Final Exam / Answer No. 3

E-mail Security School Final Exam / Answer No. 3

3.) Encrypted mail can't be scanned by a compliance checker. How do you resolve this issue?

Compliance checking is a policy issue. It's a corporate policy to look into messages and try to see what is going on. If the message is encrypted, then clearly the compliance checker cannot look inside. Hence, this is a policy issue and not a technical issue. There are three scenarios: the policy states that such mail is out of compliance; the policy states that such mail is, by definition, within compliance; or, the policy says nothing about mail that cannot be checked.

If you are lucky enough to have a policy that matches the first or second case, then you simply do what the policy says and don't worry about it. If your policy doesn't mention what to do about mail that cannot be examined, then the appropriate answer is to bring this to the attention of the policy people and have them fix the policy. Solving this problem technically, without policy input, is asking for a slap on the wrist or worse.

<< Back to quiz

This was last published in April 2005

Dig Deeper on Email and Messaging Threats-Information Security Threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.