2004-04-28

Chenault, Daniel. Content Security in the Enterprise - Spam and Beyond. eBook. 2004.

High-speed Internet access has become ubiquitous across small and large enterprises worldwide. Businesses acknowledge that Internet applications such as email, Web browsing, and instant messaging are essential ways to communicate with customers, suppliers, and partners. But with the opportunities that these applications provide come many risks and threats that an organization needs to address. This book explores these risks and discusses ways in which they can be reduced or eliminated by limiting inappropriate use, eliminating spam, protecting corporate information assets, and ensuring that the Internet is secure and available for authorized business purposes.

Bryant, Steve. The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003. eBooks. 2004.

This eBook (sponsored by Quest Software) will educate Exchange administrators and systems managers on how to best approach the migration and overall management of an Exchange 2003 environment. The book will focus on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security and management.

Roberts, Paul. E-mail provider tries message fingerprinting. InfoWorld. April 12, 2004.

E-mail provider Everyone.net Inc. says it has a new program to protect e-mail users from one by-product of the plague of unsolicited commercial ("spam") e-mail: bounced e-mail messages. The San Jose, California, company plans to announce an enhanced e-mail protection service called Total Protection 2.0 Tuesday at the ISPCon conference in Washington, D.C. The new service includes a technology called Email Fingerprint, that can stop "bounce storms," in which e-mail users who have had their e-mail address stolen by spammers or e-mail worms receive a flood of returned e-mail messages.

Rosen, Jeffrey. Data Surveillance. Washingtonpost.com. April 20, 2004.

Most Americans do not care about exposing themselves to massive data surveillance but they should, says George Washington University law professor and New Republic legal affairs editor Jeffrey Rosen in his new book, "The Naked Crowd." Rosen discussed technology and the uneasy balance between security and privacy on April 20 at 2 p.m. on washingtonpost.com.

Editorial. Too Many Firms Still Not Enforcing Internet Policies. HR Gateway.com. April 19, 2004.

Although the vast majority of firms now understand the need for an Internet policy, almost four in ten do not strictly monitor employee surfing, according to a new poll.

Seda, Catherine. Stopped in Your Tracks? Entrepreneur Magazine. May 2004.

Interesting article with "5 tips to make sure your e-mails don't get tagged as spam". Looks like this is intended as a tips and tricks article for spammers ...

Holmes, Leonard. Emailing Your Doctor or Therapist. Mental Health Resrouces. April 2004.

Atricle discussing e-mail policies concerning communications between doctors/therapists and clients. References American Medical Association standards for email communications between physicians & patients.

MacAskill, Ewen & Michael White. How Email became a Diplomatic Incident. Guardian Unlimited. April 28, 2004.

Interesting article on how a casual email that began in a Libyan internet cafe became the 'Arabist revolt' letter signed by 52 former British diplomats that is wreaking havoc on Downing St.

2004-04-25

Microsoft Research. Stuff I've Seen Prototype Tool. 2003-2004.

This is an interesting prototype tool designed by the Adaptive Systems and Interaction Team at Microsoft Research that attempts to provide a unified search engine spanning multiple datasources i.e. PSTs, MAPI, File System and presumably SPPS, etc. Interesting. There's a good screenshot here http://research.microsoft.com/adapt/sis/images/screenshots/IQScreenShot[1].png. There's also a good writeup on this other blog http://www.michaelhanscom.com/eclecticism/2003/11/stuff_ive_seen.html ... apparently Stuff I've Seen will remember ANY website, network resource, etc. that's been visited over the past 365 days and include this in it's searchability. I could use this today! As I continue to think about e-mail policy enforcement, one thing is becomming extremely clear -- being able to search effectively and rapidly across multiple Microsoft Exchange-related datasources (esp. Multiple .PSTs, MAPI private folders, MAPI and non-MAPI public folder hierarchies, etc.) is important to any comprehensive solution for the e-mail policy-enforcement problem facing today's enterprise.

MacDonald, Heather. What We Don't Know Can Hurt Us. Frontpagemag.com. April 20, 2004.

Bit of a rambling article on anti-terrorism efforts vs. privacy concerns. Interesting mention of Microsoft's "Data Mining Exploration Group" and it's purported 'founder', Usama Fayyad.

2004-04-19

Report of Davis Polk & Wardwell to The Shell Group Audit Committee - Executive Summary. March 31, 2004

Full text of the executive summary concerning the now high-profile Shell investigation concerning compliance with SEC regulations. E-mail evidence forms a significant portion of what's discussed in this document.

Survey Report: People and technology. Chartered Institute of Personnel and Development. June 2003.

Some interesting quotes in this report, which was based on responses to a questionnaire sent to 4,000 HR professionals across a range fo sectors in the UK in March 2003. With the use of an additional telephone survey, 317 responses were received.: - "We also asked survey respondents about their staff use of the Internet and e-mail. Although 94% of the organisations surveyed have a policy on this, 59% report problems arising from misuse of the Internet or e-mail by employees. The majority of those respondents reporting such problems (85%) have taken disciplinary action short of dismissal or suspension for such misuse within the past five years. Fourty-two per cent have dismissed employees, and 27% have suspended staff." - "90% of private sector organizations have taken disciplinary actions as a result of staff misues of the Internet or e-mail, compared with 77% of those in the public sector" - "The survey suggests that HR policies on staff use of the Internet and e-mail are now widespread .... Where such abuse by staff occurs, the costs for organizations can be high - for example, in time-wasting by staff, damage to the organisation's reputation where inappropriate e-mails are sent externally, or even fraud or other criminal activities by employees. The need for an effective well-communicated policy in this area is therefore urgent" ... see p. 14 of the report (esp. Table 9) for more details.

2004-04-18

Allen, Doug. E-Mail Storage: Your Next Mission-Critical Application. Network Magazine. March 3, 2004.

Interesting article on e-mail storage from the perpectives of (i) regulatory compliance and (ii) overal value to business. There's also an interesting "E-mail Retention Timeline" in the left sidebar. Quotes from the article: - "Don't think that because you put something somewhere on day one, your job is done. E-mail, like all relevant data, has a life of its own." (Duplessie, ESG) - "Internally, business and IT groups must make certain that a system is in place to ensure that privacy policies are followed and personally identifiable information is protected" (Matt Cain, Meta Oct. 2002 Research Note).

2004-04-16

Robichaux, Paul. Exchange and Windows Storage Server, Together at Last. Windows & .NET Magazine. April 15, 2004.

Paul comments on the new Windows Storage Server made at the Storage Networking World Spring 2004 conference in Orlando this week.

2004-04-14

Whitepaper: Achieving Sarbanes-Oxley Compliance and Working Capital Management Goals Using Industry Best Practices. Icons, Inc. - BankingInfoSec.com

This document focuses on how innovative new technologies are helping enterprises deploy and utilize industry best practices in this new era of increasing quality and compliance requirements. It specifically addresses two sections of Sarbanes-Oxley: Section 302, which covers accuracy of financial reporting and timeliness of disclosure procedures, and Section 404, which governs the internal controls used by public companies to ensure and measure the propriety and precision of financial reports. This paper also describes how Working Capital Management Solutions can be used in the financial supply chain to achieve compliance and quality goals.

Parker, Xenia Ley. The Impact of Sarbanes-Oxley Compliance on IT Audit. SmartPros. April 2004.

From the boardroom to line management, people are talking about compliance with the Sarbanes-Oxley Act of 2002 ("SOX"), designed to "protect investors by improving the accuracy and reliability of corporate disclosures." Auditors, both internal and external, are challenged to meet the new requirements. Because the Securities and Exchange Commission oversees financial reporting of listed companies, it is responsible for enforcing compliance rules.

2004-04-11

Robichaux, Paul. The Security Bug That Wasn't. Windows & .NET Magazine. April 8, 2004.

Commentary by Paul Robichaux on a recent "security bug" published by NTBugTraq.

2004-04-02

Gates, Bill. Executive E-Mail: Microsoft Progress Report: Security. Microsoft Corporation, March 31, 2004.

Text of Bill Gates' executive progress report on security innovation. Touches on Exchange Edge Services. Four main security-focused investments will be in (i) isolation & resiliency, (ii) updating, (iii) quality and (iv) authentication & access control.