Re: Question about confidential data in emails.

["Martinez, Brian" <brm () MSU EDU>]

Why, you’d almost need some sort of… Reverse DLP?!

Seriously though, I realize Mark clarified what he meant, but I did spend a few minutes this morning trying to find if 
something like that existed. How does one prevent themselves from accidentally receiving confidential information? NDA 
was the best answer I could find via Google. But even if you’ve signed one with the vendor, that doesn’t prevent it 
from showing up in your inbox.

Any interesting area of thought though. “Limit your liability by preventing the receiving of confidential data. 
[Buy|Download] our product!” Something cybersecurity insurers will no doubt be working on in just a few years’ time. :)

Cheers!

Brian R. Martinez
Information Security
Michigan State University
Office: +1-517-884-8791
brm () msu edu

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hudson, 
Edward
Sent: Monday, March 5, 2018 12:23 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Question about confidential data in emails.

I am curious how one would do that (Refuse to receive confidential data sent by unencrypted email).

Thanks
Ed


Ed Hudson
Interim Chief Information Security Officer
[/Users/ehudson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_484909560]
401 Golden Shore
Long Beach, CA 90802
Tel 562-951-8431
ehudson () calstate edu<mailto:ehudson () calstate edu>

I subscribe to e-mail classification: i=Information, a=Action, u=Urgent



From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of "Jones, Mark B" <Mark.B.Jones () UTH TMC EDU<mailto:Mark.B.Jones () UTH TMC EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Sunday, March 4, 2018 at 7:51 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Question about confidential data in emails.

I’m not sure if we have a policy for this.
My personal opinion is that such mail should be rejected.  You should refuse to receive confidential data via 
unencrypted email.


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Pesino, 
Sherry
Sent: Wednesday, February 28, 2018 1:31 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Question about confidential data in emails.

Looking for some guidance in dealing with confidential data in email.

How do you handle when outside entities send confidential data via email and that email needs to be retained and if 
not, then how is it securely deleted? Saving an email out of an O365 mailbox and deleting an email may not securely 
remove the mail in all forms that Microsoft stores that email in the mailbox. Scrubbing the info from inside an email 
may not fully scrub it.   Just wondering if there are any procedures anyone uses to securely redact/scrub content from 
an email and procedures for handling when confidential data is sent from an outside entity?

Thank you,
Sherry
____________
Sherry Pesino
Information Security Program Office
Connecticut State Colleges and Universities
61 Woodland Street
Hartford, CT 06105
860-723-0021
pesinos () ct edu<mailto:pesinos () ct edu>