Forwarded from: matthew patton <pattonme@private> --- InfoSec News <isn@private> wrote: > http://management.silicon.com/government/0,39024677,39122384,00.htm > > By Jo Best > July 19 2004 > > Large companies are now so concerned about the contents of the > electronic communications leaving their offices that they're > employing staff to read employees' outgoing emails. > > According to research from Forrester Consulting, 44 per cent of > large corporations in the US now pay someone to monitor and snoop on > what's in the company's outgoing mail, with 48 per cent actually > regularly auditing email content. Yet information can readily leak through floppies, cdrom's, ftp, https, or the 'simple' act of outsourcing laptop and desktop support. If monitoring email were so critical to preventing information disclosure, where and how do we categorize tens of billion dollar international companies in say financials or pharacuticals that don't protect against connection hopping, use telnet and X11 in the clear, build production and DMZ unix hosts with full development (compilers, you name it) distributions, send their laptops off to the likes of Dell with all corporate product, sales, and other proprietary data still on them and likewise grant these same 3rd parties significant network access to replicate message stores, add the laptop computer to the corporate Active Directory domain, load cryptographic identities and so forth? I'm all for balancing business needs against network security but does this strike anyone else as just a little bit unbalanced? _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Fri Jul 23 2004 - 09:52:21 PDT