PRINCE2 Practitioners on Web Content Filtering

“Ignorance is bliss, and most people accept this false sense of security.”

The management of any enterprise must ensure optimal performance & optimal ROI for proper operations. Such an enterprise needs to seize the opportunity presented by broadband to become even more successful, financially & operationally.

However, ongoing research has shown that enterprises are unable to take advantage of broadband savings due to assorted challenges — even though they know it. These challenges include; latency & speed, availability, & encryption. These challenges are not within the realm of usual threats to business, so getting rid of them is not as simple as getting a grant and buying a dumb network scanner. This isn’t something covered on a PRINCE2 Practitioner course, but nevertheless many are run as such projects.

Rather, the enterprise must look within itself and re-examine its relationship with the Internet, and specifically with broadband. Before jumping into any technology, the first thing to consider is that whether the enterprise needs complete control of its data or not. Because of various compliance regulations, yearly changes to data retention practices must be considered & documented.

Documented or unenforceable, any practices that compromise the privacy or confidentiality of an employee or client must be ceased immediately.

Any practice that uses personal data to solicit or harvest, either by intentionally or unintentionally leaking out data or by asking for data from the user or user’s machine must cease.

Any practice that tries to use a cookie, or other small file, on the Enterprise servers or client machines must be documented & ceased.

Although the use of encryption will help, for encryption to occur it needs to be decrypted by either the user or the machine it is running on. Both of these scenarios can compromise the privacy of the user or machine.

So for any practice which uses data or has data flowing through their network, they need to have both quantity & quality of data to be protected. Both goals are challenging the integrity of the data.

Organizations are not started off with a unlimited budget & no challenge from competitors, they get caught up in the “waste” & “rip off” syndrome.

They offer something “new” & something for which there is a demand that has not been previously existed. i.e. lotteries, lotteries, lotteries…

The Customer is the Ultimate judge of the value of any offer.

What the Customer Requests…

The Customer requests a sample of an offer, possibly including the return of an old purchase if the sample is deemed to be unsatisfactory.

The Nessus report says that as much as Scotland trusts the establishment to act with integrity, there is a general sense that institutions are not held to rigorous enough standards when it comes to protecting their customers interests.

A recent survey in America stated that one in every hundred emails that are received are phishing emails. These emails will typically take the form of an official document from a bank, a company investing in offshore, or from a utility company. It will typically be addressed to you, the Customer submitting the offer…

If you had intercepted the email without opening it, what would have been the consequences of your action?

In simple terms, you would be telling the person on the other end of the email that you had no interest in accepting this offer, that you had no intention of investing your money into this scheme, and that you had no plan to do so.

Just to state a simple fact, if you did not click the link out of ignorance, then you had some involvement in the scam.

How to identify these emails?

If you receive an email from your bank, go directly to the company’s website and look for any information you may have missed in the spam email.

Will the bank require you to make a number of payments before you get your money back?

What’s in the email that caused you to click?

Look at the url in the email. Did you actually read the small print? Some of it may be in HTML, but because the encoding software generally doesn’t bother to decode it, you will need to take a look at the actual text of the web page to see if it says something about the bank (indicated by the URL).

Did you actually download anything?

Did you actually sign up to an online bank account, or were you using someone else’s that you had heard about?

With your bank, did they use either your name or your account number?

Did your bank actually send you an email?

Telephone, or snail mail?

Did you respond to an email by giving your name, account number, or other personal information?

Did you actually access your online account, and if so, verify that someone else didn’t use the information?

Did you actually see any sort of confirmation number, or letter?

Did you actually read the message pass-bill or any disclaimer information?