Practical, step-by-step guidance for corporations, universities and government agencies to protect and secure confidential documents and business records
Managers and public officials are looking for technology and information governance solutions to ‘information leakage’ in an understandable, concise format. Safeguarding Critical E-Documents provides a road map for corporations, governments, financial services firms, hospitals, law firms, universities and other organizations to safeguard their internal electronic documents and private communications.
- Provides practical, step-by-step guidance on protecting sensitive and confidential documents—even if they leave the organization electronically or on portable devices
- Presents a blueprint for corporations, governments, financial services firms, hospitals, law firms, universities and other organizations to safeguard internal electronic documents and private communications
- Offers a concise format for securing your organizations from information leakage
In light of the recent Wiki Leaks revelations, governments and businesses have heightened awareness of the vulnerability of confidential internal documents and communications. Timely and relevant, Safeguarding Critical E-Documents shows how to keep internal documents from getting into the wrong hands and weakening your competitive position, or possible damaging your organization’s reputation and leading to costly investigations.
قائمة المحتويات
Foreword xiii
Preface xv
Acknowledgments xvii
Part I The Problem and Basic Tools
Chapter 1 The Problem: Securing Confidential Electronic Documents 3
Wiki Leaks: A Wake-Up Call 3
U.S. Government Attempts to Protect Intellectual Property 5
Threats Persist across the Pond: U.K. Companies on Guard 5
Increase in Corporate and Industrial Espionage 6
Risks of Medical Identity Theft 7
Why Don’t Organizations Safeguard Their Information Assets? 8
The Blame Game: Where Does Fault Lie When Information Is Leaked? 9
Consequences of Not Employing E-Document Security 10
Notes 11
Chapter 2 Information Governance: The Crucial First Step 13
First, Better Policies; Then, Better Technology for Better Enforcement 13
Defining Information Governance 14
Accountability Is Key 16
Why IG Is Good Business 17
Impact of a Successful IG Program 18
Critical Factors in an IG Program 19
Who Should Determine IG Policies? 22
Notes 23
Part II Information Platform Risks and Countermeasures
Chapter 3 Managing E-Documents and Records 27
Enterprise Content Management 27
Document Management Principles 28
The Goal: Document Lifecycle Security 29
Electronic Document Management Systems 29
Records Management Principles 31
Electronic Records Management 31
Notes 33
Chapter 4 Information Governance and Security for E-mail Messages 35
Employees Regularly Expose Organizations to E-mail Risk 36
E-mail Policies Should Be Realistic and Technology Agnostic 37
Is E-mail Encryption the Answer? 38
Common E-mail Security Mistakes 39
E-mail Security Myths 40
E-record Retention: Fundamentally a Legal Issue 41
Preserve E-mail Integrity and Admissibility with Automatic Archiving 42
Notes 46
Chapter 5 Information Governance and Security for Instant Messaging 49
Instant Messaging Security Threats 50
Best Practices for Business IM Use 51
Technology to Monitor IM 53
Tips for Safer IM 53
Notes 55
Chapter 6 Information Governance and Security for Social Media 57
Types of Social Media in Web 2.0 57
Social Media in the Enterprise 59
Key Ways Social Media Is Different from E-mail and Instant Messaging 60
Biggest Security Threats of Social Media 60
Legal Risks of Social Media Posts 63
Tools to Archive Facebook and Twitter 64
IG Considerations for Social Media 65
Notes 66
Chapter 7 Information Governance and Security for Mobile Devices 69
Current Trends in Mobile Computing 71
Security Risks of Mobile Computing 72
Securing Mobile Data 73
IG for Mobile Computing 73
Building Security into Mobile Applications 75
Best Practices to Secure Mobile Applications 78
Notes 80
Chapter 8 Information Governance and Security for Cloud Computing Use 83
Defining Cloud Computing 84
Key Characteristics of Cloud Computing 85
What Cloud Computing Really Means 86
Cloud Deployment Models 87
Greatest Security Threats to Cloud Computing 87
IG Guidelines: Managing Documents and Records in the Cloud 94
Managing E-Docs and Records in the Cloud: A Practical Approach 95
Notes 97
Part III E-Records Considerations
Chapter 9 Information Governance and Security for Vital Records 101
Defining Vital Records 101
Types of Vital Records 103
Impact of Losing Vital Records 104
Creating, Implementing, and Maintaining a Vital Records Program 105
Implementing Protective Procedures 108
Auditing the Vital Records Program 111
Notes 113
Chapter 10 Long-Term Preservation of E-Records 115
Defining Long-Term Digital Preservation 115
Key Factors in LTDP 116
Electronic Records Preservation Processes 118
Controlling the Process of Preserving Records 118
Notes 121
Part IV Information Technology Considerations
Chapter 11 Technologies That Can Help Secure E-Documents 125
Challenge of Securing E-Documents 125
Apply Better Technology for Better Enforcement in the Extended Enterprise 128
Controlling Access to Documents Using Identity Access Management 131
Enforcing IG: Protect Files with Rules and Permissions 133
Data Governance Software to Manage Information Access 133
E-mail Encryption 134
Secure Communications Using Record-Free E-mail 134
Digital Signatures 135
Document Encryption 137
Data Loss Prevention Technology 137
The Missing Piece: Information Rights Management 139
Notes 144
Chapter 12 Safeguarding Confidential Information Assets 147
Cyber Attacks Proliferate 147
The Insider Threat: Malicious or Not 148
Critical Technologies for Securing Confidential Documents 150
A Hybrid Approach: Combining DLP and IRM Technologies 154
Securing Trade Secrets after Layoffs and Terminations 155
Persistently Protecting Blueprints and CAD Documents 156
Securing Internal Price Lists 157
Approaches for Securing Data Once It Leaves the Organization 157
Document Labeling 159
Document Analytics 161
Confidential Stream Messaging 161
Notes 164
Part V Rolling It Out: Project and Program Issues
Chapter 13 Building the Business Case to Justify the Program 169
Determine What Will Fly in Your Organization 169
Strategic Business Drivers for Project Justification 170
Benefits of Electronic Records Management 173
Presenting the Business Case 176
Notes 177
Chapter 14 Securing Executive Sponsorship 179
Executive Sponsor Role 180
Project Manager: Key Tasks 181
It’s the Little Things 183
Evolving Role of the Executive Sponsor 183
Notes 185
Chapter 15 Safeguarding Confidential Information Assets: Where Do You Start? 187
Business Driver Approach 187
Classification 188
Document Survey Methodology 189
Interviewing Staff in the Target Area 190
Preparing Interview Questions 192
Prioritizing: Document and Records Value Assessment 193
Second Phase of Implementation 194
Notes 195
Chapter 16 Procurement: The Buying Process 197
Evaluation and Selection Process: RFI, RFP, or RFQ? 197
Evaluating Software Providers: Key Criteria 202
Negotiating Contracts: Ensuring the Decision 207
More Contract Caveats 210
How to Pick a Consulting Firm: Evaluation Criteria 211
Chapter 17 Maintaining a Secure Environment for Information Assets 215
Monitoring and Accountability 215
Continuous Process Improvement 216
Why Continuous Improvement Is Needed 216
Notes 218
Conclusion 219
Appendix A: Digital Signature Standard 221
Appendix B: Regulations Related to Records Management 223
Appendix C: Listing of Technology and Service Providers 227
Glossary 241
About the Author 247
Index 249
عن المؤلف
ROBERT F. SMALLWOOD is a Partner and Executive Director of the E-Records Institute at IMERGE Consulting. One of the world’s most respected authorities on e-records and document management, he has published more research reports on e-records, e-documents, and e-mail security issues over the past five years than any other person or organization. His research and consulting clients include Johnson & Johnson, IBM, Apple, Miller Coors, Ricoh Americas Corporation, South Carolina Retirement Systems, Dallas Independent School District, U.S. FDA, National Archives and Records Administration, Transportation Safety Board of Canada, Canadian Parliament, Supreme Court of Canada, Canada Mortgage and Housing Corporation, and National Archives of Australia, among others.