Thursday, July 28, 2005

Two simple ways to improve utility and confidentiality of e-mail


NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
07/28/05
Today's focus: Two simple ways to improve utility and
confidentiality of e-mail

Dear security.world@gmail.com,

In this issue:

* User behaviors can lead to better information assurance
* Links related to Security
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Tacit Networks
Network World Executive Guide: Staying Focused on the Moving
Target that is Storage

Keeping pace with evolving storage strategies, architectures,
and trends is not unlike keeping pace with your organizations
underlying capacity needs. From ILM strategies to SAN management
to the threat of those USB memory sticks, this Network World
Executive Guide will help you stay focused on the moving target
that is Storage. Register now and get a free copy of Network
World's Storage Executive Guide.
http://www.fattail.com/redir/redirect.asp?CID=108897
_______________________________________________________________
CYBERSLACKING - IT COSTS

To the tune of $178 billion annually, according to a recent
study. Employees, at work, are reading the news, checking
personal e-mail, conducting online banking, travel and shopping
more than you might realize. How much time? Click here for more:

http://www.fattail.com/redir/redirect.asp?CID=108709
_______________________________________________________________

Today's focus: Two simple ways to improve utility and
confidentiality of e-mail

By M. E. Kabay

Two of the six fundamental attributes of information that
information assurance is supposed to protect are utility and
confidentiality. In this column, I want to address damage to
utility and confidentiality resulting from two of the most
common errors in using e-mail: mislabeling the subject and
making the addresses of everyone in the distribution list
public.

Many people make the mistake of creating new messages to a
correspondent by finding any old message from that person and
replying to it. The problem is that these people usually leave
the old subject intact, resulting in ridiculous situations such
as finding a critically important message in July in an e-mail
labeled, "Birthday party 12 May."

Not all e-mail messages are created equal; some are destined for
the trash heap, if not of history, at least of the e-mail
system. That decision is sometimes made automatically as a
function of the subject line. For example, I usually flag e-mail
messages that have resulted from jokes and that consist of
additional comments tacked to the top of ever-expanding copies
of previous messages. Once I add the subject line of these
messages to my filter, my e-mail program automatically routes
the jokes to a junk mail folder. Anyone inserting operationally
important information into such a data stream is out of luck.

Another problem with mislabeled subjects occurs when someone
embeds more than one distinct topic in an e-mail message whose
subject line implies otherwise. For example suppose an e-mail
message subject reads "Next week's meeting" but the sender
includes an urgent request for action today on some critical
issue; there's a good chance the receiver may not open the
message right away if other messages seem more important.

Try to make your subject line as descriptive as possible without
turning it into a paragraph. Some e-mail systems truncate
subject lines in the display of messages that a user sees; it
makes sense to put keywords at the front of the subject. I
encourage my staff to use prefixes such as "MSIA:" or "OGP:" to
help organize their messages. Using standard formats in subject
lines can help, too. For example, in our work in the MSIA, I
have asked that faculty and staff referring to an issue in a
particular seminar use the form "MSIA c.s" in their subject
line, where c represents the class (e.g., 7 for students
starting in September 2005) and s represents the seminar number.

As for confidentiality, consider that using the "To" and "CC"
("carbon copy" - _there's_ a bit of historical detritus for us)
fields in e-mail makes all recipient addresses visible to all
recipients. This situation is usually helpful in internal e-mail
because team members can see who has gotten the message, but it
can be annoying in external e-mail. Why should a list of dozens
of even hundreds of names of strangers be distributed freely
among them without the explicit permission of all concerned? Who
knows where that information will end up? If you are sending a
message to a list of people who do not know each other, I think
it is a simple matter of courtesy to use the BCC ("blind carbon
copy") field to reach everybody without making the list public.

The BCC field is also useful for internal e-mail when the list
of recipients is very large but it is not important for people
to know exactly who received the message. I have seen large
distribution lists consume half a page of space in an e-mail
message with no obvious benefit to anyone.

These simple suggestions can make e-mail more effective as a
communications tool. I hope you will try them and tell your
users about them in your IT and security newsletters. Remember
that you are always welcome to provide URLs for articles in the
Network World archives or even to reprint these security columns
in internal newsletters (with attribution).

The top 5: Today's most-read stories

1. 2005 Salary Survey
<http://www.networkworld.com/nlsecuritynewsal3996>

2. Cisco nixes conference session on hacking IOS router code
<http://www.networkworld.com/nlsec4014>

3. Verizon joins managed security game
<http://www.networkworld.com/nlsec3757nlsecuritynewsal3998>

4. Schools battle personal data hacks
<http://www.networkworld.com/nlsecuritynewsal3999>

5. VoIP security threats: Fact or fiction?
<http://www.networkworld.com/nlsec3758>

Today's most forwarded story:

The ROI of VoIP
<http://www.networkworld.com/research/2005/071105-voip.html>
_______________________________________________________________
To contact: M. E. Kabay

M. E. Kabay, Ph.D., CISSP, is Associate Professor in the
Division of Business and Management at Norwich University in
Northfield, Vt. Mich can be reached by e-mail
<mailto:mkabay@norwich.edu> and his Web site
<http://www2.norwich.edu/mkabay/index.htm>.

A Master's degree in the management of information assurance in
18 months of study online from a real university - see
<http://www.msia.norwich.edu/>
_______________________________________________________________
This newsletter is sponsored by Tacit Networks
Network World Executive Guide: Staying Focused on the Moving
Target that is Storage

Keeping pace with evolving storage strategies, architectures,
and trends is not unlike keeping pace with your organizations
underlying capacity needs. From ILM strategies to SAN management
to the threat of those USB memory sticks, this Network World
Executive Guide will help you stay focused on the moving target
that is Storage. Register now and get a free copy of Network
World's Storage Executive Guide.
http://www.fattail.com/redir/redirect.asp?CID=108896
_______________________________________________________________
ARCHIVE LINKS

Archive of the Security newsletter:
http://www.networkworld.com/newsletters/sec/index.html

Security Research Center:
http://www.networkworld.com/topics/security.html

Instant sign-up for Security News Alert:
http://www.networkworld.com/isusecna

Instant sign-up for Virus & Bug Patch Alert:
http://www.networkworld.com/isubug
_______________________________________________________________
FEATURED READER RESOURCE
SIX TIPS FOR GETTING WHAT YOU DESERVE

Before you go in for your next annual review or promotion
interview, you would be wise to consider these tips for ensuring
you've got the right stuff to move ahead. Network executives
offer advice to help you gun for that next promotion and fatten
up your paycheck. Click here:
<http://www.networkworld.com/you/2005/072505-salary-side2.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments:

Post a Comment