By Roger L. Mendell; Reviewed by Arian A. Barnie, CPP, CFE
Document security has evolved with technology, but the most critical element is still the human one.
***** Document Security: Protecting Physical and Electronic Content. By Ronald L. Mendell; published by Charles C. Thomas Publishers, Ltd., www.ccthomas.com (Web); 165 pages; $49.95.
Long gone are the days when document security meant locking the file cabinets and destroying typewriter ribbons. Technology’s amazing evolution requires that security keep pace. But the most critical element of document security is still the human one, specifically establishing and maintaining employee awareness of document security and privacy issues.
Author Ronald L. Mendell has written a highly interesting book about the many facets of contemporary document security, covering topics including password protection, Web-page analysis, and destruction of documents, whether physical or electronic.
Document Security offers critical, eye-opening information for the IT security neophyte. When a person receives a Microsoft Word file, for instance, they can view the document’s revisions, authors, and other information, called “metadata,” by simply calling up the file’s properties. That’s an obvious problem, especially if a file is sent to an outside party conducting negotiations with the sending company.
A lot of the information provided in the book is commonsensical, but much of it is both complex and critical to security managers, particularly if they are responsible for large-scale IT environments. The author explains these complexities in a clear and easy-to-understand style, providing helpful case examples.
For example, most readers know that simply deleting a document doesn’t make it go away unless further precautions are taken. Thus, Mendell explains the terms of document sanitization: disposal, clearing, purging, and destruction. Clearing data, for example, means removing data from a storage device such as a cell phone so that it is not recoverable on that device. Purging data means that it cannot be recovered in a laboratory.
Mendell also shares methods for analyzing Web sites to help determine their validity, referencing helpful online resources. He further provides a checklist for use in vetting Web sites before accessing or using them to make purchases.
Mendell’s most critical point is one that cannot be repeated enough to members of the security trade: “You have to be vigilant.” Document Security is well-written and topical. Security managers will find this book a valuable asset and reference. It is highly recommended.
Adrian A. Barnie, CPP, CFE (Certified Fraud Examiner), CAMS (Certified Anti-Money Laundering Specialist), is with the Anti-Money Laundering Unit of KeyBank’s Financial Intelligence Unit in Cleveland, Ohio. He is a member of ASIS International.