Security Basics mailing list archives
RE: email content monitoring / effectiveness
From: Krul Thomas <Thomas.Krul () OCIPEP GC CA>
Date: Thu, 13 Feb 2003 12:47:52 -0500
Besides not being able to monitor encrypted emails and other forms of information dissemination, monitoring email content doesn't do much good due to the fact that by the time you catch an offence the damage has already been done. Content monitoring could only act as a deterrent and policy-enforcer - in which case just informing the employees that you're monitoring the content of their email is a good first step. Your next step could be someing draconian, such as keylogging or installing "micromanagers(tm)" in every office. If you're really concerned about this (and let's be honest, employees make mistakes - it's quite possible that they're not even being malicious), it's possible that you could keyword filter email before it's actually left the building. That would require manual intervention and maybe during a sensitive IPO period, that might not be too bad a thing. -----Original Message----- From: Douglas K. Fischer [mailto:fischerdk () purefm net] Sent: Wednesday, February 12, 2003 3:15 PM To: security-basics () securityfocus com Subject: Re: email content monitoring / effectiveness -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 12:50 AM 2/12/2003, laurence field wrote:
I would like to get feedback on the quality/usefulness of email content monitoring tools available on the market. Our problem: We need to identify users and monitor email content (scary) as some staff are sending "gossip" to the press about our public internet system reliability, pending IPO gossip / info etc. which then escalates to professional bodies / governments whom in turn start formal investigations - all over an email!!! (we are a financial company).
There are some key issues here apart from how well e-mail content monitoring work that deal with the effectiveness of this solution to address the stated problem(s). You are assuming the employees are using your corporate e-mail system to send these messages. They could be sending the e-mail from home, using an external mail system from the office (e.g. web-based mailer like Yahoo), using a chat client, message board, newsgroup, etc. For that matter they could be using non-electronic means as well, including direct contact. Or, they could be encrypting the contents of the messages even if they are indeed using the corporate mail system. If any of these are being used, no e-mail content filtering on your corporate mail system is going to provide any relief. I'm sure you and others have already considered this and are not looking for a long diatribe about the general issues or the merits of content filtering in general. I mention these issue, however, because I have in the past been in a similar situation and have had to address these issues. Such filtering may provide management with a warm and fuzzy feeling, and it may catch or scare some people, but the bottom line is if personnel are going to leak info, plugging up one hole out of 100 isn't going to make all that much difference. Make sure you have a policy in place regarding dissemination of confidential information and the consequences of breaching this policy. Harsh penalties for disclosure and enforcement by management are good deterrents for casual information leakers. Of course it is also important to limit who has access to this information to begin with - obviously the fewer people who know the less people there are to consider as information leaks when the information appears in the press. Just a few thoughts. Doug -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPkqrNp938qfSpraDEQKvewCgigNhUV4sj6oLH3+Ew3Qc+2vFHNIAnil+ DrgVLP/y4/DnjOGCL5BGHLxX =C/7h -----END PGP SIGNATURE----- ------------------------------------------------------------ This email, and any included attachments, have been checked by Norton AntiVirus Corporate Edition (Version 7.6), AVG Server Edition 6.0, and Merak Email Server Integrated Antivirus (Alwil Software's aVast! engine) and is certified Virus Free.
Current thread:
- email content monitoring / effectiveness laurence field (Feb 12)
- RE: email content monitoring / effectiveness Scott (Feb 12)
- Re: email content monitoring / effectiveness Douglas K. Fischer (Feb 13)
- Re: email content monitoring / effectiveness Mel (Feb 13)
- Re: email content monitoring / effectiveness theog (Feb 14)
- RE: email content monitoring / effectiveness Sarbjit Singh Gill (Feb 17)
- <Possible follow-ups>
- RE: email content monitoring / effectiveness Moeckel, Sharon (Feb 12)
- RE: email content monitoring / effectiveness David Ellis (Feb 13)
- RE: email content monitoring / effectiveness bryan_khoo (Feb 13)
- Re: email content monitoring / effectiveness bsec (Feb 14)
- RE: email content monitoring / effectiveness Krul Thomas (Feb 14)
- RE: email content monitoring / effectiveness Sarbjit Singh Gill (Feb 19)
- RE: email content monitoring / effectiveness YashPal Singh (Feb 20)