Unit5project

docx

School

Columbia Southern University *

*We aren’t endorsed by this school

Course

4320

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

7

Uploaded by briandjones127

Report
Running head: UNIT V PROJECT 1 Unit V Project Brian Jones Columbia Southern University
UNIT V PROJECT 2 Unit V Project – Email Classification System With the advent of the Internet and world wide web, personal and business communication became easier with the introduction of electronic mail or email. While email eliminates the old practices of typing up information and sending the hard copy via messenger or mail services, this does not necessarily mean that the new method is any safer. In fact, Brown (2018) likens email to a modern-day postcard that anyone can read should they choose. Brown goes on to state that email passes through many intermediaries and copies are stored on each server that the email passes through. Additionally, a copy of the email is also present on the computer of the sender and recipient. All of this means, simply, that just deleting an email from your desktop does not mean that it has been erased for good. A best practice for helping to safeguard email communications is to create a classification system that clearly labels the email. While no method is 100% foolproof, classifying email communication and implementing handling standards for the data will inevitably lessen the risk of the data finding its way into the wrong hands. By using these classes, labels, and standards, custodians of the data will know which controls to apply to the data. Also, users will know how to interact with the data appropriately (Santos, 2019). Classification System The private sector, unlike the federal government and national security sectors, has no mandated process for the classification of data. Therefore, each organization or business is free to develop their own classification system (Santos, 2019). Three classifications I would implement are as follows. Protected
UNIT V PROJECT 3 The protected classification would contain all documents that are bound by laws and regulations such as HIPAA or PCI DSS. This would include data including but not limited to; social security numbers, drivers license number, home address, and financial information. When creating an email that would fall into this classification, the word protected should proceed the subject of the email in all caps to alert anyone opening the email of its content (e.g. PROTECTED – Smith, J. invoice). There will also be an acceptable use policy (AUP) in place that will dictate who within the office can view, print, or save these types of emails. The handling standards of these emails will be decided upon by upper management and the security information officer (SIO). All employees and users will be informed of these standards and will be expected to follow them. The distribution of protected emails between employees using internal email should be avoided if possible. If a protected email must be sent to an external source, it will be encrypted, and no attachments will be allowed unless necessary. The footer of the email will include the wording “Content of this email is legally protected”. Confidential The confidential classification in this case will include emails that may typically broken into the two classifications of confidential and internal use. The data contained in these emails may include employee records, upcoming projects, research, and business strategies. Most typically found in the internal use class, but included in the confidential class here, are documents pertaining to internal policies and vendor lists. These two classifications are lumped together here because loss or corruption of the data contained in the email could result in losses ranging from moderate to severe. Labelling of these emails will follow the same format as those in the protected class (e.g. CONFIDENTIAL – Fall 2020 product release).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
UNIT V PROJECT 4 Handling of these emails will also follow a similar path as the protected emails. There will be controls in place as to which users will receive emails based upon content (truly confidential or internal use). Confidential emails should only be distributed to those individuals or departments that require them to perform functions of their jobs. Internal emails should be distributed to all authorized users. Internal distribution will be allowed with the scope of the AUP. Should a confidential email need to be sent to an external source, encryption will be required, and no attachments allowed. Public The final classification will be the public class. These emails will be almost exclusively sent to external users. These emails will include promotions, sales, and other announcements. The emails will be designed and approved by management and the marketing team before being distributed. Since the emails are being sent to those individuals who signed up for email marketing, attachments, such as coupons, graphics and text are all allowed. Encryption is highly recommended. Systems Used The simple act of sending an email may not be as simple as one may think. After the email is created, it goes from a workstation to outgoing email sever, to ISP servers, to incoming mail server, to the user’s computer. Additionally, copies of emails are usually kept as part of a back up policy. Processing and Storage After an email is created, it is processed by a protocol known as Simple Mail Transfer Protocol (SMTP). SMTP is the protocol used to send emails. Conversely, receiving emails uses
UNIT V PROJECT 5 one of two different protocols. Post Office Protocol (POP) and Internet Mail Access Protocol (IMAP) are the protocols used to receive emails. The difference between the two is how the email is handled at the server level. POP downloads the entire email to the user’s computer and then deletes it from the server (Ithin, 2016). IMAP, on the other hand, allows the entire email to remain on the server until it is deleted. The ownership of these servers is divided. The incoming and outgoing servers should be owned by the company itself. The intermediary severs are likely to owned by the internet service provider (ISP) that the company is contracted with to provide internet access. The company owned servers should be governed by a systems administrator or other member of the IT staff. These individuals should be highly familiar with the handling standards of emails according to company policy. As for the ISP, they have their own policies and procedures that will govern how to handle email. Therefore, giving the ISP a copy of the company’s policy on email handling will do no good. Transmitting The transmission of an email relies on an individual creating and sending the email and another individual receiving the email. At one end of the spectrum the owner of the information system would be the company. At the receiving end, the owner could be an individual, company or other entity. The individual within the company should be very familiar with the controls and policies regarding email and should label the email accordingly. The recipient of the email should be made aware of the labelling policy well in advance of receiving any emails. For instance, a vendor may receive an email labelled “Confidential – Fall 2020 products” and should know that the information is to be kept confidential and not shared or printed. Back ups
UNIT V PROJECT 6 Backing up email servers should align with the routine backup policy already in place within the company. The company should be the owner of the backup server or other media that the data is saved to. The system administrator or member of the IT staff will oversee the backing up of the data. These individuals should already be well versed in the policies and procedures surrounding the handling of the email. Options for Securing Data While it may be legal for ISPs to scan emails travelling through their servers for viruses, that may also extend to actually viewing the contents of the email. There are two options that could help to keep that data secure and confidential. First is the use of encryption. Encryption should be used as a best practice anyway, but by using a stronger encryption, the data would be harder to crack and view. Second is the use of a virtual private network (VPN). By using a VPN, the ISP will still be aware that your data is being transmitted, and they can still intercept it, but it will be unviewable (Tremblay, n.d.). References
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
UNIT V PROJECT 7 Brown, E. N. (2018). Personal Encryption 101. Reason, 50 (3), 18–21. Retrieved from http://eds.b.ebscohost.com.libraryresources.columbiasouthern.edu/eds/detail/detail? vid=0&sid=7332e433-fcfe-4ad2-9fee-3de3b3225385%40pdc-v- sessmgr05&bdata=JnNpdGU9ZWRzLWxpdmUmc2NvcGU9c2l0ZQ%3d %3d#AN=129687964&db=asn Ithin, J. (2016, August 22). Exactly how email works. Retrieved from https://www.interserver.net/tips/kb/exactly-emails-works-steps-explanation/ Santos, O. (2019). Developing cybersecurity programs and policies (3rd ed.). Upper Saddle River, NJ: Pearson Tremblay, T. (n.d.). Can I hide from my ISP by using a VPN? Retrieved from https://www.fastestvpnguide.com/will-a-vpn-protect-me-from-my-isp/

Related Documents

ITNW 2312 Lab 1.1.1 Licensing and File Management.docx (3).docx
ITSY 2343 Lab 4.1.1c Nested Virtualization.docx
ITNW 2312 Lab 6.1.5 Configure EBGP.docx
Lab 10.docx
CMSY - GUI Stage 1 Assignment.pdf
HIMA410 WK3 Discussion .rtf
Unit 7 powerpoint.pptx
unit 4 assignment.docx
Unit 5 powerpoint.pptx
unit 4 homework.docx
unit 7 homework.docx
unit 8 essay.docx