This document discusses the risks associated with email, instant messaging, internet usage, and software use in a business environment. It covers developing policies around appropriate usage, assessing risks, educating end users, and addressing auditor concerns. The role of the system administrator is also discussed in mitigating risks through monitoring usage and enforcing policies.

2. Why is E-Mail such a touchy topic for people
Introduction to the business risks of e-mail, IM, internet,
and software use
Risk Assessments
Policy development, implementation and management
Customer Service/Business Process Issues
Role of the System Administrator
mportance of end user education and awareness
What Auditors Want
On-Line and other resources

5. Why is E-Mail a touchy topic for people?
Slide information courtesy of Stephen H Wissel, TAO Consulting

7. Elements of Risk

8. E-Mail Risks and Vulnerabilities

9. E-Mail Risks and Vulnerabilities

10. IM Risks and Vulnerabilities

11. IM Risks and Vulnerabilities

12. Internet Risks and Vulnerabilities

13. Internet Risks and Vulnerabilities

14. Software Risks and Vulnerabilities

15. Software Risks and Vulnerabilities

16. Are These Really Distinct?

17. Risk
Assessments

19. Source: The ePolicy Handbook by Nancy Flynn

21. Risk Assessment
Process Documents

24. Policy Issues To Be Addressed

25. Internal Risk Management Policies

26. Internal Risk Management Policies

27. External Risk Management Policies

28. External Risk Management Policies

29. Internal Risk Management Policies

30. Mitigating Risk Through Insurance

31. Policy
Documents

33. Ccustomer Service/Business Process
Issues

35. The Role of The System Admin

36. The Role of The System Admin

37. Personal Risks/Liabilities For You

38. Personal Risks/Liabilities For You

40. End User Education and Awareness
“If you build it they will come”
Users want their employers to be successful and
survive.
Enablement is the key to success.
Why you need to mandate they sign acceptable use
policies.
Needs to be major emphasis on “Social Engineering”
education and awareness.
Employees need to understand that if they violate the
policies, they may be waiting at home for some to pack
up their personal belongings.

41. What Auditors
Want

43. Audit
Plan

46. Reviews and links available at
http://www.controlscaddy.com/A55A69/bccaddyblog.nsf/BlogByCategory?OpenView&RestrictToCategory=BookReviews

51. Questions, Comments,
and Discussion
How to Contact Me:
Christopher Byrne
Iscontrolscaddy@gmail.com
Techies Cartoon Copyright 2000 Jeff Larson, All Rights Reserved, Permission Pending