“Keep This Between Us” and Other Classifications

October 12th, 2017

The recent data breach at Equifax was apparently the result of a failure to apply a software patch that was made available several months ago. I’m not writing this blog to continue piling on the situation and bash the information security team while they’re down. What I do want to focus on is the need for immediate action. In the world of data security, five months is an eternity.

What we believe here at TITUS (along with many others in the industry) is that most breaches can be avoided if we change how users – you, me, and all our colleagues – think about data. We need to adjust the user’s mindset and bring the thought of security into the daily routine.


Read the rest of this entry »

 

CUI Compliance – What You Need To Know (Part 2)

October 6th, 2017

Established by Executive Order 13556, the Controlled Unclassified Information (CUI) program defines a uniform policy for the treatment of unclassified information that requires safeguarding or dissemination controls. As of December 31, 2017, all federal contracts will require contractors to comply with the Federal CUI Rule (32 CFR Part 2002) that governs the treatment of CUI.

In the second installment of this two-part blog series, Patricia Hammar, founder of PKH Enterprises and a recognized expert in the areas of government policy and privacy, answers some additional questions on Controlled Unclassified Information (CUI) compliance.

Read the rest of this entry »

 

CUI Compliance – What You Need To Know

October 2nd, 2017

Established by Executive Order 13556, the Controlled Unclassified Information (CUI) program defines a uniform policy for the treatment of unclassified information that requires safeguarding or dissemination controls. This framework standardizes practices around the sharing of controlled unclassified information, with the goal of improving the sharing of information across Federal executive branch agencies.

In this two-part blog series, Patricia Hammar, founder of PKH Enterprises and a recognized expert in the areas of government policy and privacy, answers some key questions on CUI compliance.

  Read the rest of this entry »

 

TITUS Brings Message of Importance of a Strong Information Security Culture to Key International Events this Fall

September 11th, 2017

Summer is not over…summer is not over… Ugh, fine – summer is over… And without missing a beat, the TITUS team is out on the road for what is going to be an incredibly busy fall – jam packed with events, roadshows and speaking engagements.  We will be attending and speaking at a number of key security events worldwide in the coming months – highlighting the importance of creating and maintaining a culture of security for effective information protection.


Read the rest of this entry »

 

TITUS and Palo Alto Networks

June 20th, 2017

We at TITUS are excited about our new partnership with Palo Alto Networks and the value we will bring to organizations together.  Recognized as a leader in the Next-Generation Firewall market, Palo Alto Networks and TITUS integrate to enable secure sharing of sensitive information throughout the enterprise. Once a document has been classified by TITUS, Palo Alto Networks firewall can leverage our classification metadata to prevent data loss across email, the data center, and on insecure systems/managed devices.

For more information about the integration, visit the integration page on our website, and read our joint solution brief that further describes the integration value.

 

 

The First Step Toward GDPR Compliance

May 11th, 2017

Last week my colleague Mark Cassetta described how data categorization could be used as a means to simplify information classification and protection. This week I would like to expand on this concept to show how categorization can be put into practice. The European General Data Protection Regulation (GDPR) only 12 months away. Yet, only 10 percent of organizations impacted by the GDPR report that they are “completely ready” to comply with the regulation (Osterman Research), it seems like this would be a great example for highlighting the use of categorization.

The key goal of the GDPR is to ensure that any organization that controls or processes sensitive personal information about EU residents also properly protects the data. In fact, organizations must show that data protection is a fundamental design aspect to their data workflow and processes.

So, where does an organization start?


Read the rest of this entry »

 

Data Categorization or Data Classification?

May 3rd, 2017

In the last few years there has been a dramatic shift from data classification being “nice to have” to becoming a “need to have”. Behind this momentum, private companies and organizations are implementing data classification using “traditional” taxonomies and schemas that worked for governments and militaries, but don’t necessarily translate well into the workflow or culture of commercial enterprises.

When TITUS started over a decade ago, many of our first customers were large government and military organizations who were familiar with the concept of classification. We all  remember the “secret” and “top secret” rubber stamp with red ink used to classify paper documents and files before the dawn of digital productivity tools. As a result, when government and military customers began to deploy classification, their users were already well educated on the meanings and appropriate use of their classification taxonomies. As classification has moved into commercial enterprises, the template for classification has remained unchanged. As a result, many enterprises have struggled to find a way to align classification labels and policies to meet their own unique needs.


Read the rest of this entry »

 

Turn Your Users Around

March 29th, 2017

It’s been a long time coming, but the mandatory breach notification laws will be in force in Australia next February (Privacy Amendment (Notifiable Data Breaches) Act 2017). Having seen similar regulations in effect in North America, and with the knowledge that they’re also coming to Europe next year in the form of the EU GDPR, it is impossible for any business to ignore the issue of data security. Organizational change is necessary across the globe.

I was recently in Australia, and the new legislation was a very hot topic in meetings with both existing partners and new customers, bringing up a multitude of questions. From a general perspective, it’s fantastic that more and more organizations are wising up to security (and there are countless surveys to back this up), but from our experience, most seem to be struggling with the myriad of different ways to protect their data and the persistent threat of breaches.


Read the rest of this entry »

 

TITUS to Provide Solutions to NATO Agencies around the World

February 28th, 2017

TITUS and the NATO Communications and Information Agency (NCIA) recently signed a joint Master Service Agreement (MSA) that enables TITUS to supply our solutions to NCI Agency, NATO Member Nations and other NATO entities.

Cybersecurity is a major area of concern for NATO, and is considered the fourth domain of operations after air, land and water. NATO and its member agencies know that they need to be prepared to defend networks and operations against the increasingly sophisticated cyber threats and attacks.


Read the rest of this entry »

 

Data Privacy Day – Are We Losing the Battle?

January 27th, 2017

Data Privacy Day 2017 arrives on January 28th, highlighting how technology is impacting our ability to maintain privacy while underscoring the importance of protecting our privacy. Yet, the news all month leading up to Data Privacy Day has been anything but encouraging.

Kaspersky Labs issued a report that highlights how little we are actually doing to protect ourselves from privacy breaches. We still use passwords that are easy to crack (40% of hacks are the result of the cybercriminals guessing the password), and we don’t store our passwords securely. To top it off, 20% of us use the same password for multiple accounts while another 10% use the same password for all accounts.


Read the rest of this entry »