Re: How can you trust a company you don't know?

From: Steve (securityfocus_at_delahunty.com)
Date: 10/23/03

  • Next message: Byron Sonne: "Re: When does a scan attempt become a focused attack?"
    To: "Rob McComber" <rob@digitalgenesis.ca>, "Nicholas Diotte" <xphox@xphox.net>, <security-basics@securityfocus.com>
    Date: Wed, 22 Oct 2003 20:07:32 -0400
    
    

    I think that we might be a bit off topic, Nicholas' original request was
    about looking into an email list/newsletter management firm, not totally
    outsourcing their corporate email. I believe that Nicholas' firm would
    still control the content and their marketing department would have direct
    say over that.

    STEVE

    ----- Original Message -----
    From: "Rob McComber" <rob@digitalgenesis.ca>
    To: "Nicholas Diotte" <xphox@xphox.net>; <security-basics@securityfocus.com>
    Sent: Tuesday, October 21, 2003 8:20 PM
    Subject: RE: How can you trust a company you don't know?

    In support of Dave Hartnell, I'd also like to add that when you allow a
    third-party to provide a service like emailing, you lose control of what is
    fast becoming a critical element of your company's archives. With email
    records being used in court with increasing frequency, maintaining the
    integrity of your own records is paramount.

    Even if your internal mail remains your own, your ability to control email
    that is sent as a legal representation of your company is compromised.

    Going back to C-I-A,
    Confidentiality - with a third-party, you just don't have it. Even if the
    email is intended for the public, you lose certain controls.

    Integrity - if they're a good company, this may be maintained. It may not be
    as well. If they send something out in error, it's very difficult to place
    responsibility, and even if you can, your company will be responsible to
    your customers.

    Availability - this is particularly dangerous. Can you be sure that access
    to your email will be available only to your authorized representatives?
    Will it always be available? If a court demands records, can you trust that
    another company will have maintained them? And even more disturbing, can you
    trust that your third-party provider won't make records of your email
    traffic available to someone else? This may not be maliscious...if they're
    told by the courts to submit your records, they may buckle far sooner than
    your own legal section.

    In the end, no matter how well you know the company, Dave is right. Your
    corporate image is carried to your customers through marketing emails. You
    can't trust someone else with something that valuable.

    Rob McComber
    Technical Trainer

    rob_@_digitalgenesis.ca

    ---------------------------------------------------------------------------
    Visual & Easy-to-use are not words that you think of when talking about
    network analyzers. Are you sick of the three window text decodes? Download
    ClearSight Network's Analyzer and see a new network analysis tool that
    makes the complex - easy
    http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Visual & Easy-to-use are not words that you think of when talking about
    network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that
    makes the complex - easy
    http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021
    ----------------------------------------------------------------------------


  • Next message: Byron Sonne: "Re: When does a scan attempt become a focused attack?"

    Relevant Pages

    • Re: How can you trust a company you dont know?
      ... submitted and they have to reply to that, like how the Security Focus lists ... This reporting approach is not uncommon for email newsletters and it works ... network analyzers. ... Download ClearSight Network's Analyzer and see a new network analysis tool that ...
      (Security-Basics)
    • Re: masking or hiding am ip address from a web browser
      ... no matter what you do in your ... > network analyzers. ... PGP / XML GATEWAY APPLIANCE ...
      (Security-Basics)
    • Re: security/strong name/zones clarification needed
      ... Try to add your site to trust sites zone and set permission there to full ... If I house it in a WinForm app and ... if I house the managed control in an HTML page ...
      (microsoft.public.dotnet.security)
    • Re: Web Application and Windows Application working together
      ... for the browser to write to isolated storage it would have host an active/x or .net control with proper trust set. ... I would have to set up a trust zone that allowed code from my scanning page to access hardware on the local pc. ... a file containing Customer data would be saved to client PC ... It also makes sense for the ASP application to save the CUSTOMER.xml into IsolatedStorage. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: New Patient - Head and Neck Cancer
      ... the treatment, nor is he paying for it. ... You can maintain control, but you can't control the oncologist. ... When you get on an aeroplane, you have to trust the pilot. ... just met, diagnoses cancer. ...
      (sci.med.diseases.cancer)