BIP 0020:2008 Securing Email and Electronic Messages

Electronic messaging is, for many organizations, the single most important element of a company’s IT infrastructure. It is hard to imagine an office environment in which the first application launched by user after starting up their PC isn’t an e-mail client or Instant Messaging application. But while embracing this technology it is vital that steps are put in place that address both the security of the mail infrastructure itself, and the content that passes through it.

This book provides an overview of the major areas of concern to those responsible for an organization’s messaging infrastructure and includes information on disclaimers and usage policies, network security, content security, encryption, managing remote users, maintenance and good housekeeping, as well as a glossary explaining the technical terms associated with email and electronic messaging.

The more email becomes an indispensable business tool, the greater the number of users that demand constant access. This demand has in turn fed the development of ever smaller and affordable portable email devices, such as smartphones, PDAs (personal digital assistants) and handhelds. Software vendors have responded to this demand by providing built-in support for mobile devices and reducing the cost and complexity of maintaining a mobile messaging infrastructure.

Email is an essential part of nearly every aspect of running and maintaining a business. Appropriate effort must be made to maintain the smooth operation of your infrastructure, enforce the integrity and security of email and to protect and, where necessary, control access to information.

So, how does an IT department accommodate these ever increasing demands and still maintain a good level of security? The purpose of this book is to attempt to answer this question by providing an overview of the major areas of concern to someone responsible for an organization’s messaging infrastructure. The book aims to highlight some of the common vulnerabilities and, hopefully, present them in such a way that you can examine how they might apply to your own infrastructure.

The book also covers several key areas that should be examined as part of your organization’s overall security policy and aims to address both the security of your mail infrastructure itself and the content that passes through it.