- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
Two of the six fundamental attributes of information that information assurance is supposed to protect are utility and confidentiality. In this column, I want to address damage to utility and confidentiality resulting from two of the most common errors in using e-mail: mislabeling the subject and making the addresses of everyone in the distribution list public.
Many people make the mistake of creating new messages to a correspondent by finding any old message from that person and replying to it. The problem is that these people usually leave the old subject intact, resulting in ridiculous situations such as finding a critically important message in July in an e-mail labeled, “Birthday party 12 May.”
Not all e-mail messages are created equal; some are destined for the trash heap, if not of history, at least of the e-mail system. That decision is sometimes made automatically as a function of the subject line. For example, I usually flag e-mail messages that have resulted from jokes and that consist of additional comments tacked to the top of ever-expanding copies of previous messages. Once I add the subject line of these messages to my filter, my e-mail program automatically routes the jokes to a junk mail folder. Anyone inserting operationally important information into such a data stream is out of luck.
Another problem with mislabeled subjects occurs when someone embeds more than one distinct topic in an e-mail message whose subject line implies otherwise. For example suppose an e-mail message subject reads “Next week’s meeting” but the sender includes an urgent request for action today on some critical issue; there’s a good chance the receiver may not open the message right away if other messages seem more important.
Try to make your subject line as descriptive as possible without turning it into a paragraph. Some e-mail systems truncate subject lines in the display of messages that a user sees; it makes sense to put keywords at the front of the subject. I encourage my staff to use prefixes such as “MSIA:” or “OGP:” to help organize their messages. Using standard formats in subject lines can help, too. For example, in our work in the MSIA, I have asked that faculty and staff referring to an issue in a particular seminar use the form “MSIA c.s” in their subject line, where c represents the class (e.g., 7 for students starting in September 2005) and s represents the seminar number.
M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment