| |
| |
| Foreword | |
| |
| |
| Preface | |
| |
| |
| Acknowledgments | |
| |
| |
| |
| The Problem and Basic Tools | |
| |
| |
| |
| The Problem: Securing Confidential Electronic Documents | |
| |
| |
| WikiLeaks: A Wake-Up Call | |
| |
| |
| U.S. Government Attempts to Protect Intellectual Property | |
| |
| |
| Threats Persist across the Pond: U.K. Companies on Guard | |
| |
| |
| Increase in Corporate and Industrial Espionage | |
| |
| |
| Risks of Medical Identity Theft | |
| |
| |
| Why Don't Organizations Safeguard Their Information Assets? | |
| |
| |
| The Blame Game: Where Does Fault Lie When Information Is Leaked? | |
| |
| |
| Consequences of Not Employing E-Document Security | |
| |
| |
| Notes | |
| |
| |
| |
| Information Governance: The Crucial First Step | |
| |
| |
| First, Better Policies; Then, Better Technology for Better Enforcement | |
| |
| |
| Defining Information Governance | |
| |
| |
| Accountability Is Key | |
| |
| |
| Why IG Is Good Business | |
| |
| |
| Impact of a Successful IG Program | |
| |
| |
| Critical Factors in an IG Program | |
| |
| |
| Who Should Determine IG Policies? | |
| |
| |
| Notes | |
| |
| |
| |
| Information Platform Risks and Countermeasures | |
| |
| |
| |
| Managing E-Documents and Records | |
| |
| |
| Enterprise Content Management | |
| |
| |
| Document Management Principles | |
| |
| |
| The Goal: Document Lifecycle Security | |
| |
| |
| Electronic Document Management Systems | |
| |
| |
| Records Management Principles | |
| |
| |
| Electronic Records Management | |
| |
| |
| Notes | |
| |
| |
| |
| Information Governance and Security for E-mail Messages | |
| |
| |
| Employees Regularly Expose Organizations to E-mail Risk | |
| |
| |
| E-mail Policies Should Be Realistic and Technology Agnostic | |
| |
| |
| Is E-mail Encryption the Answer? | |
| |
| |
| Common E-mail Security Mistakes | |
| |
| |
| E-mail Security Myths | |
| |
| |
| E-record Retention: Fundamentally a Legal Issue | |
| |
| |
| Preserve E-mail Integrity and Admissibility with Automatic Archiving | |
| |
| |
| Notes | |
| |
| |
| |
| Information Governance and Security for Instant Messaging | |
| |
| |
| Instant Messaging Security Threats | |
| |
| |
| Best Practices for Business IM Use | |
| |
| |
| Technology to Monitor IM | |
| |
| |
| Tips for Safer IM | |
| |
| |
| Notes | |
| |
| |
| |
| Information Governance and Security for Social Media | |
| |
| |
| Types of Social Media in Web 2:0 | |
| |
| |
| Social Media in the Enterprise | |
| |
| |
| Key Ways Social Media Is Different from E-mail and Instant Messaging | |
| |
| |
| Biggest Security Threats of Social Media | |
| |
| |
| Legal Risks of Social Media Posts | |
| |
| |
| Tools to Archive Facebook and Twitter | |
| |
| |
| IG Considerations for Social Media | |
| |
| |
| Notes | |
| |
| |
| |
| Information Governance and Security for Mobile Devices | |
| |
| |
| Current Trends in Mobile Computing | |
| |
| |
| Security Risks of Mobile Computing | |
| |
| |
| Securing Mobile Data | |
| |
| |
| IG for Mobile Computing | |
| |
| |
| Building Security into Mobile Applications | |
| |
| |
| Best Practices to Secure Mobile Applications | |
| |
| |
| Notes | |
| |
| |
| |
| Information Governance and Security for Cloud Computing Use | |
| |
| |
| Defining Cloud Computing | |
| |
| |
| Key Characteristics of Cloud Computing | |
| |
| |
| What Cloud Computing Really Means | |
| |
| |
| Cloud Deployment Models | |
| |
| |
| Greatest Security Threats to Cloud Computing | |
| |
| |
| IG Guidelines: Managing Documents and Records in the Cloud | |
| |
| |
| Managing E-Docs and Records in the Cloud: A Practical Approach | |
| |
| |
| Notes | |
| |
| |
| |
| E-Records Considerations | |
| |
| |
| |
| Information Governance and Security for Vital Records | |
| |
| |
| Defining Vital Records | |
| |
| |
| Types of Vital Records | |
| |
| |
| Impact of Losing Vital Records | |
| |
| |
| Creating, Implementing, and Maintaining a Vital Records Program | |
| |
| |
| Implementing Protective Procedures | |
| |
| |
| Auditing the Vital Records Program | |
| |
| |
| Notes | |
| |
| |
| |
| Long-Term Preservation of E-Records | |
| |
| |
| Defining Long-Term Digital Preservation | |
| |
| |
| Key Factors in LTDP | |
| |
| |
| Electronic Records Preservation Processes | |
| |
| |
| Controlling the Process of Preserving Records | |
| |
| |
| Notes | |
| |
| |
| |
| Information Technology Considerations | |
| |
| |
| |
| Technologies That Can Help Secure E-Documents | |
| |
| |
| Challenge of Securing E-Documents | |
| |
| |
| Apply Better Technology for Better Enforcement in the Extended Enterprise | |
| |
| |
| Controlling Access to Documents Using Identity Access Management | |
| |
| |
| Enforcing IG: Protect Files with Rules and Permissions | |
| |
| |
| Data Governance Software to Manage Information Access | |
| |
| |
| E-mail Encryption | |
| |
| |
| Secure Communications Using Record-Free E-mail | |
| |
| |
| Digital Signatures | |
| |
| |
| Document Encryption | |
| |
| |
| Data Loss Prevention Technology | |
| |
| |
| The Missing Piece: Information Rights Management | |
| |
| |
| Notes | |
| |
| |
| |
| Safeguarding Confidential Information Assets | |
| |
| |
| Cyber Attacks Proliferate | |
| |
| |
| The Insider Threat: Malicious or Not | |
| |
| |
| Critical Technologies for Securing Confidential Documents | |
| |
| |
| A Hybrid Approach: Combining DLP and IRM Technologies | |
| |
| |
| Securing Trade Secrets after Layoffs and Terminations | |
| |
| |
| Persistently Protecting Blueprints and CAD Documents | |
| |
| |
| Securing Internal Price Lists | |
| |
| |
| Approaches for Securing Data Once It Leaves the Organization | |
| |
| |
| Document Labeling | |
| |
| |
| Document Analytics | |
| |
| |
| Confidential Stream Messaging | |
| |
| |
| Notes | |
| |
| |
| |
| Rolling it out: Project and Program Issues | |
| |
| |
| |
| Building the Business Case to Justify the Program | |
| |
| |
| Determine What Will Fly in Your Organization | |
| |
| |
| Strategic Business Drivers for Project Justification | |
| |
| |
| Benefits of Electronic Records Management | |
| |
| |
| Presenting the Business Case | |
| |
| |
| Notes | |
| |
| |
| |
| Securing Executive Sponsorship | |
| |
| |
| Executive Sponsor Role | |
| |
| |
| Project Manager: Key Tasks | |
| |
| |
| It's the Little Things | |
| |
| |
| Evolving Role of the Executive Sponsor | |
| |
| |
| Notes | |
| |
| |
| |
| Safeguarding Confidential Information Assets: Where Do You Start? | |
| |
| |
| Business Driver Approach | |
| |
| |
| Classification | |
| |
| |
| Document Survey Methodology | |
| |
| |
| Interviewing Staff in the Target Area | |
| |
| |
| Preparing Interview Questions | |
| |
| |
| Prioritizing: Document and Records Value Assessment | |
| |
| |
| Second Phase of Implementation | |
| |
| |
| Notes | |
| |
| |
| |
| Procurement: The Buying Process | |
| |
| |
| Evaluation and Selection Process: RFI, RFP, or RFQ? | |
| |
| |
| Evaluating Software Providers: Key Criteria | |
| |
| |
| Negotiating Contracts: Ensuring the Decision | |
| |
| |
| More Contract Caveats | |
| |
| |
| How to Pick a Consulting Firm: Evaluation Criteria | |
| |
| |
| |
| Maintaining a Secure Environment for Information Assets | |
| |
| |
| Monitoring and Accountability | |
| |
| |
| Continuous Process Improvement | |
| |
| |
| Why Continuous Improvement Is Needed | |
| |
| |
| Notes | |
| |
| |
| Conclusion | |
| |
| |
| |
| Digital Signature Standard | |
| |
| |
| |
| Regulations Belated to Records Management | |
| |
| |
| |
| Listing of Technology and Service Providers | |
| |
| |
| Glossary | |
| |
| |
| About the Author | |
| |
| |
| Index | |