Managing private e-mail at work

Security Strategies This newsletter is sponsored by NetPro Active Directory real-time monitoring, auditing and reporting on all critical changes Auditing Active Directory plays a crucial role in operational, troubleshooting and security issues. However, the tools in Windows Server can be limited and difficult to use in creating a cohesive change management and audit process. In this whitepaper, you'll learn how to manage and protect your Windows infrastructure with fast and easy methods to audit changes, troubleshoot, restore and report within Active Directory. Also, find out what areas of Active Directory you should be auditing to support security policies and regulatory compliance. Network World's Security Strategies Newsletter, 07/17/07 Managing private e-mail at work By M. E. Kabay Recently I was getting ready to invite colleagues to the annual Gay Pride parade in Burlington using my employer's e-mail. My wife and I have been marching in such parades for 20 years, and I had planned to use my personal e-mail account for the invitation and not to include my professional signature block in the message. However, I have a longstanding objection to the use of corporate e-mail for personal purposes, so I resolved the problem by writing to specific colleagues to ask for their personal e-mail addresses and invited them to join the parade in entirely personal messages. What’s wrong with using corporate e-mail for jokes, invitations, and the like? One issue is the waste of bandwidth. Some people find the quality of the jokes, hoaxes and cheering sessions low enough to be irritating. Another problem arises with politically sensitive messages such as my announcement - some members of a group may find particular events or viewpoints offensive. Why should everyone in the group be subjected to a barrage of unsolicited e-mail just because they work somewhere? The question also raises some valuable and instructive points about appropriate-use policies for e-mail. First, we don’t have a formal written policy on appropriate use of our official e-mail. In the coming months, I propose to work with my colleagues to frame clear written policies that any of our staff members can easily consult for guidance about suitable and unsuitable content for personal messages. The Security Standard - The Only Executive Summit Focused on the Business, Management and Strategic Aspects of Security September 10-11, 2007 | The Fairmont Hotel Chicago How do your security initiatives support company business goals? The answer to this question can make all the difference in gaining the corporate-wide support and resources you need to drive your security strategies. Uncover best practices and organizational strategies for achieving success by attending The Security Standard Conference. Click here for more details. Click here for more details Such policies will reduce possible disappointments and resentments resulting from decisions based on unwritten expectations. In addition, any hint of discrimination based on particular political or religious biases will have to be scrutinized to ensure that we are not subject to legal repercussions. In more general terms, I believe that clear written guidance for effective use of e-mail is essential for any organization to ensure privacy, maintain security, respect requirements for archiving of data and avoid legal liability of many kinds, including restrictions imposed under the Family Educational Right to Privacy Act (FERPA). An easy tool that we can develop is a voluntary mailing list of non-work e-mail addresses for non-work e-mail. A Yahoo group, for example, offers many benefits over an informal list in the CC: or TO: field. In my next column, I’ll explore this option in more detail.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Ex-Boeing worker accused of stealing documents 2. No breakthrough in efforts to unlock the iPhone 3. After criticism, Sun fixes Java flaw 4. 12 IT skills that employers can't say no to 5. Workaround puts Skype on iPhone 6. Cisco IP telephony software open to DoS attacks 7. Google Earth captures China's new ballistic-missile sub 8. Spam filter costs lawyers their day in court 9. New botnet targets iPhone buyers 10. Top 25 iPhonies: the nano edition MOST E-MAILDED STORY: 15 great, free security programs

Contact the author: M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor of Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. This newsletter is sponsored by NetPro Active Directory real-time monitoring, auditing and reporting on all critical changes Auditing Active Directory plays a crucial role in operational, troubleshooting and security issues. However, the tools in Windows Server can be limited and difficult to use in creating a cohesive change management and audit process. In this whitepaper, you'll learn how to manage and protect your Windows infrastructure with fast and easy methods to audit changes, troubleshoot, restore and report within Active Directory. Also, find out what areas of Active Directory you should be auditing to support security policies and regulatory compliance. ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007