What information will you send and receive across the email server?

This is going to sound like a fairly silly question, but when we stop to consider the context of information security as it relates to email security, it makes perfect sense. For example, we don't want to spend more money protecting something than that "something" is actually worth. Otherwise, we're just throwing our precious budget out the window. Understanding the value and sensitivity of the information on the mail server will help us decide how much we need to spend, which helps provide direction for our project.

About the author  Russ Rogers is an information security expert and author of Nessus Network Auditing, 2nd Edition. Russ is currently a penetration tester for the federal government. Listen to Russ's supplemental podcast on email security.

As an example, if we're going to provide a public, non-business-related service to visitors of our website, then we might not be as concerned about the protection of the information as we would if the email server was related directly to corporate research and development; where we create new products for market. Before you make any decisions about product selection, consider the potential value of the information on your new email system, and that will give you a rough idea of how much email security the resource will need.

Return to the email security FAQ guide and read the rest of Russ' expert responses.