Archive for the ‘Classification’ Category

« Older Entries

Using Resource Properties and Classification in Windows 8 Dynamic Access Control

Monday, March 19th, 2012

Windows Server 8 introduces a new way to secure files, folders, and shared resources called Dynamic Access Control (DAC).  This new functionality helps protect sensitive data, and can ensure that those who are accessing the data and the systems they are using are trusted.  Unlike the way files and shares were protected in Windows 7 and previous Windows operating systems, DAC allow administrators to manage security policies for the whole enterprise.  These policies can be defined centrally and enforced on servers, shares and folders located throughout the organization.
(more…)

Tags: , , , ,
Posted in Classification, Dynamic Access Control (DAC) | No Comments »

Chaos and Data and Copters…oh my! Time for RSA 2012!!

Friday, February 10th, 2012

One VERY SHORT year ago, TITUS made our debut – a coming out party of sorts – at RSA. And what a debut it was! We had excitement, we had NASCAR racing, we gave away PS3s, and we had HUGE crowds of people at our booth wanting to learn more about how to involve their end users in securing sensitive information… what a week!

So, what’s the first thought that went through our collective minds when planning this year’s event… “How the heck are we going to top that excitement this year!?” But, we put those collective minds to work, and, well, I think we’ve found a way!

(more…)

Posted in Classification, Cloud Data Security | No Comments »

Why Isn’t My DLP Investment Paying Off?

Wednesday, January 4th, 2012

It’s a common scenario: a large organization invests millions of dollars in a DLP solution, only to leave it in “watch mode” because the rate of false positives is too high to enable full blocking. The result is a DLP investment that becomes a white elephant: a promising technology that does not pay off in actually preventing data loss.

The problem often begins with an over-reliance on automated scanning to prevent data loss. The DLP system is expected to automatically identify all sensitive content, which requires IT administrators to translate business processes and policies into automated rules for every data loss scenario. This is an impossible task, which usually results in overly restrictive rules that block non-sensitive data (false positives) or overly permissive rules that mistakenly release sensitive data (false negatives).

The impact of false positives can be just as detrimental to the business as the data loss caused by false negatives. False positives disrupt business agility and productivity, and can impact collaboration, innovation, and business growth. As well, false positives can actually lead to increased data loss, with users looking for alternative, less secure methods to get around restrictions and carry out their business tasks.

The best way to address this problem is for organizations to identify their information appropriately. The sensitivity of each piece of information must be identified, or ‘classified’. Information classification is crucial for proper handling, and for the ultimate security of an enterprise’s information. Classification provides context to unstructured data such as email and business documents, making it possible for DLP solutions to know how to protect your organization’s sensitive information. (more…)

Posted in Classification, DLP, Email Security, Protective Marking | No Comments »

Top Data Security Blog Posts for 2011: Data Classification, Mobile Security, Data Security and Compliance, Data Loss Prevention, and Cloud Data Security

Wednesday, December 28th, 2011

As 2011 draws to a close, I thought it would be interesting to provide a list of the most popular data security articles on this blog. Here are the topics and articles that were most popular with our readers:

1) Data Classification

More and more commercial organizations have started to see data classification as the foundation of their information protection strategy. We wrote several articles about this trend, including an article that described how to implement a data classification policy in 5 simple steps, and an article that recommended best practices for defining a data classification scheme. Readers were also interested in how to use classification software to bulk classify, mark, and label large numbers of files.

2) Mobile Security

Mobile security has become a hot topic, especially with the trend toward consumerization of mobile devices. (more…)

Posted in Classification, Cloud Data Security, Compliance, Controlled Unclassified Information (CUI), DLP, Email Security, ITAR / Export Control, Military Classification, Outlook Web Access Security, Prevent Wikileaks, Web Mail | No Comments »

New White Paper: 5 Easy Steps for Implementing a Classification Policy

Monday, December 5th, 2011

Most organizations have an established corporate information handling policy to protect sensitive and confidential information. This policy is typically expressed with a classification scheme that describes the handling procedure based on the sensitivity of the material in question. The challenge, however, has been implementing and enforcing this policy; in other words, ensuring that sensitive information is adequately protected on a consistent basis.

To address this challenge, organizations often make large investments in technologies such as data loss prevention (DLP) and information rights management (IRM) solutions. Unfortunately, these technologies are often implemented without classification as a first step, and therefore lack context about the information they are protecting. This results in inconsistent and inaccurate data protection, which increases the organization’s risk exposure, may reduce business velocity, and can make a large infrastructure investment a white elephant.

The solution to this challenge is to make classification the foundation of your information protection policy. Fortunately, implementing a classification policy is actually quite simple. In our new white paper entitled “5 Easy Steps for Implementing a Classification Policy”, we discuss how you can implement – and enforce – a classification policy that will increase user security awareness, enhance DLP and IRM solutions, and protect your organization against data loss. (more…)

Posted in Classification, Compliance, Email Security, ITAR / Export Control, Military Classification, Protective Marking | No Comments »

Best Practices for Defining a Classification Scheme

Wednesday, November 2nd, 2011

In my previous blog post, 5 Easy Steps for Implementing a Classification Policy, I discussed the importance of starting with a simple set of classification labels. In this post, I will expand on the topic of classification schemes, especially as they apply to commercial organizations.

At TITUS, we recommend that organizations try to keep the number of classification options down to four or fewer. We find that the simpler your classification scheme, the easier it will be for users to decide which category to use. Later, as your users become used to classifying content, you can add additional categories.

Many organizations use three categories:

1) A category such as “Public” to indicate non-sensitive information
2) An “Internal” category for information that should stay within the organization
3) A category such as “Confidential” or “Restricted” for information that is particularly sensitive

Surprisingly, the “Public” category is often what causes the most debate in commercial organizations. (more…)

Posted in Classification, Compliance, Controlled Unclassified Information (CUI), ITAR / Export Control, Secure Email Gateway | No Comments »

Complying with Obama’s Executive Order to Improve Security of Classified Networks

Thursday, October 13th, 2011

On October 7, 2011 President Obama issued an Executive Order (Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information) “in order to ensure the responsible sharing and safeguarding of classified national security information (classified information) on computer networks”. This is as a result of the Wikileaks incident of last year.  One of the major focus areas of the Executive order is to reduce the possible threat of insiders leaking classified information out of the government.
(more…)

Posted in Classification, Information Spillage, Prevent Wikileaks | No Comments »

Is Your Agency Ready for CUI Compliance? Meet Your December 6th Deadline

Thursday, October 13th, 2011

On November 4, 2010, U.S. President Barack Obama signed a new Executive Order to establish a uniform policy for the government treatment of “Controlled Unclassified Information” (CUI).  This framework standardizes practices around the sharing of Controlled Unclassified Information, with the goal of improving the sharing of information within the executive departments of the U.S. Federal Government.

Government agencies must complete a number of deliverables as part of the CUI implementation plan. In May 2011, agencies were required to submit a catalogue of proposed Controlled Unclassified Information categories to the National Archives and Records Administration (NARA). The next step is for agencies to develop a CUI compliance plan, which is due by December 6, 2011.

TITUS has partnered with PKH Enterprises to help agencies develop their CUI compliance plan. In a joint white paper with Patricia Hammar, executive secretary of the CUI Presidential Task Force, we provide expert advice, templates, and best practices from governments that have implemented similar initiatives. The white paper, called “Protect Your CUI Data: 5 Steps to Implementing Your Controlled Unclassified Information Plan”, includes the following content: (more…)

Posted in Classification, Compliance, Controlled Unclassified Information (CUI), Email Security | No Comments »

Leveraging Classification Metadata Across the Enterprise Increases Security and Efficiency

Friday, October 7th, 2011

When documents are created, edited and used within an enterprise the structure and organization of information within them can significantly affect the security, as well as the efficiency, of daily operations.

Employees are constantly searching for information, viewing and editing documents. Without enforcement of metadata structures for security and for workflows, employees may spend a great deal of time manipulating documents to complete their specific jobs.

The key to streamlining operations and increasing the security of document processing is to have an intelligent metadata convention across the enterprise that can be leveraged when needed within employee workflows. This article discusses the impacts of metadata availability across the enterprise on security and efficiency of  daily operations.

(more…)

Posted in Classification, Metadata, Microsoft Office Security | No Comments »

5 Easy Steps for Implementing a Classification Policy

Tuesday, September 27th, 2011

“We’ve had a classification policy for 30 years, but we’ve never been able to enforce it.”

Does this quote sound familiar to you? It’s very common for organizations, especially in the commercial space, to have a classification policy but no way to implement it. Instead, organizations often move directly to the data protection stage, investing in large infrastructure projects such as DLP and IRM. But without classification as the foundation of their information protection strategy, it’s impossible for organizations to know what to protect.

Fortunately, implementing a classification policy is actually quite simple. Based on our experience in helping hundreds of organizations, here are our five recommended steps for implementing a classification policy:

(more…)

Posted in Classification, Compliance, DLP, Email Security, Information Spillage, Metadata, Microsoft Office Security, Protective Marking | No Comments »

« Older Entries