Abstract | Corporations are facing increasing demands to monitor their compliance with policies and regulations. This research demonstrated one type of analysis tool for monitoring corporate security and privacy practices. Using the Enron email corpus as an example of corporate communications, the research explored methods to identify instances of password sharing, a practice that should be a security concern to any organization. Social network analysis was able to identify key creators and sharers of passwords, and an analysis of the passwords themselves showed that quality was clearly a problem. The network analysis was also able to reveal interesting communication patterns, such as sharing passwords with external accounts owned by the same person, which might have been used as indicators of a problem in corporate systems or practices. The research also uncovered cases of possible policy violations, such as the sharing of internal and external accounts. |
---|