Workplace – Other than the standards concerning encryption

Workplace communication is vital to ensure company competitiveness, a fluid and reliable communication system increases productivity and allows employees to operate effectively. Security Policies should be built into the design and use of the system to enable sufficient protections for the users data from attack. The system in place will carry everything from menial message to highly confidential documents so will need to be sufficiently protected. AnalysisWhen preparing a new security policy for an email server network analysis has to take place. To ensure countermeasures are in place sufficient investigation of the weaknesses has to take place. Possible attacks could include– message interception (confidentiality) – message interception (blocked delivery)- message interception and subsequent replay – message content modification- message origin modification – denial of message transmissionServer OrientatedThrough analysing a variation of Standards (PEM RFC1421-1424, PGP RFC2316, S/MIME, MOSS RFC1848, SSL & a combination of the previous). S/MIME is the standard of choice as it is now widely used and adopted as a universal standard for signing and encrypting emails. This is because of its email encryption process and how it allows the sender to provide a digital signature so the recipient can confirm authenticity. This standard fulfills the necessary confidentiality, authenticity, integrity and  Non-Repudiation requirements so that sensitive information is not eavesdropped, altered or erased. ADD TOOUser Orientated – Other than the standards concerning encryption and authenticity there are procedures users of the system should follow to minimise email data interception. The possibility of spam, viruses and malicious software / links being sent to users via email in the search for sensitive data is a significant concern. The IT dept. should have the ability to scan emails for malicious files that could cause damage to users data or the overall system. This won’t catch 100% of ‘illicit Emails’ so procedures for user to follow are listed below.Users should not forward any chain letter. Do not share emails that could cause harm to other users, the system or company information.Users should not transmit unwanted mass emails (spam) to anyone. User should not send any email that supports illegal or unethical activities. Users should not attempt to spread any messages/ files without the approval of Senior Management.


I'm Harold!

Would you like to get a custom essay? How about receiving a customized one?

Check it out