
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Defenses
|
19
(against poor ABC Corp.’s besieged email system) would be made largely irrelevant
by proper use of email encryption software.
If stolen email is effectively encrypted (i.e., using well-implemented cryptographic
software and strong keys and pass phrases), it can’t be read by thieves. If it’s digi-
tally signed (also a function of email encryption software), it can’t be tampered with
either, regardless of whether it’s encrypted. (More precisely, it can’t be tampered
with without the recipient’s knowledge.)
A “physical world” example of asset devaluation is a dye bomb: a bank robber who
opens a bag of money only to see himself and his loot sprayed with permanent dye
will have some difficulty spending that money.
Vulnerability Mitigation
Another strategy to defend information assets is to eliminate or mitigate vulnerabili-
ties. Software patches are a good example of this: every single sendmail bug over the
years has resulted in its developers distributing a patch that addresses that particular
bug.
An even better example of mitigating software vulnerabilities is “defensive coding”;
by running your source code through filters that parse, for example, for improper
bounds checking, you can help insure that your software isn’t vulnerable to buffer-
overflow attacks. This is far more ...