| |
| |
Foreword | |
| |
| |
Preface | |
| |
| |
Acknowledgments | |
| |
| |
| |
The Problem and Basic Tools | |
| |
| |
| |
The Problem: Securing Confidential Electronic Documents | |
| |
| |
WikiLeaks: A Wake-Up Call | |
| |
| |
U.S. Government Attempts to Protect Intellectual Property | |
| |
| |
Threats Persist across the Pond: U.K. Companies on Guard | |
| |
| |
Increase in Corporate and Industrial Espionage | |
| |
| |
Risks of Medical Identity Theft | |
| |
| |
Why Don't Organizations Safeguard Their Information Assets? | |
| |
| |
The Blame Game: Where Does Fault Lie When Information Is Leaked? | |
| |
| |
Consequences of Not Employing E-Document Security | |
| |
| |
Notes | |
| |
| |
| |
Information Governance: The Crucial First Step | |
| |
| |
First, Better Policies; Then, Better Technology for Better Enforcement | |
| |
| |
Defining Information Governance | |
| |
| |
Accountability Is Key | |
| |
| |
Why IG Is Good Business | |
| |
| |
Impact of a Successful IG Program | |
| |
| |
Critical Factors in an IG Program | |
| |
| |
Who Should Determine IG Policies? | |
| |
| |
Notes | |
| |
| |
| |
Information Platform Risks and Countermeasures | |
| |
| |
| |
Managing E-Documents and Records | |
| |
| |
Enterprise Content Management | |
| |
| |
Document Management Principles | |
| |
| |
The Goal: Document Lifecycle Security | |
| |
| |
Electronic Document Management Systems | |
| |
| |
Records Management Principles | |
| |
| |
Electronic Records Management | |
| |
| |
Notes | |
| |
| |
| |
Information Governance and Security for E-mail Messages | |
| |
| |
Employees Regularly Expose Organizations to E-mail Risk | |
| |
| |
E-mail Policies Should Be Realistic and Technology Agnostic | |
| |
| |
Is E-mail Encryption the Answer? | |
| |
| |
Common E-mail Security Mistakes | |
| |
| |
E-mail Security Myths | |
| |
| |
E-record Retention: Fundamentally a Legal Issue | |
| |
| |
Preserve E-mail Integrity and Admissibility with Automatic Archiving | |
| |
| |
Notes | |
| |
| |
| |
Information Governance and Security for Instant Messaging | |
| |
| |
Instant Messaging Security Threats | |
| |
| |
Best Practices for Business IM Use | |
| |
| |
Technology to Monitor IM | |
| |
| |
Tips for Safer IM | |
| |
| |
Notes | |
| |
| |
| |
Information Governance and Security for Social Media | |
| |
| |
Types of Social Media in Web 2:0 | |
| |
| |
Social Media in the Enterprise | |
| |
| |
Key Ways Social Media Is Different from E-mail and Instant Messaging | |
| |
| |
Biggest Security Threats of Social Media | |
| |
| |
Legal Risks of Social Media Posts | |
| |
| |
Tools to Archive Facebook and Twitter | |
| |
| |
IG Considerations for Social Media | |
| |
| |
Notes | |
| |
| |
| |
Information Governance and Security for Mobile Devices | |
| |
| |
Current Trends in Mobile Computing | |
| |
| |
Security Risks of Mobile Computing | |
| |
| |
Securing Mobile Data | |
| |
| |
IG for Mobile Computing | |
| |
| |
Building Security into Mobile Applications | |
| |
| |
Best Practices to Secure Mobile Applications | |
| |
| |
Notes | |
| |
| |
| |
Information Governance and Security for Cloud Computing Use | |
| |
| |
Defining Cloud Computing | |
| |
| |
Key Characteristics of Cloud Computing | |
| |
| |
What Cloud Computing Really Means | |
| |
| |
Cloud Deployment Models | |
| |
| |
Greatest Security Threats to Cloud Computing | |
| |
| |
IG Guidelines: Managing Documents and Records in the Cloud | |
| |
| |
Managing E-Docs and Records in the Cloud: A Practical Approach | |
| |
| |
Notes | |
| |
| |
| |
E-Records Considerations | |
| |
| |
| |
Information Governance and Security for Vital Records | |
| |
| |
Defining Vital Records | |
| |
| |
Types of Vital Records | |
| |
| |
Impact of Losing Vital Records | |
| |
| |
Creating, Implementing, and Maintaining a Vital Records Program | |
| |
| |
Implementing Protective Procedures | |
| |
| |
Auditing the Vital Records Program | |
| |
| |
Notes | |
| |
| |
| |
Long-Term Preservation of E-Records | |
| |
| |
Defining Long-Term Digital Preservation | |
| |
| |
Key Factors in LTDP | |
| |
| |
Electronic Records Preservation Processes | |
| |
| |
Controlling the Process of Preserving Records | |
| |
| |
Notes | |
| |
| |
| |
Information Technology Considerations | |
| |
| |
| |
Technologies That Can Help Secure E-Documents | |
| |
| |
Challenge of Securing E-Documents | |
| |
| |
Apply Better Technology for Better Enforcement in the Extended Enterprise | |
| |
| |
Controlling Access to Documents Using Identity Access Management | |
| |
| |
Enforcing IG: Protect Files with Rules and Permissions | |
| |
| |
Data Governance Software to Manage Information Access | |
| |
| |
E-mail Encryption | |
| |
| |
Secure Communications Using Record-Free E-mail | |
| |
| |
Digital Signatures | |
| |
| |
Document Encryption | |
| |
| |
Data Loss Prevention Technology | |
| |
| |
The Missing Piece: Information Rights Management | |
| |
| |
Notes | |
| |
| |
| |
Safeguarding Confidential Information Assets | |
| |
| |
Cyber Attacks Proliferate | |
| |
| |
The Insider Threat: Malicious or Not | |
| |
| |
Critical Technologies for Securing Confidential Documents | |
| |
| |
A Hybrid Approach: Combining DLP and IRM Technologies | |
| |
| |
Securing Trade Secrets after Layoffs and Terminations | |
| |
| |
Persistently Protecting Blueprints and CAD Documents | |
| |
| |
Securing Internal Price Lists | |
| |
| |
Approaches for Securing Data Once It Leaves the Organization | |
| |
| |
Document Labeling | |
| |
| |
Document Analytics | |
| |
| |
Confidential Stream Messaging | |
| |
| |
Notes | |
| |
| |
| |
Rolling it out: Project and Program Issues | |
| |
| |
| |
Building the Business Case to Justify the Program | |
| |
| |
Determine What Will Fly in Your Organization | |
| |
| |
Strategic Business Drivers for Project Justification | |
| |
| |
Benefits of Electronic Records Management | |
| |
| |
Presenting the Business Case | |
| |
| |
Notes | |
| |
| |
| |
Securing Executive Sponsorship | |
| |
| |
Executive Sponsor Role | |
| |
| |
Project Manager: Key Tasks | |
| |
| |
It's the Little Things | |
| |
| |
Evolving Role of the Executive Sponsor | |
| |
| |
Notes | |
| |
| |
| |
Safeguarding Confidential Information Assets: Where Do You Start? | |
| |
| |
Business Driver Approach | |
| |
| |
Classification | |
| |
| |
Document Survey Methodology | |
| |
| |
Interviewing Staff in the Target Area | |
| |
| |
Preparing Interview Questions | |
| |
| |
Prioritizing: Document and Records Value Assessment | |
| |
| |
Second Phase of Implementation | |
| |
| |
Notes | |
| |
| |
| |
Procurement: The Buying Process | |
| |
| |
Evaluation and Selection Process: RFI, RFP, or RFQ? | |
| |
| |
Evaluating Software Providers: Key Criteria | |
| |
| |
Negotiating Contracts: Ensuring the Decision | |
| |
| |
More Contract Caveats | |
| |
| |
How to Pick a Consulting Firm: Evaluation Criteria | |
| |
| |
| |
Maintaining a Secure Environment for Information Assets | |
| |
| |
Monitoring and Accountability | |
| |
| |
Continuous Process Improvement | |
| |
| |
Why Continuous Improvement Is Needed | |
| |
| |
Notes | |
| |
| |
Conclusion | |
| |
| |
| |
Digital Signature Standard | |
| |
| |
| |
Regulations Belated to Records Management | |
| |
| |
| |
Listing of Technology and Service Providers | |
| |
| |
Glossary | |
| |
| |
About the Author | |
| |
| |
Index | |