Safeguarding Critical E-Documents -- Contents -- Foreword -- Preface -- Acknowledgments -- PART I THE PROBLEM AND BASIC TOOLS -- CHAPTER 1 The Problem: Securing Confidential Electronic Documents -- WikiLeaks: A Wake-Up Call -- U.S. Government Attempts to Protect Intellectual Property -- Threats Persist across the Pond: U.K. Companies on Guard -- Increase in Corporate and Industrial Espionage -- Risks of Medical Identity Theft -- Why Don't Organizations Safeguard Their Information Assets? -- The Blame Game: Where Does Fault Lie When Information Is Leaked? -- Consequences of Not Employing E-Document Security -- Notes -- CHAPTER 2 Information Governance: The Crucial First Step -- First, Better Policies -- Then, Better Technology for Better Enforcement -- Defining Information Governance -- Accountability Is Key -- Why IG Is Good Business -- Impact of a Successful IG Program -- Critical Factors in an IG Program -- Who Should Determine IG Policies? -- Notes -- PART II Information Platform Risks and Countermeasures -- CHAPTER 3 Managing E-Documents and Records -- Enterprise Content Management -- Document Management Principles -- The Goal: Document Lifecycle Security -- Electronic Document Management Systems -- Records Management Principles -- Electronic Records Management -- Notes -- CHAPTER 4 Information Governance and Security for E-mail Messages -- Employees Regularly Expose Organizations to E-mail Risk -- E-mail Policies Should Be Realistic and Technology Agnostic -- Is E-mail Encryption the Answer? -- Common E-mail Security Mistakes -- E-mail Security Myths -- E-record Retention: Fundamentally a Legal Issue -- Preserve E-mail Integrity and Admissibility with Automatic Archiving -- E-mail Archiving Rationale: Compliance, Legal, and Business Reasons -- Don't Confuse E-mail Archiving with Backup -- No Personal Archiving in the Workplace.

Are All E-mails Records? -- Destructive Retention of E-mail -- Notes -- CHAPTER 5 Information Governance and Security for Instant Messaging -- Instant Messaging Security Threats -- Stealing Information through Hijacking and Impersonation -- Denial-of-Service Attacks Freeze Access -- Network Sniffers and Unauthorized Disclosure of Information Assets -- Best Practices for Business IM Use -- Technology to Monitor IM -- Tips for Safer IM -- Notes -- CHAPTER 6 Information Governance and Security for Social Media -- Types of Social Media in Web 2.0 -- Social Media in the Enterprise -- Key Ways Social Media Is Different from E-mail and Instant Messaging -- Biggest Security Threats of Social Media -- Legal Risks of Social Media Posts -- Tools to Archive Facebook and Twitter -- IG Considerations for Social Media -- Notes -- CHAPTER 7 Information Governance and Security for Mobile Devices -- Current Trends in Mobile Computing -- Security Risks of Mobile Computing -- Securing Mobile Data -- IG for Mobile Computing -- Building Security into Mobile Applications -- Real Threats Are Poorly Understood -- Innovation versus Security: Choices and Trade-Offs -- Best Practices to Secure Mobile Applications -- Notes -- CHAPTER 8 Information Governance and Security for Cloud Computing Use -- Defining Cloud Computing -- Key Characteristics of Cloud Computing -- What Cloud Computing Really Means -- Cloud Deployment Models -- Greatest Security Threats to Cloud Computing -- Document and Data Breaches -- The Enemy Within: Insider Threats -- Hacking and Rogue Intrusions -- Insecure Points of Cloud Connection -- Issues with Multi-tenancy and Technology Sharing -- Hacking, Hijacking, and Unauthorized Access -- Who Are Your Neighbors? -- IG Guidelines: Managing Documents and Records in the Cloud -- Managing E-Docs and Records in the Cloud: A Practical Approach -- Notes.

PART III E-Records Considerations -- CHAPTER 9 Information Governance and Security for Vital Records -- Defining Vital Records -- Types of Vital Records -- Impact of Losing Vital Records -- Creating, Implementing, and Maintaining a Vital Records Program -- Essential Steps to Implementing a Vital Records Program -- Critical Identifiers for Vital Records -- U.S. National Archives Approach to Identify Vital Records -- Implementing Protective Procedures -- Instant Continuous Backup -- Off-site Continuity Options -- Auditing the Vital Records Program -- Notes -- CHAPTER 10 Long-Term Preservation of E-Records -- Defining Long-Term Digital Preservation -- Key Factors in LTDP -- Electronic Records Preservation Processes -- Controlling the Process of Preserving Records -- Notes -- PART IV Information Technology Considerations -- CHAPTER 11 Technologies That Can Help Secure E-Documents -- Challenge of Securing E-Documents -- Protecting E-Documents: Limitations of Repository-Based Approaches -- Limitations of Current E-Document Security -- Apply Better Technology for Better Enforcement in the Extended Enterprise -- Protecting E-Documents in the Extended Enterprise -- Basic Security for the Microsoft Windows Office Desktop -- Where Do Deleted Files Go? -- Lock Down: Stop All External Access to Confidential E-Docs -- Secure Printing -- Serious Security Issues with Large Print Files of Confidential Data -- Controlling Access to Documents Using Identity Access Management -- Enforcing IG: Protect Files with Rules and Permissions -- Data Governance Software to Manage Information Access -- E-Mail Encryption -- Secure Communications Using Record-Free E-Mail -- Digital Signatures -- Document Encryption -- Data Loss Prevention Technology -- What DLP Does Well (and Not-So-Well) -- Basic DLP Methods -- The Missing Piece: Information Rights Management.

Key IRM Characteristics -- Other Key Characteristics of IRM -- Notes -- CHAPTER 12 Safeguarding Confidential Information Assets -- Cyber Attacks Proliferate -- The Insider Threat: Malicious or Not -- Countering the Insider Threat -- The Malicious Insider -- The Non-Malicious Insider -- The Solution -- Critical Technologies for Securing Confidential Documents -- Is Encryption Enough? -- First-to-Market Enterprise Digital Rights Management Solutions -- The Promise of Data Loss Prevention -- Data Loss Prevention: Limitations -- Device Control Methods -- Thin Clients -- A Note about Database Security -- The Compliance Aspect -- A Hybrid Approach: Combining DLP and IRM Technologies -- Securing Trade Secrets after Layoffs and Terminations -- Persistently Protecting Blueprints and CAD Documents -- Securing Internal Price Lists -- Approaches for Securing Data Once It Leaves the Organization -- Document Labeling -- Document Analytics -- Confidential Stream Messaging -- Notes -- PART V Rolling It Out: Project and Program Issues -- CHAPTER 13 Building the Business Case to Justify the Program -- Determine What Will Fly in Your Organization -- Strategic Business Drivers for Project Justification -- Benefits of Electronic Records Management -- Presenting the Business Case -- Notes -- CHAPTER 14 Securing Executive Sponsorship -- Executive Sponsor Role -- Project Manager: Key Tasks -- It's the Little Things -- Evolving Role of the Executive Sponsor -- Notes -- CHAPTER 15 Safeguarding Confidential Information Assets: Where Do You Start? -- Business Driver Approach -- Classification -- Document Survey Methodology -- Interviewing Staff in the Target Area -- Selecting Interviewees -- Setting Up Interviews -- Tips for Planning Interviews -- Preparing Interview Questions -- Necessary Information -- Drafting Questions -- Prioritizing: Document and Records Value Assessment.

Second Phase of Implementation -- Notes -- CHAPTER 16 Procurement: The Buying Process -- Evaluation and Selection Process: RFI, RFP, or RFQ? -- Request for Information -- Request for Proposal -- Request for Quote -- Negotiated Procurement -- Evaluating Software Providers: Key Criteria -- Technological Fit -- Company Viability -- Track Record -- Support -- Access to Senior Management -- Partnerships -- Technology Architecture and Scalability -- Total Cost of Ownership -- Ease -- Training -- Negotiating Contracts: Ensuring the Decision -- More Contract Caveats -- How to Pick a Consulting Firm: Evaluation Criteria -- CHAPTER 17 Maintaining a Secure Environment for Information Assets -- Monitoring and Accountability -- Continuous Process Improvement -- Why Continuous Improvement Is Needed -- Notes -- Conclusion -- Note -- APPENDIX A Digital Signature Standard -- Note -- APPENDIX B Regulations Related to Records Management -- Department of Defense Rule 5015.2-STD -- National Archives and Records Administration (NARA) -- Gramm-Leach-Bliley Act -- Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) -- Patriot Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001) -- Sarbanes-Oxley Act (SOX) -- SEC Rule 17A-4 -- CFR Title 47, Part 42-Telecommunications -- CFR Title 21, Part 11-Pharmaceuticals -- APPENDIX C Listing of Technology and Service Providers -- Glossary -- About the Author -- Index.