Home page logo
/

basics logo Security Basics mailing list archives

Re: email content monitoring / effectiveness
From: "Douglas K. Fischer" <fischerdk () purefm net>
Date: Wed, 12 Feb 2003 15:14:47 -0500


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 12:50 AM 2/12/2003, laurence field wrote:
I would like to get feedback on the quality/usefulness
of email content monitoring tools available on the
market.

Our problem: We need to identify users and monitor
email content (scary) as some staff are sending
"gossip" to the press about our public internet system
reliability, pending IPO gossip / info etc. which then
escalates to professional bodies / governments whom in
turn start formal investigations - all over an
email!!! (we are a financial company).

There are some key issues here apart from how well e-mail content 
monitoring work that deal with the effectiveness of this solution to 
address the stated problem(s).

You are assuming the employees are using your corporate e-mail system to 
send these messages. They could be sending the e-mail from home, using an 
external mail system from the office (e.g. web-based mailer like Yahoo), 
using a chat client, message board, newsgroup, etc. For that matter they 
could be using non-electronic means as well, including direct contact. Or, 
they could be encrypting the contents of the messages even if they are 
indeed using the corporate mail system. If any of these are being used, no 
e-mail content filtering on your corporate mail system is going to provide 
any relief.

I'm sure you and others have already considered this and are not looking 
for a long diatribe about the general issues or the merits of content 
filtering in general. I mention these issue, however, because I have in the 
past been in a similar situation and have had to address these issues. Such 
filtering may provide management with a warm and fuzzy feeling, and it may 
catch or scare some people, but the bottom line is if personnel are going 
to leak info, plugging up one hole out of 100 isn't going to make all that 
much difference.

Make sure you have a policy in place regarding dissemination of 
confidential information and the consequences of breaching this policy. 
Harsh penalties for disclosure and enforcement by management are good 
deterrents for casual information leakers. Of course it is also important 
to limit who has access to this information to begin with - obviously the 
fewer people who know the less people there are to consider as information 
leaks when the information appears in the press.

Just a few thoughts.

Doug 
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPkqrNp938qfSpraDEQKvewCgigNhUV4sj6oLH3+Ew3Qc+2vFHNIAnil+
DrgVLP/y4/DnjOGCL5BGHLxX
=C/7h
-----END PGP SIGNATURE-----


------------------------------------------------------------

This email, and any included attachments, have been checked
by Norton AntiVirus Corporate Edition (Version 7.6), AVG
Server Edition 6.0, and Merak Email Server Integrated
Antivirus (Alwil Software's aVast! engine) and is certified
Virus Free.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]