Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Two simple ways to improve utility and confidentiality of e-mail

User behaviors can lead to better information assurance
Security Strategies Alert By M. E. Kabay , Network World , 07/28/2005
Sign up for this newsletter now!

Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Two of the six fundamental attributes of information that information assurance is supposed to protect are utility and confidentiality. In this column, I want to address damage to utility and confidentiality resulting from two of the most common errors in using e-mail: mislabeling the subject and making the addresses of everyone in the distribution list public.

Many people make the mistake of creating new messages to a correspondent by finding any old message from that person and replying to it. The problem is that these people usually leave the old subject intact, resulting in ridiculous situations such as finding a critically important message in July in an e-mail labeled, “Birthday party 12 May.”

Not all e-mail messages are created equal; some are destined for the trash heap, if not of history, at least of the e-mail system. That decision is sometimes made automatically as a function of the subject line. For example, I usually flag e-mail messages that have resulted from jokes and that consist of additional comments tacked to the top of ever-expanding copies of previous messages. Once I add the subject line of these messages to my filter, my e-mail program automatically routes the jokes to a junk mail folder. Anyone inserting operationally important information into such a data stream is out of luck.

Another problem with mislabeled subjects occurs when someone embeds more than one distinct topic in an e-mail message whose subject line implies otherwise. For example suppose an e-mail message subject reads “Next week’s meeting” but the sender includes an urgent request for action today on some critical issue; there’s a good chance the receiver may not open the message right away if other messages seem more important.

Try to make your subject line as descriptive as possible without turning it into a paragraph. Some e-mail systems truncate subject lines in the display of messages that a user sees; it makes sense to put keywords at the front of the subject. I encourage my staff to use prefixes such as “MSIA:” or “OGP:” to help organize their messages. Using standard formats in subject lines can help, too. For example, in our work in the MSIA, I have asked that faculty and staff referring to an issue in a particular seminar use the form “MSIA c.s” in their subject line, where c represents the class (e.g., 7 for students starting in September 2005) and s represents the seminar number.

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed