTER 12 Safeguarding Confidential Information Assets 147 Cyber Attacks Proliferate 147 The Insider Threat: Malicious or Not 148 Critical Technologies for Securing Confidential Documents 150 A Hybrid Approach: Combining DLP and IRM Technologies 154 Securing Trade Secrets after Layoffs and Terminations 155 Persistently Protecting Blueprints and CAD Documents 156 Securing Internal Price Lists 157 Approaches for Securing Data Once It Leaves the Organization 157 Document Labeling 159 Document Analytics 161 Confidential Stream Messaging 161 Notes 164 PART V ROLLING IT OUT: PROJECT AND PROGRAM ISSUES CHAPTER 13 Building the Business Case to Justify the Program 169 Determine What Will Fly in Your Organization 169 Strategic Business Drivers for Project Justification 170 Benefits of Electronic Records Management 173 Presenting the Business Case 176 Notes 177 CHAPTER 14 Securing Executive Sponsorship 179 Executive Sponsor Role 180 Project Manager: Key Tasks 181 It’s the Little Things 183 Evolving Role of the Executive Sponsor 183 Notes 185 CHAPTER 15 Safeguarding Confidential Information Assets: Where Do You Start? 187 Business Driver Approach 187 Classification 188 Document Survey Methodology 189 Interviewing Staff in the Target Area 190 Preparing Interview Questions 192 Prioritizing: Document and Records Value Assessment 193 Second Phase of Implementation 194 Notes 195 CHAPTER 16 Procurement: The Buying Process 197 Evaluation and Selection Process: RFI, RFP, or RFQ? 197 Evaluating Software Providers: Key Criteria 202 Negotiating Contracts: Ensuring the Decision 207 More Contract Caveats 210 How to Pick a Consulting Firm: Evaluation Criteria 211 CHAPTER 17 Maintaining a Secure Environment for Information Assets 215 Monitoring and Accountability 215 Continuous Process Improvement 216 Why Continuous Improvement Is Needed 216 Notes 218 Conclusion 219 Appendix A: Digital Signature Standard 221 Appendix B: Regulations Related to Records Management 223 Appendix C: Listing of Technology and Service Providers 227 Glossary 241 About the Author 247 Index 249
ROBERT F. SMALLWOOD is a Partner and Executive Director of the E-Records Institute at IMERGE Consulting. One of the world's most respected authorities on e-records and document management, he has published more research reports on e-records, e-documents, and e-mail security issues over the past five years than any other person or organization. His research and consulting clients include Johnson & Johnson, IBM, Apple, MillerCoors, Ricoh Americas Corporation, South Carolina Retirement Systems, Dallas Independent School District, U.S. FDA, National Archives and Records Administration, Transportation Safety Board of Canada, Canadian Parliament, Supreme Court of Canada, Canada Mortgage and Housing Corporation, and National Archives of Australia, among others.
A Motorola software designer is nabbed at O'Hare Airport with a one-way ticket to Beijing and thousands of pilfered electronic documents containing trade secrets. A Texas physician loses hundreds of confidential hospital patient records when his laptop is stolen from his car. WikiLeaks publishes tens of thousands of highly sensitive corporate, diplomatic, and military e-documents allegedly stolen by a lone Army private. These are just a few of the sensational stories of catastrophic information security breaches that have made headlines in the past few years. So widespread has the problem become that official estimates place the annual cost of "information leakage" in the hundreds of billions of dollars. Despite what you may believe about the integrity of your organization's information security, you already could be hemorrhaging massive amounts of critical information without anyone—including your CIO and CTO—having the slightest idea it's happening. In Safeguarding Critical E-Documents, internationally recognized electronic document management and security expert Robert Smallwood identifies the sources of electronic document leakage in terms non-techies can understand, as well as the many threats to confidential e-documents across a wide range of digital platforms, including e-mail, instant messaging, mobile devices, cloud computing, and social networks. Then he offers proven solutions for proactively defending against each of those threats. While Smallwood describes proven technological fixes that can be implemented right away, he is careful to explain why technology alone cannot fix the problem. Real e-document security, he explains, begins at the top, with clear, rigorously enforced Information Governance (IG) policies. Drawing upon his more than quarter-century of experience, he provides step-by-step guidance on how to establish a set of IG protocols appropriate to your organization and for developing an organization-wide program of total life-cycle security for critical electronic documents, from their creation to their eventual archiving or destruction. Don't let your organization become another casualty of intellectual property theft and information leakage. Read Safeguarding Critical E-Documents and discover how to assure the total security of your company's confidential e-documents.
Praise for Safeguarding Critical E-Documents "This book is a great read for anyone in an organization who thinks of information as a strategic asset and needs to protect it. A clear, concise, and comprehensive view of a highly complex problem." Jeetu Patel, Chief Strategy Officer and Chief Marketing Officer, Information Intelligence Group, EMC Corporation "In today's highly competitive business environment, corporate- and state-sponsored espionage is a reality—yet many organizations fail to properly manage, govern, and secure their information assets. This book enables executives and managers at all levels to understand the various threats to their information assets. It provides a clear road map for policy and technology solutions as effective countermeasures." Craig Rhinehart, Director, ECM Strategy, IBM Software Solutions Group "Fantastically thorough and practical. This book provides a compelling and comprehensive blueprint to getting the security of electronic information done right, and for the right reasons. A worthwhile read for anyone with a stake in governing information." Julie J. Colgan, CRM, Director, Information Governance, Merrill Corporation "With reports that corporate espionage is on the rise and growing daily, this book is a must-read for professionals concerned with protecting their confidential information assets." Bud Porter-Roth, Principal, Porter-Roth Associates "There is no better or more timely book about information governance on theshelves today. Robert has penned a readable, actionable—and get this—enjoyable must-read book for information age executives." Thornton May, Futurist and Author of The New Know: Innovation Powered by Analytics
Diese Produkte könnten Sie auch interessieren:
NeuheitenFrauen verstehen für Dummies 10,99 €
Design of Piezo Inkjet Print Heads 142,99 €
Design of Piezo Inkjet Print Heads 142,99 €
Aptamers for Analytical Applications 124,99 €
The New Authoritarianism 9,99 €