Safeguarding Critical E–Documents – Implementing a Program for Securing Confidential Information Assets
Autor RF Smallwooden Limba Engleză Hardback – 9 aug 2012
- Provides practical, step–by–step guidance on protecting sensitive and confidential documents even if they leave the organization electronically or on portable devices
- Presents a blueprint for corporations, governments, financial services firms, hospitals, law firms, universities and other organizations to safeguard internal electronic documents and private communications
- Offers a concise format for securing your organizations from information leakage
Preț: 339.42 lei
Preț vechi: 424.27 lei
-20% Nou
64.96€ • 67.47$ • 53.96£
Carte disponibilă
Livrare economică 11-25 ianuarie 25
Specificații
ISBN-10: 111815908X
Pagini: 288
Dimensiuni: 156 x 237 x 22 mm
Greutate: 0.48 kg
Editura: Wiley
Locul publicării:Hoboken, United States
Public țintă
Primary: CIOs, Auditors, IT Security professionalsDescriere
Praise for Safeguarding Critical E–Documents
"This book is a great read for anyone in an organization who thinks of information as a strategic asset and needs to protect it. A clear, concise, and comprehensive view of a highly complex problem."
Jeetu Patel, Chief Strategy Officer and Chief Marketing Officer, Information Intelligence Group, EMC Corporation
"In today′s highly competitive business environment, corporate– and state–sponsored espionage is a reality yet many organizations fail to properly manage, govern, and secure their information assets. This book enables executives and managers at all levels to understand the various threats to their information assets. It provides a clear road map for policy and technology solutions as effective countermeasures."
Craig Rhinehart, Director, ECM Strategy, IBM Software Solutions Group
"Fantastically thorough and practical. This book provides a compelling and comprehensive blueprint to getting the security of electronic information done right, and for the right reasons. A worthwhile read for anyone with a stake in governing information."
Julie J. Colgan, CRM, Director, Information Governance, Merrill Corporation
"With reports that corporate espionage is on the rise and growing daily, this book is a must–read for professionals concerned with protecting their confidential information assets."
Bud Porter–Roth, Principal, Porter–Roth Associates
"There is no better or more timely book about information governance on theshelves today. Robert has penned a readable, actionable and get this enjoyable must–read book for information age executives."
Thornton May, Futurist and Author of The New Know: Innovation Powered by Analytics
Textul de pe ultima copertă
Praise for Safeguarding Critical E–Documents
"This book is a great read for anyone in an organization who thinks of information as a strategic asset and needs to protect it. A clear, concise, and comprehensive view of a highly complex problem."
Jeetu Patel, Chief Strategy Officer and Chief Marketing Officer, Information Intelligence Group, EMC Corporation
"In today′s highly competitive business environment, corporate– and state–sponsored espionage is a reality yet many organizations fail to properly manage, govern, and secure their information assets. This book enables executives and managers at all levels to understand the various threats to their information assets. It provides a clear road map for policy and technology solutions as effective countermeasures."
Craig Rhinehart, Director, ECM Strategy, IBM Software Solutions Group
"Fantastically thorough and practical. This book provides a compelling and comprehensive blueprint to getting the security of electronic information done right, and for the right reasons. A worthwhile read for anyone with a stake in governing information."
Julie J. Colgan, CRM, Director, Information Governance, Merrill Corporation
"With reports that corporate espionage is on the rise and growing daily, this book is a must–read for professionals concerned with protecting their confidential information assets."
Bud Porter–Roth, Principal, Porter–Roth Associates
"There is no better or more timely book about information governance on theshelves today. Robert has penned a readable, actionable and get this enjoyable must–read book for information age executives."
Thornton May, Futurist and Author of The New Know: Innovation Powered by Analytics
Cuprins
Foreword xiii
Preface xv
Acknowledgments xvii
PART I THE PROBLEM AND BASIC TOOLS
CHAPTER 1 The Problem: Securing Confidential Electronic Documents 3
WikiLeaks: A Wake–Up Call 3
U.S. Government Attempts to Protect Intellectual Property 5
Threats Persist across the Pond: U.K. Companies on Guard 5
Increase in Corporate and Industrial Espionage 6
Risks of Medical Identity Theft 7
Why Don t Organizations Safeguard Their Information Assets? 8
The Blame Game: Where Does Fault Lie When Information Is Leaked? 9
Consequences of Not Employing E–Document Security 10
Notes 11
CHAPTER 2 Information Governance: The Crucial First Step 13
First, Better Policies; Then, Better Technology for Better Enforcement 13
Defining Information Governance 14
Accountability Is Key 16
Why IG Is Good Business 17
Impact of a Successful IG Program 18
Critical Factors in an IG Program 19
Who Should Determine IG Policies? 22
Notes 23
PART II INFORMATION PLATFORM RISKS AND COUNTERMEASURES
CHAPTER 3 Managing E–Documents and Records 27
Enterprise Content Management 27
Document Management Principles 28
The Goal: Document Lifecycle Security 29
Electronic Document Management Systems 29
Records Management Principles 31
Electronic Records Management 31
Notes 33
CHAPTER 4 Information Governance and Security for E–mail Messages 35
Employees Regularly Expose Organizations to E–mail Risk 36
E–mail Policies Should Be Realistic and Technology Agnostic 37
Is E–mail Encryption the Answer? 38
Common E–mail Security Mistakes 39
E–mail Security Myths 40
E–record Retention: Fundamentally a Legal Issue 41
Preserve E–mail Integrity and Admissibility with Automatic Archiving 42
Notes 46
CHAPTER 5 Information Governance and Security for Instant Messaging 49
Instant Messaging Security Threats 50
Best Practices for Business IM Use 51
Technology to Monitor IM 53
Tips for Safer IM 53
Notes 55
CHAPTER 6 Information Governance and Security for Social Media 57
Types of Social Media in Web 2.0 57
Social Media in the Enterprise 59
Key Ways Social Media Is Different from E–mail and Instant Messaging 60
Biggest Security Threats of Social Media 60
Legal Risks of Social Media Posts 63
Tools to Archive Facebook and Twitter 64
IG Considerations for Social Media 65
Notes 66
CHAPTER 7 Information Governance and Security for Mobile Devices 69
Current Trends in Mobile Computing 71
Security Risks of Mobile Computing 72
Securing Mobile Data 73
IG for Mobile Computing 73
Building Security into Mobile Applications 75
Best Practices to Secure Mobile Applications 78
Notes 80
CHAPTER 8 Information Governance and Security for Cloud Computing Use 83
Defining Cloud Computing 84
Key Characteristics of Cloud Computing 85
What Cloud Computing Really Means 86
Cloud Deployment Models 87
Greatest Security Threats to Cloud Computing 87
IG Guidelines: Managing Documents and Records in the Cloud 94
Managing E–Docs and Records in the Cloud: A Practical Approach 95
Notes 97
PART III E–RECORDS CONSIDERATIONS
CHAPTER 9 Information Governance and Security for Vital Records 101
Defining Vital Records 101
Types of Vital Records 103
Impact of Losing Vital Records 104
Creating, Implementing, and Maintaining a Vital Records Program 105
Implementing Protective Procedures 108
Auditing the Vital Records Program 111
Notes 113
CHAPTER 10 Long–Term Preservation of E–Records 115
Defining Long–Term Digital Preservation 115
Key Factors in LTDP 116
Electronic Records Preservation Processes 118
Controlling the Process of Preserving Records 118
Notes 121
PART IV INFORMATION TECHNOLOGY CONSIDERATIONS
CHAPTER 11 Technologies That Can Help Secure E–Documents 125
Challenge of Securing E–Documents 125
Apply Better Technology for Better Enforcement in the Extended Enterprise 128
Controlling Access to Documents Using Identity Access Management 131
Enforcing IG: Protect Files with Rules and Permissions 133
Data Governance Software to Manage Information Access 133
E–mail Encryption 134
Secure Communications Using Record–Free E–mail 134
Digital Signatures 135
Document Encryption 137
Data Loss Prevention Technology 137
The Missing Piece: Information Rights Management 139
Notes 144
CHAPTER 12 Safeguarding Confidential Information Assets 147
Cyber Attacks Proliferate 147
The Insider Threat: Malicious or Not 148
Critical Technologies for Securing Confidential Documents 150
A Hybrid Approach: Combining DLP and IRM Technologies 154
Securing Trade Secrets after Layoffs and Terminations 155
Persistently Protecting Blueprints and CAD Documents 156
Securing Internal Price Lists 157
Approaches for Securing Data Once It Leaves the Organization 157
Document Labeling 159
Document Analytics 161
Confidential Stream Messaging 161
Notes 164
PART V ROLLING IT OUT: PROJECT AND PROGRAM ISSUES
CHAPTER 13 Building the Business Case to Justify the Program 169
Determine What Will Fly in Your Organization 169
Strategic Business Drivers for Project Justification 170
Benefits of Electronic Records Management 173
Presenting the Business Case 176
Notes 177
CHAPTER 14 Securing Executive Sponsorship 179
Executive Sponsor Role 180
Project Manager: Key Tasks 181
It s the Little Things 183
Evolving Role of the Executive Sponsor 183
Notes 185
CHAPTER 15 Safeguarding Confidential Information Assets: Where Do You Start? 187
Business Driver Approach 187
Classification 188
Document Survey Methodology 189
Interviewing Staff in the Target Area 190
Preparing Interview Questions 192
Prioritizing: Document and Records Value Assessment 193
Second Phase of Implementation 194
Notes 195
CHAPTER 16 Procurement: The Buying Process 197
Evaluation and Selection Process: RFI, RFP, or RFQ? 197
Evaluating Software Providers: Key Criteria 202
Negotiating Contracts: Ensuring the Decision 207
More Contract Caveats 210
How to Pick a Consulting Firm: Evaluation Criteria 211
CHAPTER 17 Maintaining a Secure Environment for Information Assets 215
Monitoring and Accountability 215
Continuous Process Improvement 216
Why Continuous Improvement Is Needed 216
Notes 218
Conclusion 219
Appendix A: Digital Signature Standard 221
Appendix B: Regulations Related to Records Management 223
Appendix C: Listing of Technology and Service Providers 227
Glossary 241
About the Author 247
Index 249
Notă biografică
ROBERT F. SMALLWOOD is a Partner and Executive Director of the E–Records Institute at IMERGE Consulting. One of the world′s most respected authorities on e–records and document management, he has published more research reports on e–records, e–documents, and e–mail security issues over the past five years than any other person or organization. His research and consulting clients include Johnson & Johnson, IBM, Apple, MillerCoors, Ricoh Americas Corporation, South Carolina Retirement Systems, Dallas Independent School District, U.S. FDA, National Archives and Records Administration, Transportation Safety Board of Canada, Canadian Parliament, Supreme Court of Canada, Canada Mortgage and Housing Corporation, and National Archives of Australia, among others.