- Active Policy Management
Active policy management is business-oriented
enterprise softwarethat provides an approach for efficiently and effectively addressing the many risks inherent in electronic communication. With the exponential growth in the use of electronic communication, many businesses are exposed to significant risks every day. These risks range from non-compliance with various regulations, to the leakage of intellectual property, and to inappropriate or offensive employee behavior. Active Policy Management enables a business to accurately detect the violations, to take the appropriate action (even blocking the message from being sent), and to quickly find and review the violation in order to address the situation, preventing further damage.
There are many channels of electronic communication including
Web-based e-mail, instant messaging, messages sent from a Bloomberg terminal, mobile e-mail sent from a handheld device such as a BlackBerry, general use of a web browser, ftp, file copying (eg memory sticks) and many others.
Electronic communication policy
The key to effective detection of violations in electronic communication is policy. Policy for electronic communication defines who can send what to whom, and, if a violation is detected, what action to take. A policy is designed to address a specific issue or risk. Examples include:
* Certain reports cannot be sent externally without a proper disclaimer being present
* Certain employees cannot communicate about a business matter with other employees
* Documents intended for internal use only must not be sent to a recipient who is not a company employee
Policy can only be effective at identifying violations if it can understand the true intent of a message. Policies based only on a list of words or a
lexicongenerally cannot perform this task.
For any APM solution to be effective, it must have a proven technology to define and deploy accurate policy. And by “proven”, an interested party should inquire as to a particular solution’s successful installation at one or more customers.
APM has three primary application areas. Real-Time Prevention, Intelligent Review, and Smart Tagging.
Real-Time Prevention can detect violations in electronic communication before a message has been sent (and before it has been delivered to an intended recipient). By doing this, a violation is prevented from having occurred. And, in the case where archive software is used, a message that has not been sent will not be ingested by an archive or be retrievable at a later date.
Intelligent Review can detect violations in electronic communication after a message has been sent. Intelligent Review also creates extremely targeted queues of messages that have a high likelihood of having violated an important corporate or regulatory policy. A reviewer or supervisor can easily access these relevant messages in order to thoroughly audit them. An audit can include flagging, exporting, approving, rejecting, and escalating a message.
Smart Tagging analyzes messages and assigns them to one or more categories. This categorization can be used for selective message archiving, to retain messages based on their content, and to enhance message retrieval for investigative purposes.
Virtually all businesses use electronic communication and are exposed to the inherent risks therein. Certain businesses are exposed to more risks than others. Heavily regulated industries such as
financial serviceshave a very strong need for APM. Industries where companies have many of their intellectual propertyassets in digital form would benefit from protecting those assets with APM. Other industries that would benefit from using APM include those where companies are concerned with corporate behavior and governance and those that use archivesoftware to store messages for long periods of time, often for at least 3 years.
* [http://www.orchestria.com/ Intelligent Electronic Control]
* [http://www.nextlabs.com/ Information Risk Management]
* [http://www.compliancepipeline.com/ A source of articles for Compliance ]
* [http://www.itcinstitute.com/ Another source of articles for IT and Compliance]
Wikimedia Foundation. 2010.
Look at other dictionaries:
Active Directory — (AD) is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers. Active Directory serves as … Wikipedia
Management Development Institute — Motto Yogah Karmasu Kaushalam (Sanskrit) from the Gita 2:50 Motto in English Pefection in action is Yoga An act becomes perfect when you do it with all joy and without expecting anything in return … Wikipedia
Policy charging and rules function — Policy and Charging Rules Function (PCRF) is the node designated in real time to determine policy rules in a multimedia network. As a policy tool, the PCRF plays a central role in next generation networks. Unlike earlier policy engines that … Wikipedia
Management features new to Windows Vista — This article is part of a series on Windows Vista New features Overview Technical and core system Security and safety Networking technologies I/O technologies Management and administration Removed features … Wikipedia
Management of atrial fibrillation — The main goals in the management of atrial fibrillation (AF) are to prevent temporary circulatory instability and to prevent stroke. Control of heart rate and rhythm are principally used to achieve the former, while anticoagulation may be… … Wikipedia
Active Directory Service — Der Verzeichnisdienst von Microsoft Windows 2000/Windows Server 2003 heißt Active Directory (AD). Ab der aktuellen Version Windows Server 2008 wird die Kernkomponente als Active Directory Domain Services (ADDS) bezeichnet. Bei einem Verzeichnis… … Deutsch Wikipedia
Active Directory Service Interfaces — Der Verzeichnisdienst von Microsoft Windows 2000/Windows Server 2003 heißt Active Directory (AD). Ab der aktuellen Version Windows Server 2008 wird die Kernkomponente als Active Directory Domain Services (ADDS) bezeichnet. Bei einem Verzeichnis… … Deutsch Wikipedia
Active Directory — Windows Server Active Directory Entwickler Microsoft Betriebssystem Windows Active Directory, microsoft.com Active Directory (AD) heißt der Verzeichnisdienst von … Deutsch Wikipedia
Group Policy — Local Security Policy editor in Windows 7 Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy… … Wikipedia
Microsoft Management Console — A component of Microsoft Windows … Wikipedia