User Account

All Pages

Ftp transfers-web mail and message boards

Assignment Help Management Theories
Reference no: EM131052997

CASE

I t's not what's coming into the corporate network that concerns Gene Fredriksen; it's what's going out. For the chief security officer at securities brokerage Raymond James Financial Inc. in St. Petersburg, Florida, leakage of sensitive customer data or proprietary information is the new priority. The problem isn't just content within e-mail messages, but the explosion of alternative communication mechanisms that employees are using, including instant messaging, blogs, FTP transfers, Web mail, and message boards. It's not enough to just monitor e-mail, Fredriksen says. "We have to evolve and change at the same pace as the business," he explains. "Things are coming much faster." So Fredriksen is rolling out a network-based outbound content monitoring and control system. The software, from San Francisco-based Vontu Inc., sits on the network and monitors traffic in much the same way that a network-based intrusion-detection system would. Rather than focusing on inbound traffic, however, Vontu monitors the network activity that originates from Raymond James's 16,000 users.

It examines the contents of each network packet in real time and issues alerts when policy violations are found. Network-based systems do more than just rule-based scanning for Social Security numbers and other easily identifiable content. They typically analyze sensitive documents and content types and generate a unique fingerprint for each. Administrators then establish policies that relate to that content, and the system uses linguistic analysis to identify sensitive data and enforce those policies as information moves across the corporate LAN. The systems can detect both complete documents and "derivative documents," such as an IM exchange in which a user has pasted a document fragment. When BCD Travel began to investigate what it would take to get Payment Card Industry (PCI) certification for handling customer credit card data, Brian Flynn, senior vice president of technology, realized that he didn't really know how his employees were handling such information. Not only could PCI certification be denied, but the travel agency's reputation and business could also be harmed. At the National Football League's Houston Texans, IT Director Nick Ignatiev came to the same realization as he investigated PCI certification. In both cases, vendors they'd been working with suggested a new technology:

outbound content management tools that look for proprietary information that might be leaving the company via e-mail, instant messaging, or other avenues. Flynn started to use Reconnex's iGuard network appliance, with vivid results. "It was a shock to see what was going out, and that gave us the insight to take action," he says. After Ignatiev examined his message flow using Palisade System's Packet Sure appliance, he too realized that his employees needed to do a better job protecting critical data, including customer credit cards, scouting reports, and team rosters. How does the technology work? Basically, the tools filter outgoing communication across a variety of channels, such as e-mail and IM, to identify sensitive information. They're based on some of the same technologies-like pattern matching and contextual text search-that help antivirus and antispam tools block incoming threats. Tools typically come with basic patterns already defined for personally identifiable information, such as Social Security and credit card numbers, as well as templates for commonly private information, such as legal filings, personnel data, and product testing results. Companies typically look for three types of information using these tools, notes Paul Kocher, president of the Cryptography Research consultancy. The first, and easiest, type is personally identifiable information, such as Social Security numbers and credit card information. The second type is confidential company information, such as product specifications, payroll information, legal files, or supplier contracts. Although this information is harder to identify, most tools can uncover patterns of language and presentation when given enough samples, Kocher notes.

The third category is inappropriate use of company resources, such as potentially offensive communications involving race. The traditional security methods may restrict sensitive data to legitimate users, but Flynn and Ignatiev found that even legitimate users were putting the data, and their companies, at risk. At BCD Travel, a corporate travel service, nearly 80 percent of its 10,000 employees work in call centers and thus have legitimate access to sensitive customer information. BCD and the Texans did not find malicious activity; instead, they found people who were unaware of security risks, such as sending a customer's credit card number by e-mail to book a flight or room from a vendor that didn't have an online reservations system. Fidelity Bancshares Inc. in West Palm Beach, Florida, is using the message-blocking feature in Port Authority from Port Authority Technologies Inc. in Palo Alto, California. Outbound e-mail messages that contain Social Security numbers, account numbers, loan numbers, or other personal financial data are intercepted and returned to the user, along with instructions on how to send the e-mail securely. Joe Cormier, vice president of network services, says he also uses Port Authority to catch careless replies. Customers often send in questions and include their account information.

"The customer service rep would reply back without modifying the e-mail," he says. "The challenge with any system like this is they're only as valuable as the mitigation procedures you have on the back end," notes Fredriksen. Another key to success is educating users about monitoring to avoid "Big Brother" implications. "We are making sure that the users understand why we implement systems like this and what they're being used for, he says. Mark Rizzo, vice president of operations and platform engineering at Perpetual Entertainment Inc. in San Francisco, learned in a previous job the consequences of not protecting intellectual property. "I have been on the side of things disappearing and showing up at competitors," he says. The start-up online game developer deployed Tablus's Content Alarm to remedy the problem. Rizzo uses it to look for suspicious activity, such as large files that are moving outside the corporate LAN. Now that the basic policies and rules have been set, the system doesn't require much ongoing maintenance, he says. Still, Rizzo doesn't use blocking because he would need to spend significant amounts of time to create more policies in order to avoid false positives. Although companies in highly regulated industries can justify investing in outbound content monitoring and blocking tools, other organizations may have to sharpen their pencils to justify the cost. These are very expensive solutions to deploy. Fredriksen, who built a system to support 16,000 users, says that for a setup with about 20,000 users, "you're in the $200,000 range, easily."

With outbound content management tools, "you can build very sophisticated concept filters," says Cliff Shnier, vice president for the financial advisory and litigation practice at Aon Consulting. Typically, the tools come with templates for types of data that most enterprises want to filter, and they can analyze contents of servers and databases to derive filters for company-specific information, he says. (Consulting firms can improve these filters using linguists and subject matter experts.) As any user of an anti-spam tool knows, no filter is perfect. "A big mistake is to have too much faith in the tools. They can't replace trust and education," says consultant Kocher. They also won't stop a determined thief, he says. Even when appropriately deployed, these tools don't create an ironclad perimeter around the enterprise. For example, they can't detect information that flows through Skype voice over IP (VoIP) service or SSL (Secure Sockets Layer) connections, Kocher notes. They can also flood logs with false positives, which makes it hard for IT security staff to identify real problems. That's why chief information officers should look at outbound content management as a supplemental tool to limit accidental or unknowing communication of sensitive data, not as the primary defense. Fredriksen says that although Vontu is important, it's still just one piece of a larger strategy that includes an overlapping set of controls that Raymond James uses to combat insider threats. "This augments the intrusion-detection and firewall systems we have that control and block specific ports," he says. "It's just a piece. It's not the Holy Grail."

CASE STUDY QUESTIONS

1. Barring illegal activities, why do you think that employees in the organizations featured in the case do not realize themselves the dangers of loosely managing proprietary and sensitive information? Would you have thought of these issues?

2. How should organizations strike the right balance between monitoring and invading their employees' privacy, even if it would be legal for them to do so? Why is it important that companies achieve this balance? What would be the consequences of being too biased to one side?

3. The IT executives in the case all note that outbound monitoring and management technologies are only part of an overall strategy, and not their primary defense. What should be the other components of this strategy? How much weight would you give to human and technological factors? Why?

Reference no: EM131052997

Questions Cloud

What decision is made regarding the null hypothesis : For H0: µ = 10, α = 0.05, using a t-statistic, and x- = 12, σ = 4, n = 16, what decision is made regarding the null hypothesis
Introducing the virtualization tools to it executives : Virtualization's big push to fame was arguably kick started by VMware's Workstation product, which allowed individual users to run a bunch of operating systems (OS), versions, or instances (similar to multiple application windows) instead of havin..
Invasion of iraq different from kaplan explanation : 1. Why, according to Gregory, did the U.S. need to conduct "a performance of territory through which the fluid networks of Al-Qaeda could be fixed in a bounded space"? 2. In what ways, according to Gregory, have Palestinians been rendered as homine..
The holocaust and moral philosophy : Debate It: Take a position for or against this statement: The moral philosophy of the Holocaust suggests that morals are relative, not absolute. Provide reasons and examples to support your view.
Ftp transfers-web mail and message boards : I t's not what's coming into the corporate network that concerns Gene Fredriksen; it's what's going out. For the chief security officer at securities brokerage Raymond James Financial Inc. in St. Petersburg, Florida, leakage of sensitive customer ..
Discuss importance of evaluating conflict coaching programs : Discuss how behavioral assessments aid the conflict coach in achieving needed behavioral change. Explain why cultural influences matter in conflict coaching processes.
Why is using bayes theorem important to help answer business : Why is using Bayes' theorem important to help answer business-related questions? What does this theorem allow you to do that traditional statistics do not? What are some prerequisites for using Bayesian statistics?
Disagreement with kant categorical imperative : Discuss your level of agreement or disagreement with Kant's "categorical Imperative" and respond to this question: Can people determine in every circumstance what "the right thing to do" would be? Provide reasons and examples to support your view.
Evaluate the societal impact of a technology in an area : Evaluate the societal impact of a technology in an area of your choosing such as the environment, medicine, genetics, entertainment, education, or family life. Consider the role of values, beliefs, and ethics in the societal impact.

Reviews

Write a Review

Management Theories Questions & Answers

  Theory of reasoned action

Theory of Planned Behavior and Integrated Behaviors Model

  What is long-term goal of international trade secretariats

What is the long-term goal of international trade secretariats (ITSs) and Which component of a typical expatriate compensation package compensates the expatriate for having to live in an unfamiliar country isolated from family and friends, deal wit..

  Do interest groups help or hinder the policymaking process

1.Do interest groups help or hinder the policymaking process?

  Essentially summarize the gaps model of service quality

The goalof your final term paper is to essentially summarize the Gaps Model of Service Quality

  What general media have to say about current state of affair

By examining any available data you can access, what can you deduce are the major impacts on the organization's professional and managerial human resources?

  Need help with a modified marketing plan for a coffee shop

Need help with a Modified Marketing Plan for a Coffee Shop. The product would be coffee that has vitamins and minerals that would aid in weight loss.

  The use of the buffer can reduce the running time

Consider a program that accesses a single I/O device and compare unbuffered I/O to the use of a buffer. Show that the use of the buffer can reduce the running time by at most a factor of two.

  Describe the three essential management skills

Describe the three essential management skills that differentiate effective managers from ineffective ones. Provide a work place example of how these skills could be used when dealing with the challenge of a work place recession.

  High tech alliance and technology transfers from developed

Must look look into Strategy, competition & analysis (internal&external risk discussion), Global Market (eGlobal & eLocal), Global alliances & cultural influences, government influences and then look into impacts. 10 pages with APA referencing, 10 re..

  Opportunity to students to investigate

This assignment gives the opportunity to students to investigate new area of study totally related to consumer behavior theories but happened in the real life and to fully understand why we need to understand consumers.

  Impact on the risk return profile of a firm

Every financial decision has an impact on the risk return Profile of a firm." Therefore, the financing decision of Working capital of a firm also determines the risk return Profile of a firm with regard to its working capital.

  Describe the channel systems used for the product offering

1.Describe the channel systems used for the product offering of automobile insurance companies (i.e vertical marketing systme, what intermediaries are used, etc.)

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd