Question

Perform research on Risk Assessment in large corporations (any facet of risk assessment – such as email policies, wifi usage, web access, or physical security). Now, imagine you are the security manager for that company. How could you implement a company-wide email policy to minimize risk from intruders or misuse?

Write a posting explaining your plan. Post between 100 and 200 words for your initial post.

Answer 1

Implement a company - wide email policy to minimize risk from intruders or missuse --

• While implementing email policy of company to minimize risk is to create a email security policy which includes -- the message regardless of format (HTML, RTF, SMTP), attachments( application, documents and images) and the supporting infrastructure like server that transmit and store email.
• The user of the company can access private accounts through web mail. The email security policy should provide acceptable accounts use guidelines for private accounts like hotmail, yahoo etc.
• The web based email contains number of risk like common virus and spyware carrier so it is very important to secure.
• The need of email access should be granted credentials, adn the credential should be revoked after need is end.
• Do not open attachments from unknown parties and do not use degrading languages. and do not attach confidential material.
• The user should send email under their own username. to preserve email channels, the clauses that restricts use of lists and prohibits broadcast messages should be included in policy
• Configure email server to restrict access to global list to some users and monitor outbound email traffic.
• The policy include establishment of parameters for monitoring and auditing email accounts and define how the investigation will take place.
• Sending email from company should be encrypted, and should be monitored regularly.