Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Two simple ways to improve utility and confidentiality of e-mail

User behaviors can lead to better information assurance
Security Strategies Alert By M. E. Kabay , Network World , 07/28/2005
Sign up for this newsletter now!

Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.

  • Share/Email
  • Comment
  • Print

Two of the six fundamental attributes of information that information assurance is supposed to protect are utility and confidentiality. In this column, I want to address damage to utility and confidentiality resulting from two of the most common errors in using e-mail: mislabeling the subject and making the addresses of everyone in the distribution list public.

Many people make the mistake of creating new messages to a correspondent by finding any old message from that person and replying to it. The problem is that these people usually leave the old subject intact, resulting in ridiculous situations such as finding a critically important message in July in an e-mail labeled, “Birthday party 12 May.”

Not all e-mail messages are created equal; some are destined for the trash heap, if not of history, at least of the e-mail system. That decision is sometimes made automatically as a function of the subject line. For example, I usually flag e-mail messages that have resulted from jokes and that consist of additional comments tacked to the top of ever-expanding copies of previous messages. Once I add the subject line of these messages to my filter, my e-mail program automatically routes the jokes to a junk mail folder. Anyone inserting operationally important information into such a data stream is out of luck.

Another problem with mislabeled subjects occurs when someone embeds more than one distinct topic in an e-mail message whose subject line implies otherwise. For example suppose an e-mail message subject reads “Next week’s meeting” but the sender includes an urgent request for action today on some critical issue; there’s a good chance the receiver may not open the message right away if other messages seem more important.

Try to make your subject line as descriptive as possible without turning it into a paragraph. Some e-mail systems truncate subject lines in the display of messages that a user sees; it makes sense to put keywords at the front of the subject. I encourage my staff to use prefixes such as “MSIA:” or “OGP:” to help organize their messages. Using standard formats in subject lines can help, too. For example, in our work in the MSIA, I have asked that faculty and staff referring to an issue in a particular seminar use the form “MSIA c.s” in their subject line, where c represents the class (e.g., 7 for students starting in September 2005) and s represents the seminar number.

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.

  • Share/Email
  • Comment
  • Print
Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.

Download the white paper.

Applications: taking back control

Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.

Learn more today.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Network World,to go. Wherever you are. Breaking news delivered to your mobile device. Select the hottest topics in networking and start receiving Network World on your mobile device today.