Surely no communication system is 100 % trustworthy. However, by encrypting
your email messages (personal and business), you shall be able to have
these sealed envelops. Of course, depending on algorithms, key lenghts,
internal security arrangements (plain files prior to encryptions etc. ..
and so on) among other things (the whole crypto system), these seals may be
weaker or stronger, but they would enable people to have these sealed
envelops. Often executives and other professionals perceive the
cryptography "strangely" and hesitate using it. And new information
technologies make it so convenient for people to write and send messages
that they often forget their own security. Back in 1994, I wrote an
article. See below.
---
Copyright 1994 Markku J. Saarelainen
Security Precautions in Communicating Audit Results using Information
Networks
May, 1994
by
Markku J. Saarelainen
The new technology has had and will have in the future a tremendous impact
on the privacy of individuals and corporations. Laws and regulations can
not keep up with the speed of the technological development. The
information technology - especially so called highways - have enabled
everyone to communicate faster and more conveniently with each other
cross-organizationally. However, this has also increased risks involved in
communicating sensitive and confidential information such as intelligence
audit results. Different network
applications have different security risks; many networks can be very
accessible to any competent Information Technology (IT) specialist. Would
you like to share your private nonconformities with everyone without your
own authorization? Or would you like to be the person who is responsible
for a confidential audit, but who then shares this information with
everyone unknowingly and possibly faces some legal problems? Truly
speaking, I would not want to be this person.
So the information technology, if it is used improperly and without proper
precautions, may create threats to all parties involved in the intelligence
system audit: auditee, auditor and client. These problems may exist in the
facility's Local Area Networks (LANs), inter-organizational networks
(WANs), cross- organizational networks such as Internet - and even any
wireless networks such as cellular telephone networks. The security risks
may materialize in an unauthorized and improper use of user accounts or in
unethical monitoring and surveillance of the communication channels. The
level of the security risk depends on the communication system. If your
organization has a very flexible system and all individuals have access to
all information - be aware that your audit reports may be read by anyone in
this system. Also if you are sharing your audit findings via Internet or
via other cross- organizational networks, be aware that someone may read
your confidential e-mail messages, files and any other communication
between you (auditor), client and auditee.
Every intelligence system auditor should make every effort to ensure that
the audit stays confidential and should take the following precautions,
when the information technology is used for planning, performing and then
reporting the intelligence audit:
1. Make certain that you know which parts of the audit information is
confidential and sensitive; this may depend on the audit - sometimes the
whole audit may be confidential including the scope.
2. Find out who has access to your user account or computer and then
determine if persons having access to your information are ethical and not
using the audit information for their own political purposes; if necessary
perform or request a security audit.
3. Find out who can monitor your audit communication in the network.
4. Make certain that there are policies for the information technology
personnel that prevent the wrong use of any network information.
5. Be certain that your passwords are well protected - and change your
passwords frequently.
6. If you are not satisfied with the information security arrangements, do
not communicate via networks, do not store confidential information in the
network or in your computer; store your audit results in your own private
disks, and only provide hard copies of these results as it is necessary.
7. If you need to communicate via networks, but you are not satisfied with
the security arrangements, use proper encryption software to protect your
information.
8. Avoid communicating any confidential and sensitive audit information via
Internet, if you are not using any encryption software.
Copyright 1994 Markku J. Saarelainen
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
