| Foreword |
|
xiii | |
| Preface |
|
xv | |
| Acknowledgments |
|
xvii | |
|
PART I THE PROBLEM AND BASIC TOOLS |
|
|
|
Chapter 1 The Problem: Securing Confidential Electronic Documents |
|
|
3 | (10) |
|
WikiLeaks: A Wake-Up Call |
|
|
3 | (2) |
|
U.S. Government Attempts to Protect Intellectual Property |
|
|
5 | (1) |
|
Threats Persist across the Pond: U.K. Companies on Guard |
|
|
5 | (1) |
|
Increase in Corporate and Industrial Espionage |
|
|
6 | (1) |
|
Risks of Medical Identity Theft |
|
|
7 | (1) |
|
Why Don't Organizations Safeguard Their Information Assets? |
|
|
8 | (1) |
|
The Blame Game: Where Does Fault Lie When Information Is Leaked? |
|
|
9 | (1) |
|
Consequences of Not Employing E-Document Security |
|
|
10 | (1) |
|
|
|
11 | (2) |
|
Chapter 2 Information Governance: The Crucial First Step |
|
|
13 | (14) |
|
First, Better Policies; Then, Better Technology for Better Enforcement |
|
|
13 | (1) |
|
Defining Information Governance |
|
|
14 | (2) |
|
|
|
16 | (1) |
|
|
|
17 | (1) |
|
Impact of a Successful IG Program |
|
|
18 | (1) |
|
Critical Factors in an IG Program |
|
|
19 | (3) |
|
Who Should Determine IG Policies? |
|
|
22 | (1) |
|
|
|
23 | (4) |
|
PART II INFORMATION PLATFORM RISKS AND COUNTERMEASURES |
|
|
|
Chapter 3 Managing E-Documents and Records |
|
|
27 | (8) |
|
Enterprise Content Management |
|
|
27 | (1) |
|
Document Management Principles |
|
|
28 | (1) |
|
The Goal: Document Lifecycle Security |
|
|
29 | (1) |
|
Electronic Document Management Systems |
|
|
29 | (2) |
|
Records Management Principles |
|
|
31 | (1) |
|
Electronic Records Management |
|
|
31 | (2) |
|
|
|
33 | (2) |
|
Chapter 4 Information Governance and Security for E-mail Messages |
|
|
35 | (14) |
|
Employees Regularly Expose Organizations to E-mail Risk |
|
|
36 | (1) |
|
E-mail Policies Should Be Realistic and Technology Agnostic |
|
|
37 | (1) |
|
Is E-mail Encryption the Answer? |
|
|
38 | (1) |
|
Common E-mail Security Mistakes |
|
|
39 | (1) |
|
|
|
40 | (1) |
|
E-record Retention: Fundamentally a Legal Issue |
|
|
41 | (1) |
|
Preserve E-mail Integrity and Admissibility with Automatic Archiving |
|
|
42 | (4) |
|
|
|
46 | (3) |
|
Chapter 5 Information Governance and Security for Instant Messaging |
|
|
49 | (8) |
|
Instant Messaging Security Threats |
|
|
50 | (1) |
|
Best Practices for Business IM Use |
|
|
51 | (2) |
|
|
|
53 | (1) |
|
|
|
53 | (2) |
|
|
|
55 | (2) |
|
Chapter 6 Information Governance and Security for Social Media |
|
|
57 | (12) |
|
Types of Social Media in Web 2.0 |
|
|
57 | (2) |
|
Social Media in the Enterprise |
|
|
59 | (1) |
|
Key Ways Social Media Is Different from E-mail and Instant Messaging |
|
|
60 | (1) |
|
Biggest Security Threats of Social Media |
|
|
60 | (3) |
|
Legal Risks of Social Media Posts |
|
|
63 | (1) |
|
Tools to Archive Facebook and Twitter |
|
|
64 | (1) |
|
IG Considerations for Social Media |
|
|
65 | (1) |
|
|
|
66 | (3) |
|
Chapter 7 Information Governance and Security for Mobile Devices |
|
|
69 | (14) |
|
Current Trends in Mobile Computing |
|
|
71 | (1) |
|
Security Risks of Mobile Computing |
|
|
72 | (1) |
|
|
|
73 | (1) |
|
|
|
73 | (2) |
|
Building Security into Mobile Applications |
|
|
75 | (3) |
|
Best Practices to Secure Mobile Applications |
|
|
78 | (2) |
|
|
|
80 | (3) |
|
Chapter 8 Information Governance and Security for Cloud Computing Use |
|
|
83 | (18) |
|
|
|
84 | (1) |
|
Key Characteristics of Cloud Computing |
|
|
85 | (1) |
|
What Cloud Computing Really Means |
|
|
86 | (1) |
|
|
|
87 | (1) |
|
Greatest Security Threats to Cloud Computing |
|
|
87 | (7) |
|
IG Guidelines: Managing Documents and Records in the Cloud |
|
|
94 | (1) |
|
Managing E-Docs and Records in the Cloud: A Practical Approach |
|
|
95 | (2) |
|
|
|
97 | (4) |
|
PART III E-RECORDS CONSIDERATIONS |
|
|
|
Chapter 9 Information Governance and Security for Vital Records |
|
|
101 | (14) |
|
|
|
101 | (2) |
|
|
|
103 | (1) |
|
Impact of Losing Vital Records |
|
|
104 | (1) |
|
Creating, Implementing, and Maintaining a Vital Records Program |
|
|
105 | (3) |
|
Implementing Protective Procedures |
|
|
108 | (3) |
|
Auditing the Vital Records Program |
|
|
111 | (2) |
|
|
|
113 | (2) |
|
Chapter 10 Long-Term Preservation of E-Records |
|
|
115 | (10) |
|
Defining Long-Term Digital Preservation |
|
|
115 | (1) |
|
|
|
116 | (2) |
|
Electronic Records Preservation Processes |
|
|
118 | (1) |
|
Controlling the Process of Preserving Records |
|
|
118 | (3) |
|
|
|
121 | (4) |
|
PART IV INFORMATION TECHNOLOGY CONSIDERATIONS |
|
|
|
Chapter 11 Technologies That Can Help Secure E-Documents |
|
|
125 | (22) |
|
Challenge of Securing E-Documents |
|
|
125 | (3) |
|
Apply Better Technology for Better Enforcement in the Extended Enterprise |
|
|
128 | (3) |
|
Controlling Access to Documents Using Identity Access Management |
|
|
131 | (2) |
|
Enforcing IG: Protect Files with Rules and Permissions |
|
|
133 | (1) |
|
Data Governance Software to Manage Information Access |
|
|
133 | (1) |
|
|
|
134 | (1) |
|
Secure Communications Using Record-Free E-mail |
|
|
134 | (1) |
|
|
|
135 | (2) |
|
|
|
137 | (1) |
|
Data Loss Prevention Technology |
|
|
137 | (2) |
|
The Missing Piece: Information Rights Management |
|
|
139 | (5) |
|
|
|
144 | (3) |
|
Chapter 12 Safeguarding Confidential Information Assets |
|
|
147 | (22) |
|
Cyber Attacks Proliferate |
|
|
147 | (1) |
|
The Insider Threat: Malicious or Not |
|
|
148 | (2) |
|
Critical Technologies for Securing Confidential Documents |
|
|
150 | (4) |
|
A Hybrid Approach: Combining DLP and IRM Technologies |
|
|
154 | (1) |
|
Securing Trade Secrets after Layoffs and Terminations |
|
|
155 | (1) |
|
Persistently Protecting Blueprints and CAD Documents |
|
|
156 | (1) |
|
Securing Internal Price Lists |
|
|
157 | (1) |
|
Approaches for Securing Data Once It Leaves the Organization |
|
|
157 | (2) |
|
|
|
159 | (2) |
|
|
|
161 | (1) |
|
Confidential Stream Messaging |
|
|
161 | (3) |
|
|
|
164 | (5) |
|
PART V ROLLING IT OUT: PROJECT AND PROGRAM ISSUES |
|
|
|
Chapter 13 Building the Business Case to Justify the Program |
|
|
169 | (10) |
|
Determine What Will Fly in Your Organization |
|
|
169 | (1) |
|
Strategic Business Drivers for Project Justification |
|
|
170 | (3) |
|
Benefits of Electronic Records Management |
|
|
173 | (3) |
|
Presenting the Business Case |
|
|
176 | (1) |
|
|
|
177 | (2) |
|
Chapter 14 Securing Executive Sponsorship |
|
|
179 | (8) |
|
|
|
180 | (1) |
|
Project Manager: Key Tasks |
|
|
181 | (2) |
|
|
|
183 | (1) |
|
Evolving Role of the Executive Sponsor |
|
|
183 | (2) |
|
|
|
185 | (2) |
|
Chapter 15 Safeguarding Confidential Information Assets: Where Do You Start? |
|
|
187 | (10) |
|
|
|
187 | (1) |
|
|
|
188 | (1) |
|
Document Survey Methodology |
|
|
189 | (1) |
|
Interviewing Staff in the Target Area |
|
|
190 | (2) |
|
Preparing Interview Questions |
|
|
192 | (1) |
|
Prioritizing: Document and Records Value Assessment |
|
|
193 | (1) |
|
Second Phase of Implementation |
|
|
194 | (1) |
|
|
|
195 | (2) |
|
Chapter 16 Procurement: The Buying Process |
|
|
197 | (18) |
|
Evaluation and Selection Process: RFI, RFP, or RFQ? |
|
|
197 | (5) |
|
Evaluating Software Providers: Key Criteria |
|
|
202 | (5) |
|
Negotiating Contracts: Ensuring the Decision |
|
|
207 | (3) |
|
|
|
210 | (1) |
|
How to Pick a Consulting Firm: Evaluation Criteria |
|
|
211 | (4) |
|
Chapter 17 Maintaining a Secure Environment for Information Assets |
|
|
215 | (4) |
|
Monitoring and Accountability |
|
|
215 | (1) |
|
Continuous Process Improvement |
|
|
216 | (1) |
|
Why Continuous Improvement Is Needed |
|
|
216 | (2) |
|
|
|
218 | (1) |
| Conclusion |
|
219 | (2) |
| Appendix A Digital Signature Standard |
|
221 | (2) |
| Appendix B Regulations Related to Records Management |
|
223 | (4) |
| Appendix C Listing of Technology and Service Providers |
|
227 | (20) |
| Glossary |
|
247 | (1) |
| About the Author |
|
247 | (2) |
| Index |
|
249 | |
Lisainfo e-raamatute kohta