a simple mans RISK VIEW

In the run up to the 2016 General Election, one of the most popular topics is email / CyberSecurity.  Taking away the individual positions of the candidates, what we are learning is how NOT to perform good security.  Meaning that, the effect of a "disclosed" email in this construct is BAD for a politician.  Too many folks keep saying "private communications".  Things done in computer systems should never be viewed as Private.

However......most folks are overlooking a primary activity here.... Classification of your systems for your risk.

One of the Primary baseline functions associated with Good CyberSecurity, is understanding the risks associated with your Asset.  In this context the asset is EMAIL SYSTEM

Systems should be classified as to their importance in your operations.  If email and the content of the email are critical to your operations ... you should know that, and thus protect them that way.  Its not too different than how you treat your place of residence.

you do not lock the door to your apartment necessarily to keep the people in ... but to keep people out.  But the lock is there to protect something... Papers, Money , electronics, etc.  The lock you buy should be deployed relative to the VALUE of the thing your protecting.  

Conversely, you may have other functions that secondarily protect those assets, such as... an alarm system, renters insurance, etc.  These are countermeasures that can be affected by things like Cost, Complexity, and the true VALUE of your asset.

This paradigm is no different in the Business world.  You identify whats important, you assign it a value , you understand your threats, design your countermeasures, understanding that the countermeasures have a cost, and you accept any remaining risk.

Doing the math on an activity like this is of PRIMARY IMPORTANCE to Good Security as it lays out your risk appetite.  Try this one yourselves folks.  you will be amazed with the results.