At Titus Labs we work with customers to find solutions to security and compliance issues that involve protecting corporate email and office documents. Our customers span the commercial, military and government environments, and are faced with various compliance requirements. These include such things as ISO 27001, ITAR, CAPCO, SOX, CUI, GPMS, and HIPAA as well as the need to protect against inadvertent loss of intellectual property or personal information.
Over the last year we’ve been talking about some specific issues and approaches related to SharePoint security, and now we’d like to create a distinct site to start talking about some of the broader issues that we run across in the security space, as well as to create a place where you can share your experiences and feedback.
Security, of course, is a very broad topic and there are many security blogs out there. We don’t get involved in some of the traditional security issues such as anti-virus / spam / malware / vulnerability assessments/ firewalls / authentication etc. These all involve putting up some kind of defense around the organization to make sure the wrong people and malicious code cannot get into the organization.
Our focus here will be on the control of organizational information assets – looking at the data first, determining the value and sensitivity of the information, and then deciding how to protect or safely share that information. We’re interested in use cases where end users are making those decisions, and also where more automated systems are being put into action to analyze and make control decisions.
We’ll cover topics such as information classification, information marking or labeling, data loss prevention, metadata, desktop email and document security, Microsoft Office security, breach legislation, encryption and enterprise digital rights management. In addition we’ll be discussing industry compliance requirements that require organizations to manage and protect sensitive information.
Next week we’ll start digging into two of these topics – 1) what legislation and industry requirements exist that require organizations to look at the way they protect sensitive information? 2) what is information classification, and how can it enhance security?
Whether you are new to topics such as information classification, or you are struggling with some of the deeper issues of data security, we’d like to hear your thoughts and questions. This is an opportunity for all of us to avoid reinventing the wheel, by collaborating and helping each other come up with better solutions. We’d love to hear your thoughts and comments at firstname.lastname@example.org