In this chapter, we outlined some security policy elements that related to e-mail and Exchange that should be included in your overall security policy manual. The creation of such policies forms the foundation for creating electronic policies that, in turn, inform our security technology decisions and purchases. In reality, a great security implementation starts with information security policies that are comprehensive in nature and that specify acceptable and unacceptable behavior in a number of areas, including messaging.
In Chapter 24 and Chapter 25, we outline how to implement specific security technologies, including firewall planning, certificates, encryption of e-mail, and using digital signatures.