电子邮件安全指导

讲述了邮件客户端和邮件服务器的一些安全性问题

Guidelines on Electronic Mail
Security

  Configuration/Change Control and Management—The process of controlling modification to a
system’s design, hardware, firmware, and software provides sufficient assurance that the system is
protected against the introduction of an improper modification before, during, and after system
implementation.  Configuration control leads to consistency with the organization’s information
system security policy.  Configuration control is traditionally overseen by a configuration control
board that is the final authority on all proposed changes to an information system.
  Risk Assessment and Management—Risk assessment is the process of analyzing and interpreting
risk.  It involves determining an assessment’s scope and methodology, collecting and analyzing risk-
related data, and interpreting the risk analysis results.  Collecting and analyzing risk data requires
identifying assets, threats, vulnerabilities, safeguards, consequences, and the probability of a
successful attack.  Risk management is the process of selecting and implementing controls to reduce
risk to a level acceptable to the organization.
  Standardized Configurations—Organizations should develop standardized secure configurations
for widely used operating systems and applications.  This will provide guidance to mail server and
network administrators on how to configure their systems securely and ensure consistency and
compliance with the organizational security policy.  Because it only takes one insecurely configured
host to compromise a network, organizations with a significant number of hosts are especially
encouraged to apply this recommendation.  Section 5 contains additional information on standard
configurations.  
  Security Awareness and Training—A security training program is critical to the overall security
posture of an organization.  Making users and administrators aware of their security responsibilities
and teaching the correct practices helps them change their behavior to conform to security best

就是是英语的，大家能看懂吗？