TY - BOOK AU - Smallwood,Robert F. TI - Safeguarding critical e-documents: implementing a program for securing confidential information assets SN - 9781118159088 : AV - QA76.9.A25 S627 2012 PY - 2012///] CY - Hoboken, New Jersey PB - Wiley KW - Computer security KW - Cyberspace KW - Security measures KW - Database security KW - Electronic records KW - BUSINESS & ECONOMICS / Information Management KW - bisacsh N1 - Includes index; Foreword xiii Preface xv Acknowledgments xvii PART I THE PROBLEM AND BASIC TOOLS CHAPTER 1 The Problem: Securing Confidential Electronic Documents 3 WikiLeaks: A Wake-Up Call 3 U.S. Government Attempts to Protect Intellectual Property 5 Threats Persist across the Pond: U.K. Companies on Guard 5 Increase in Corporate and Industrial Espionage 6 Risks of Medical Identity Theft 7 Why Don't Organizations Safeguard Their Information Assets? 8 The Blame Game: Where Does Fault Lie When Information Is Leaked? 9 Consequences of Not Employing E-Document Security 10 Notes 11 CHAPTER 2 Information Governance: The Crucial First Step 13 First, Better Policies; Then, Better Technology for Better Enforcement 13 Defining Information Governance 14 Accountability Is Key 16 Why IG Is Good Business 17 Impact of a Successful IG Program 18 Critical Factors in an IG Program 19 Who Should Determine IG Policies? 22 Notes 23 PART II INFORMATION PLATFORM RISKS AND COUNTERMEASURES CHAPTER 3 Managing E-Documents and Records 27 Enterprise Content Management 27 Document Management Principles 28 The Goal: Document Lifecycle Security 29 Electronic Document Management Systems 29 Records Management Principles 31 Electronic Records Management 31 Notes 33 CHAPTER 4 Information Governance and Security for E-mail Messages 35 Employees Regularly Expose Organizations to E-mail Risk 36 E-mail Policies Should Be Realistic and Technology Agnostic 37 Is E-mail Encryption the Answer? 38 Common E-mail Security Mistakes 39 E-mail Security Myths 40 E-record Retention: Fundamentally a Legal Issue 41 Preserve E-mail Integrity and Admissibility with Automatic Archiving 42 Notes 46 CHAPTER 5 Information Governance and Security for Instant Messaging 49 Instant Messaging Security Threats 50 Best Practices for Business IM Use 51 Technology to Monitor IM 53 Tips for Safer IM 53 Notes 55 CHAPTER 6 Information Governance and Security for Social Media 57 Types of Social Media in Web 2.0 57 Social Media in the Enterprise 59 Key Ways Social Media Is Different from E-mail and Instant Messaging 60 Biggest Security Threats of Social Media 60 Legal Risks of Social Media Posts 63 Tools to Archive Facebook and Twitter 64 IG Considerations for Social Media 65 Notes 66 CHAPTER 7 Information Governance and Security for Mobile Devices 69 Current Trends in Mobile Computing 71 Security Risks of Mobile Computing 72 Securing Mobile Data 73 IG for Mobile Computing 73 Building Security into Mobile Applications 75 Best Practices to Secure Mobile Applications 78 Notes 80 CHAPTER 8 Information Governance and Security for Cloud Computing Use 83 Defining Cloud Computing 84 Key Characteristics of Cloud Computing 85 What Cloud Computing Really Means 86 Cloud Deployment Models 87 Greatest Security Threats to Cloud Computing 87 IG Guidelines: Managing Documents and Records in the Cloud 94 Managing E-Docs and Records in the Cloud: A Practical Approach 95 Notes 97 PART III E-RECORDS CONSIDERATIONS CHAPTER 9 Information Governance and Security for Vital Records 101 Defining Vital Records 101 Types of Vital Records 103 Impact of Losing Vital Records 104 Creating, Implementing, and Maintaining a Vital Records Program 105 Implementing Protective Procedures 108 Auditing the Vital Records Program 111 Notes 113 CHAPTER 10 Long-Term Preservation of E-Records 115 Defining Long-Term Digital Preservation 115 Key Factors in LTDP 116 Electronic Records Preservation Processes 118 Controlling the Process of Preserving Records 118 Notes 121 PART IV INFORMATION TECHNOLOGY CONSIDERATIONS CHAPTER 11 Technologies That Can Help Secure E-Documents 125 Challenge of Securing E-Documents 125 Apply Better Technology for Better Enforcement in the Extended Enterprise 128 Controlling Access to Documents Using Identity Access Management 131 Enforcing IG: Protect Files with Rules and Permissions 133 Data Governance Software to Manage Information Access 133 E-mail Encryption 134 Secure Communications Using Record-Free E-mail 134 Digital Signatures 135 Document Encryption 137 Data Loss Prevention Technology 137 The Missing Piece: Information Rights Management 139 Notes 144 CHAPTER 12 Safeguarding Confidential Information Assets 147 Cyber Attacks Proliferate 147 The Insider Threat: Malicious or Not 148 Critical Technologies for Securing Confidential Documents 150 A Hybrid Approach: Combining DLP and IRM Technologies 154 Securing Trade Secrets after Layoffs and Terminations 155 Persistently Protecting Blueprints and CAD Documents 156 Securing Internal Price Lists 157 Approaches for Securing Data Once It Leaves the Organization 157 Document Labeling 159 Document Analytics 161 Confidential Stream Messaging 161 Notes 164 PART V ROLLING IT OUT: PROJECT AND PROGRAM ISSUES CHAPTER 13 Building the Business Case to Justify the Program 169 Determine What Will Fly in Your Organization 169 Strategic Business Drivers for Project Justification 170 Benefits of Electronic Records Management 173 Presenting the Business Case 176 Notes 177 CHAPTER 14 Securing Executive Sponsorship 179 Executive Sponsor Role 180 Project Manager: Key Tasks 181 It's the Little Things 183 Evolving Role of the Executive Sponsor 183 Notes 185 CHAPTER 15 Safeguarding Confidential Information Assets: Where Do You Start? 187 Business Driver Approach 187 Classification 188 Document Survey Methodology 189 Interviewing Staff in the Target Area 190 Preparing Interview Questions 192 Prioritizing: Document and Records Value Assessment 193 Second Phase of Implementation 194 Notes 195 CHAPTER 16 Procurement: The Buying Process 197 Evaluation and Selection Process: RFI, RFP, or RFQ? 197 Evaluating Software Providers: Key Criteria 202 Negotiating Contracts: Ensuring the Decision 207 More Contract Caveats 210 How to Pick a Consulting Firm: Evaluation Criteria 211 CHAPTER 17 Maintaining a Secure Environment for Information Assets 215 Monitoring and Accountability 215 Continuous Process Improvement 216 Why Continuous Improvement Is Needed 216 Notes 218 Conclusion 219 Appendix A: Digital Signature Standard 221 Appendix B: Regulations Related to Records Management 223 Appendix C: Listing of Technology and Service Providers 227 Glossary 241 About the Author 247 Index 249 N2 - "Practical, step-by-step guidance for corporations, universities and government agencies to protect and secure confidential documents and business records. Managers and public officials are looking for technology and information governance solutions to "information leakage" in an understandable, concise format. Safeguarding Critical E-Documents provides a road map for corporations, governments, financial services firms, hospitals, law firms, universities and other organizations to safeguard their internal electronic documents and private communications. Provides practical, step-by-step guidance on protecting sensitive and confidential documents--even if they leave the organization electronically or on portable devices Presents a blueprint for corporations, governments, financial services firms, hospitals, law firms, universities and other organizations to safeguard internal electronic documents and private communications Offers a concise format for securing your organizations from information leakage In light of the recent WikiLeaks revelations, governments and businesses have heightened awareness of the vulnerability of confidential internal documents and communications. Timely and relevant, Safeguarding Critical E-Documents shows how to keep internal documents from getting into the wrong hands and weakening your competitive position, or possible damaging your organization's reputation and leading to costly investigations"-- ER -