This is going to sound like a fairly silly question, but when we stop to consider the context of information security as it relates to email security, it makes perfect sense. For example, we don't want to spend more money protecting something than that "something" is actually worth. Otherwise, we're just throwing our precious budget out the window. Understanding the value and sensitivity of the information on the mail server will help us decide how much we need to spend, which helps provide direction for our project.
As an example, if we're going to provide a public, non-business-related service to visitors of our website, then we might not be as concerned about the protection of the information as we would if the email server was related directly to corporate research and development; where we create new products for market. Before you make any decisions about product selection, consider the potential value of the information on your new email system, and that will give you a rough idea of how much email security the resource will need.
This was first published in April 2008