|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
dgonzalez
merituspayment.com
Date: Fri Apr 03 2009 - 21:53:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
For the obvious already stated below, there is no reason why an employee who is no longer employed by a company should be allowed to have their company email redirected to a personal one. There are legal reasons that I'm not fully knwoledged on also.
The only reason why would be if there was an extended consulting contract for the individual, but even so they would continue to use their company email.
Regards.
Sent on the Now Network™ from my Sprint® BlackBerry
-----Original Message-----
From: Joshua Gimer <jgimergmail.com>
Date: Fri, 3 Apr 2009 10:06:08
To: M.D.Mufambisi<mufambisigmail.com>
Cc: <pen-testsecurityfocus.com>
Subject: Re: Risk of Redirecting Email.
On Tue, Mar 31, 2009 at 9:54 AM, M.D.Mufambisi <mufambisigmail.com> wrote:
> Hi people.
>
> I have seen on some clients of mine, that when an employee leaves the
> organisation, they request IT to redirect their emails to a particular
> email address....personal.
> What are the risks of this? I can only think of company information
> being directed to this individual....which could be bad if he/she has
> gone to work for a competitor. What other risks or security issues
> could this give rise to?
>
> Thanks.
>
> Munyaradzi Dumisani Mufambisi
>
I think that you are on the right track. You run the risk of trade
secrets being leaked, insider information, PII, PHI, and so on. There
are also some regulatory standards that prevent messages containing
certain types of information from leaving the "trusted" network. In
addition to this some also require that this information be encrypted
in transit as well as at rest, which may be difficult to guarantee if
you do not run the mail servers in which the messages will rest.
--
Thx
Joshua Gimer
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT.
http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]