Michael Santarcangelo delivers Awareness that Works™
by Carl Anctil Background: A few months ago, Microsoft released (and silently installed through Windows Update) a .NET Framework Assistant add-on for the Firefox web browser. Microsoft installed this add-on to Firefox without warning the user that the add-on would be installed as part of the .NET Framework 3.5 Service Pack 1. Security professionals, bloggers, [...]
Welcome to the continuation of the Into the Breach: Protect Your Business by Managing People, Information and Risk audio series. (Click this link) to learn more about this how this book solves today’s challenges and pick up a complete copy. This series, underwritten by Configuresoft, now part of EMC, is the full and unabridged audio [...]
Podcast: Play in new window | Download (11.0MB)
One of the areas I have been interested in is how teams can effectively work in a virtual environment – and in a way that protects information. I like to work virtually, and it’s the only way I can effective support the growing team of professionals behind the security catalyst (we have nearly 10 people now). I was recently contacted by a group of grad students from Johns Hopkins studying virtual teams. They wanted to pick my brain on the topic of what kills virtual teams, talk a bit of security, and then buttered me up to ask if I would produce a podcast of their results by interviewing an expert.
Innovative business school curricula taught by expert faculty and prominent business leaders, based on the Hopkins model of combining theory and practice.The class:Building Teams and Developing TeamworkThis course is designed to teach students to benchmark the qualities, characteristics, and structures that lead to high performance teams. They examine the similarities and differences among interdisciplinary work teams, multidisciplinary work teams, cross-functional work teams, and virtual teams. Models of team development and organizational culture are applied to diagnosing, consulting, and facilitating team success.The project:Bring new knowledge to the field of work team behaviorA group of five Hopkins graduate students were charged with bringing new knowledge to the field of teaming. This group elected to research the world of virtual teaming and in doing so there is a great body of literature on what makes virtual teams successful, but little written about what causes them to fail or at least be sub-optimized. This brief, six question survey addresses potential problems related to virtual teaming and will be used in conjunction with data gather by conducting a series of structured interviews with subject matter experts to examine “virtual team killers.”
I’d more or less accepted that some used them, while others didn’t – but paid little mind to the question – do email disclaimers matter?During a breakfast a few weeks ago, a friend of mine shared a situation in which a business email sent to an individual was later posted to a website (by the recipient)…. With the help of Patrick Romero, this is what we found:Some Background on DisclaimersTurns out these disclaimers can be used for a whole list of things – from breach of confidentiality to transmission of viruses to employer’s liability…. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.With the prevalence of e-mail communication, statements like these have become more and more ubiquitous among private and public companies – the majority are automatically generated whenever a user sends out any information regardless of the content of the message…. However, ECPA defines “intercept” as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.”… Can encryption provide privacy and confidentiality email?I have spent a lot of time reminding people recently that “solutions follow requirements” – and I’m always hesitant to recommend a solution without understanding the requirements. However, if you are concerned about the privacy and confidentiality of your email communications, you probably need to investigate the use of encryption.I have always enjoyed learning about and teaching encryption – and while it can be a double-edged sword, it offers the safest means of ensuring privacy of email communications…. In a properly constructed and managed solution, only the designated recipient has the ability to decrypt and verify the message – ensuring the confidentiality of the transmission (this is an overly simplified explanation – if you’re thinking about using email encryption, give me a call and we can talk about specific details).Encryption solutions are available for commercial and personal use…. Think before you press send.One of the best methods for protecting information (note: information protection doesn’t always mean encryption) is to establish and effectively communicate expectations for proper use of email (if you need some help learning how to communicate policies more effectively – pick up the phone and call, it’s what we do).Every organization should put in place a company policy with regards to sending confidential information through e-mail…. In the end, some do, some don’t and you get to choseCurrently, there is little case law or statutory interpretation that discusses the legal rights of senders vis-à-vis e-mail disclaimers.
Engage with Michael