Active policy management is business-oriented enterprise software that provides an approach for efficiently and effectively addressing the many risks inherent in electronic communication. With the exponential growth in the use of electronic communication, many businesses are exposed to significant risks every day. These risks range from non-compliance with various regulations, to the leakage of intellectual property, and to inappropriate or offensive employee behavior. Active Policy Management enables a business to accurately detect the violations, to take the appropriate action (even blocking the message from being sent), and to quickly find and review the violation in order to address the situation, preventing further damage.
There are many channels of electronic communication including e-mail, Web-based e-mail, instant messaging, messages sent from a Bloomberg terminal, mobile e-mail sent from a handheld device such as a BlackBerry, general use of a web browser, ftp, file copying (e.g. memory sticks) and many others.
The key to effective detection of violations in electronic communication is policy. Policy for electronic communication defines who can send what to whom, and, if a violation is detected, what action to take. A policy is designed to address a specific issue or risk. Examples include:
Policy can only be effective at identifying violations if it can understand the true intent of a message. Policies based only on a list of words or a lexicon generally cannot perform this task.
For any APM solution to be effective, it must have a proven technology to define and deploy accurate policy. And by “proven”, an interested party should inquire as to a particular solution’s successful installation at one or more customers.
APM has three primary application areas. Real-Time Prevention, Intelligent Review, and Smart Tagging.
Real-Time Prevention can detect violations in electronic communication before a message has been sent (and before it has been delivered to an intended recipient). By doing this, a violation is prevented from having occurred. And, in the case where archive software is used, a message that has not been sent will not be ingested by an archive or be retrievable at a later date.
Intelligent Review can detect violations in electronic communication after a message has been sent. Intelligent Review also creates extremely targeted queues of messages that have a high likelihood of having violated an important corporate or regulatory policy. A reviewer or supervisor can easily access these relevant messages in order to thoroughly audit them. An audit can include flagging, exporting, approving, rejecting, and escalating a message.
Smart Tagging analyzes messages and assigns them to one or more categories. This categorization can be used for selective message archiving, to retain messages based on their content, and to enhance message retrieval for investigative purposes.
Virtually all businesses use electronic communication and are exposed to the inherent risks therein. Certain businesses are exposed to more risks than others. Heavily regulated industries such as financial services have a very strong need for APM. Industries where companies have many of their intellectual property assets in digital form would benefit from protecting those assets with APM. Other industries that would benefit from using APM include those where companies are concerned with corporate behavior and governance and those that use archive software to store messages for long periods of time, often for at least 3 years.
Electronic mail is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.
Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g., electronic or physical, tangible, or intangible. Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves:
Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, non-commercial proselytizing, or any prohibited purpose, or simply repeatedly sending the same message to the same user. While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam. It is named after Spam, a luncheon meat, by way of a Monty Python sketch about a restaurant that has Spam in almost every dish in which Vikings annoyingly sing "Spam" repeatedly.
A message is a discrete unit of communication intended by the source for consumption by some recipient or group of recipients. A message may be delivered by various means, including courier, telegraphy, or an electronic bus. A message can be the content of a broadcast. An interactive exchange of messages forms a conversation. The consumption of the message relies on how the recipient interprets the message, there are times where the recipient contradicts the intention of the message which results in a boomerang effect. Message fatigue is another outcome recipients can obtain if a message is conveyed too much by the source.
Instant messaging (IM) technology is a type of online chat allowing immediate transmission of messages over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and triggers a transmission to the recipient(s), who are all connected on a common network. It differs from email in that conversations over instant messaging happen in real-time. Most modern IM applications use push technology and also add other features such as emojis, file transfer, chatbots, voice over IP, or video chat capabilities.
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature on a message gives a recipient confidence that the message came from a sender known to the recipient.
Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be completed by governments, corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent government agencies. Computer and network surveillance programs are widespread today and almost all Internet traffic can be monitored.
Electronic business is any kind of business or commercial transaction that includes sharing information across the internet. Commerce constitutes the exchange of products and services between businesses, groups, and individuals and can be seen as one of the essential activities of any business.
Various anti-spam techniques are used to prevent email spam.
In computer science, a software agent is a computer program that acts for a user or another program in a relationship of agency.
Email marketing is the act of sending a commercial message, typically to a group of people, using email. In its broadest sense, every email sent to a potential or current customer could be considered email marketing. It involves using email to send advertisements, request business, or solicit sales or donations. Email marketing strategies commonly seek to achieve one or more of three primary objectives: build loyalty, trust, or brand awareness. The term usually refers to sending email messages with the purpose of enhancing a merchant's relationship with current or previous customers, encouraging customer loyalty and repeat business, acquiring new customers or convincing current customers to purchase something immediately, and sharing third-party ads.
Email harvesting or scraping is the process of obtaining lists of email addresses using various methods. Typically these are then used for bulk email or spam.
Email privacy is a broad topic dealing with issues of unauthorized access to, and inspection of, electronic mail, or unauthorized tracking when a user reads an email. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user's computer, or when the user reads the message. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters—therefore having legal protection from all forms of eavesdropping—is disputed because of the very nature of email.
Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.
Email archiving is the act of preserving and making searchable all email to/from an individual. Email archiving solutions capture email content either directly from the email application itself or during transport. The messages are typically then stored on magnetic disk storage and indexed to simplify future searches. In addition to simply accumulating email messages, these applications index and provide quick, searchable access to archived messages independent of the users of the system using a couple of different technical methods of implementation. The reasons a company may opt to implement an email archiving solution include protection of mission critical data, to meet retention and supervision requirements of applicable regulations, and for e-discovery purposes. It is predicted that the email archiving market will grow from nearly $2.1 billion in 2009 to over $5.1 billion in 2013.
Backscatter is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.
Employee monitoring is the surveillance of workers' activity. Organizations engage in employee monitoring for different reasons such as to track performance, to avoid legal liability, to protect trade secrets, and to address other security concerns. This practice may impact employee satisfaction due to its impact on the employee's privacy. Among organizations, the extent and methods of employee monitoring differ.
Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.
An emergency communication system (ECS) is any system that is organized for the primary purpose of supporting one-way and two-way communication of emergency information between both individuals and groups of individuals. These systems are commonly designed to convey information over multiple types of devices, from signal lights to text messaging to live, streaming video, forming a unified communication system intended to optimize communications during emergencies. Contrary to emergency notification systems, which generally deliver emergency information in one direction, emergency communication systems are typically capable of both initiating and receiving information between multiple parties. These systems are often made up of both input devices, sensors, and output/communication devices. Therefore, the origination of information can occur from a variety of sources and locations, from which the system will disseminate that information to one or more target audiences.
Corporate surveillance describes the practice of businesses monitoring and extracting information from their users, clients, or staff. This information may consist of online browsing history, email correspondence, phone calls, location data, and other private details. Acts of corporate surveillance frequently look to boost results, detect potential security problems, or adjust advertising strategies. These practices have been criticized for violating ethical standards and invading personal privacy. Critics and privacy activists have called for businesses to incorporate rules and transparency surrounding their monitoring methods to ensure they are not misusing their position of authority or breaching regulatory standards.