Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Warnings Of New Phishing Threat Hitting Mainstream | Main | Iowa Privacy Breach Bill Has Much Of Its Teeth Pulled »

Twelve Messaging Risks to Address Now

The first article within the March issue of my new e-journal, "IT Compliance in Realtime" is "Twelve Messaging Risks to Address Now."

Here are a few excerpts...

"Most Personnel Really Don't Understand Security

Numerous studies and surveys report that most organizations do not provide enough information security and privacy training and awareness communications to their personnel. However, it is important to point out that one of the results of inadequate training and awareness is that your personnel will be self-educated. This leads to your personnel believing they know all there is to know about security, when in fact they may know just enough to make them dangerous. The higher up in the organizational chart your personnel sit, the more dangerous this bit of knowledge can be."

"Messaging is a particularly vulnerable area where the risks are exacerbated by personnel with a little bit of security knowledge boldly engaging in sensitive information exchanges. Consider the increasing use of sending clear-text sensitive information within IMs, emails, and even cell phone text messages. Have you taken time to point out to your personnel the many risks involved with doing so? Here are a dozen risks you should discuss with them and use to raise their awareness."

I then provide detail and examples for the following twelve risks.

1. Messages in Storage Are Vulnerable

2. Messaging in Public Is Risky

3. Messaging Brings Personal Risk

4. Messages Are Monitored

5. Humans Err

6. Messages Are Used as Evidence

7. Messages Contain Social Engineering Attempts

8. Messages Can Be Spoofed

9. IMs Contain Malicious Code

10. PII Is Inappropriately Forwarded

11. Messages Can Be Intercepted

12. Wireless Messages Can Be Snagged

Download the full article, along with the rest of the journal, here.

Send an excerpt of this article, or the full article, or the full e-journal issue, to your business leaders to help them better understand messaging risks and the need to address them.

Consider posting on your intranet site and giving all personnel access to help ensure everyone who uses messaging within your organization better understands the risks involved in messaging, and as a result, better protects your business.

Have feedback for this issue? Please let me know!

Tags:                      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on March 10, 2008 2:35 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/679

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.