1 / 13

Official information in email – managing the risk of leakage

Official information in email – managing the risk of leakage. Reduce risk via protective markings Simplify email security for end-users Whole of Government approach. Neville Jones November 2005. Concept. PSM rules for email Keep ICT Security Simple for users

peri
Download Presentation

Official information in email – managing the risk of leakage

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Official information in email – managing the risk of leakage • Reduce risk via protective markings • Simplify email security for end-users • Whole of Government approach Neville JonesNovember 2005

  2. Concept • PSM rules for email • Keep ICT Security Simple for users • make email system do the hard stuff • get more value out of email system

  3. In the beginning there was...

  4. Official email • Email as channel • big • useful • Risks for Government

  5. Email security difficult for users • Message path hell • Email policy hell • Users are not routing experts! • Users are not security experts!

  6. (Wireless) Officer Officer Your Agency Internet Wireless PSTN firewall Private network Partner Agency Partner Agency Corporate Network Private Individual Fax gateway ISP (Remote) Officer Officer Officer Officer Message path hell

  7. Email security can be simpler • Let email system do the work! • Enforce policy at email components • Use principles of PSM • How to put protective markings in emails?

  8. Message-ID: <424A38E9.8000708@example.gov.au> Date: Wed, 230 Nov 2005 9:28:09 +1100 From: "Jane Doe" <j.doe@example.gov.au> User-Agent: Microsoft Outlook X-Accept-Language: en-us, en X-Protective-Marking: [VER=2005.6, NS=gov.au, SEC=UNCLASSIFIED, ORIGIN=j.doe@example.gov.au] MIME-Version: 1.0 To: "Smith, John" <john.smith@other.gov.au> Subject: Hello World [SEC=UNCLASSIFIED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit RFC2822 MESSAGE RFC2822 HEADER RFC2822 BODY MIME BODY(s) MIME ATTACHMENT(s) Protective markings for email

  9. Creating the marking

  10. Real world problem

  11. Risk management implementation • Email client enablement • Encryption invoked by classification level • End user doesn't have to click “Encrypt”

  12. Wide scope of application • Client side rules • Gateway flow control • Gateway encryption/decryption • Official email register • Archive management • Web headers

  13. Gateway flow control • Major area of Government activity • DSD / ACSI33 & AGIMO • Sending • Receiving • Agency adoption

More Related