Robert F. Smallwood 
Safeguarding Critical E-Documents [PDF ebook] 
Implementing a Program for Securing Confidential Information Assets

Foreword xiii

Preface xv

Acknowledgments xvii

Part I The Problem and Basic Tools

Chapter 1 The Problem: Securing Confidential Electronic Documents 3

Wiki Leaks: A Wake-Up Call 3

U.S. Government Attempts to Protect Intellectual Property 5

Threats Persist across the Pond: U.K. Companies on Guard 5

Increase in Corporate and Industrial Espionage 6

Risks of Medical Identity Theft 7

Why Don’t Organizations Safeguard Their Information Assets? 8

The Blame Game: Where Does Fault Lie When Information Is Leaked? 9

Consequences of Not Employing E-Document Security 10

Notes 11

Chapter 2 Information Governance: The Crucial First Step 13

First, Better Policies; Then, Better Technology for Better Enforcement 13

Defining Information Governance 14

Accountability Is Key 16

Why IG Is Good Business 17

Impact of a Successful IG Program 18

Critical Factors in an IG Program 19

Who Should Determine IG Policies? 22

Notes 23

Part II Information Platform Risks and Countermeasures

Chapter 3 Managing E-Documents and Records 27

Enterprise Content Management 27

Document Management Principles 28

The Goal: Document Lifecycle Security 29

Electronic Document Management Systems 29

Records Management Principles 31

Electronic Records Management 31

Notes 33

Chapter 4 Information Governance and Security for E-mail Messages 35

Employees Regularly Expose Organizations to E-mail Risk 36

E-mail Policies Should Be Realistic and Technology Agnostic 37

Is E-mail Encryption the Answer? 38

Common E-mail Security Mistakes 39

E-mail Security Myths 40

E-record Retention: Fundamentally a Legal Issue 41

Preserve E-mail Integrity and Admissibility with Automatic Archiving 42

Notes 46

Chapter 5 Information Governance and Security for Instant Messaging 49

Instant Messaging Security Threats 50

Best Practices for Business IM Use 51

Technology to Monitor IM 53

Tips for Safer IM 53

Notes 55

Chapter 6 Information Governance and Security for Social Media 57

Types of Social Media in Web 2.0 57

Social Media in the Enterprise 59

Key Ways Social Media Is Different from E-mail and Instant Messaging 60

Biggest Security Threats of Social Media 60

Legal Risks of Social Media Posts 63

Tools to Archive Facebook and Twitter 64

IG Considerations for Social Media 65

Notes 66

Chapter 7 Information Governance and Security for Mobile Devices 69

Current Trends in Mobile Computing 71

Security Risks of Mobile Computing 72

Securing Mobile Data 73

IG for Mobile Computing 73

Building Security into Mobile Applications 75

Best Practices to Secure Mobile Applications 78

Notes 80

Chapter 8 Information Governance and Security for Cloud Computing Use 83

Defining Cloud Computing 84

Key Characteristics of Cloud Computing 85

What Cloud Computing Really Means 86

Cloud Deployment Models 87

Greatest Security Threats to Cloud Computing 87

IG Guidelines: Managing Documents and Records in the Cloud 94

Managing E-Docs and Records in the Cloud: A Practical Approach 95

Notes 97

Part III E-Records Considerations

Chapter 9 Information Governance and Security for Vital Records 101

Defining Vital Records 101

Types of Vital Records 103

Impact of Losing Vital Records 104

Creating, Implementing, and Maintaining a Vital Records Program 105

Implementing Protective Procedures 108

Auditing the Vital Records Program 111

Notes 113

Chapter 10 Long-Term Preservation of E-Records 115

Defining Long-Term Digital Preservation 115

Key Factors in LTDP 116

Electronic Records Preservation Processes 118

Controlling the Process of Preserving Records 118

Notes 121

Part IV Information Technology Considerations

Chapter 11 Technologies That Can Help Secure E-Documents 125

Challenge of Securing E-Documents 125

Apply Better Technology for Better Enforcement in the Extended Enterprise 128

Controlling Access to Documents Using Identity Access Management 131

Enforcing IG: Protect Files with Rules and Permissions 133

Data Governance Software to Manage Information Access 133

E-mail Encryption 134

Secure Communications Using Record-Free E-mail 134

Digital Signatures 135

Document Encryption 137

Data Loss Prevention Technology 137

The Missing Piece: Information Rights Management 139

Notes 144

Chapter 12 Safeguarding Confidential Information Assets 147

Cyber Attacks Proliferate 147

The Insider Threat: Malicious or Not 148

Critical Technologies for Securing Confidential Documents 150

A Hybrid Approach: Combining DLP and IRM Technologies 154

Securing Trade Secrets after Layoffs and Terminations 155

Persistently Protecting Blueprints and CAD Documents 156

Securing Internal Price Lists 157

Approaches for Securing Data Once It Leaves the Organization 157

Document Labeling 159

Document Analytics 161

Confidential Stream Messaging 161

Notes 164

Part V Rolling It Out: Project and Program Issues

Chapter 13 Building the Business Case to Justify the Program 169

Determine What Will Fly in Your Organization 169

Strategic Business Drivers for Project Justification 170

Benefits of Electronic Records Management 173

Presenting the Business Case 176

Notes 177

Chapter 14 Securing Executive Sponsorship 179

Executive Sponsor Role 180

Project Manager: Key Tasks 181

It’s the Little Things 183

Evolving Role of the Executive Sponsor 183

Notes 185

Chapter 15 Safeguarding Confidential Information Assets: Where Do You Start? 187

Business Driver Approach 187

Classification 188

Document Survey Methodology 189

Interviewing Staff in the Target Area 190

Preparing Interview Questions 192

Prioritizing: Document and Records Value Assessment 193

Second Phase of Implementation 194

Notes 195

Chapter 16 Procurement: The Buying Process 197

Evaluation and Selection Process: RFI, RFP, or RFQ? 197

Evaluating Software Providers: Key Criteria 202

Negotiating Contracts: Ensuring the Decision 207

More Contract Caveats 210

How to Pick a Consulting Firm: Evaluation Criteria 211

Chapter 17 Maintaining a Secure Environment for Information Assets 215

Monitoring and Accountability 215

Continuous Process Improvement 216

Why Continuous Improvement Is Needed 216

Notes 218

Conclusion 219

Appendix A: Digital Signature Standard 221

Appendix B: Regulations Related to Records Management 223

Appendix C: Listing of Technology and Service Providers 227

Glossary 241

About the Author 247

Index 249

ROBERT F. SMALLWOOD is a Partner and Executive Director of the E-Records Institute at IMERGE Consulting. One of the world’s most respected authorities on e-records and document management, he has published more research reports on e-records, e-documents, and e-mail security issues over the past five years than any other person or organization. His research and consulting clients include Johnson & Johnson, IBM, Apple, Miller Coors, Ricoh Americas Corporation, South Carolina Retirement Systems, Dallas Independent School District, U.S. FDA, National Archives and Records Administration, Transportation Safety Board of Canada, Canadian Parliament, Supreme Court of Canada, Canada Mortgage and Housing Corporation, and National Archives of Australia, among others.