Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Email Retention Policy

from [John Blackley] Network Security [Permanent Link]
Subject: Re: Email Retention Policy
Date: 19 Nov 2004 22:58:39 -0000 
In-Reply-To: <1254A68F4903D411B24800508B1220E90629F6D9@solomon1.pjsc.internal>

Robert,

as has been suggested by others, as you are an investment banking firm (and 
therefore regulated) your email retention must be governed by your company's 
records retention policy. If your company doesn't have a records retention 
policy, I suggest that you alert them to the need immediately (talk to whoever 
handles compliance issues at the bank).

Now, as to how to get the users to separate it so that you can archive it - the 
answer lies in education. You're absolutely correct in saying, "getting users 
to change is next to impossible" - particularly when we expect them to somehow 
know instinctively what we want them to do, why we want them to do it, how we 
want them to do it and what will happen to them if they don't do it.

A simple education program detailing the above, coupled with sanctions (perhaps 
a reduction in performance assessment, maybe their personal emails getting 
'accidentally' deleted) will go a long way to helping your cause. But be 
careful because you're asking users to do something that's in addition to what 
they do currently. Unless you can provide them with a real benefit for doing so 
or a real sanction for not doing so then "because it's policy" won't get you a 
thing.

Good luck.

John A Blackley
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Designing a Security Operations Center Looking for Ideas -, Weatherford, Mark T.
Next by Date:  RE: Designing a Security Operations Center Looking for Ideas -, Parthasarathy, Shree (US - New York)
Previous by Thread:  Re: Email Retention Policy, Robert Mezzone
Next by Thread:  Designing a Security Operations Center Looking for Ideas -, Terry S
Indexes:  [Date] [Thread] [Top] [All Lists]