Archive for ‘Classification’

Easily Transition from UK GPMS to GSC

Thursday, April 3rd, 2014

Effective April 2, 2014, the new UK Government Security Classifications (GSC) policy replaces the previous Government Protective Marking Scheme (GPMS). The new policy requires the classification of Her Majesty’s Government (HMG) information assets into one of three types: OFFICIAL, SECRET, and TOP SECRET. This classification scheme, simplified from the previous GPMS seven-level classification scheme, will help ensure that government staff, contractors, and service providers can more easily safeguard information.



Changes to ITAR compliance coming

Tuesday, September 17th, 2013

In October, there will be two new rules affecting the Export Control Reform made by the Departments of State and Commerce. On October 15, jurisdiction of many military items, which have been deemed less sensitive, will be moved from the U.S. Munitions List and governed by the State Department’s International Traffic in Arms Regulations (ITAR), to be on the Commerce Control List that is governed by the Commerce Department’s Export Administration Regulations (EAR). The 600 Series classification provisions will allow this to happen, as it will mandate sweeping changes to the affected items, such as a “catch-and-release” definition of items that are controlled for defense and trade purposes.

“While there is still more work to be done, taken together, these reforms will focus our resources on the threats that matter most, and help us work more effectively with our allies in the field,” President Obama said at the Department of Commerce Annual Export Controls Update Conference. “They’ll bring transparency and coherence to a field of regulation which has long been lacking both.”



TITUS Classification Solutions Now Support Microsoft Office 2013

Friday, April 5th, 2013

Microsoft Office 2013 has been available to corporate customers for about 4 months, and it was released to the public in February of this year.  Office 2013 is available via its traditional packaging, and is now also available via the Office 365 subscriptions.   The Office 365 subscription allows customers to stream the Office 2013 install to their desktop.  In either case there are a number of major changes to Office in this release. 

Some of the changes in Office 2013 may involve a change in the user’s workflow.  For instance, in Outlook 2013 Microsoft has streamlined the process of shooting off a quick reply in Outlook 2013. Instead of clicking Reply to open up a new email, you can simply start typing and reply inline on the message itself.




US Export Control and ITAR: Upcoming Changes

Monday, April 1st, 2013

March has been a very busy month for US export control reform. On March 8, President Obama signed a new Executive Order that updates delegated presidential authorities over the administration of certain export and import controls. The Administration also announced that it had notified Congress on March 7th about its proposed export control changes for aircraft and gas turbine engines. These changes are very important because they involve transferring certain parts and components from the ITAR-controlled United States Munitions List (USML) to the Commerce Control List (CCL). This transfer will lead to a more streamlined export control process, which will make it easier for companies to export items to US allies, helping to boost sales and increase US competitiveness.



Announcing TITUS Classification 3.5!

Tuesday, April 17th, 2012

Back in January, John Kindervag of Forrester Research released a report called ‘Rethinking DLP’. In this report, John stated that, “most companies fail in achieving DLP success because they don’t define the necessary process and policies before their deployment. Security professionals must train DLP tools by defining policies, but before you can define policies, you have to properly inventory and classify your sensitive information.”

We at TITUS couldn’t agree more!

Today, we are launching the latest version of our flagship products – TITUS Message Classification and TITUS Classification for Microsoft Office. These security and data governance solutions help organizations to ensure consistent and proper handling of their email and documents. With these solutions, organizations can enable users to classify email and documents, prevent data loss and meet compliance needs. By involving the user, TITUS solutions can ensure the right users have access to the right information.



Using Resource Properties and Classification in Windows Server 2012 Dynamic Access Control

Monday, March 19th, 2012

Windows Server 2012 introduces a new way to secure files, folders, and shared resources called Dynamic Access Control (DAC).  This new functionality helps protect sensitive data, and can ensure that those who are accessing the data and the systems they are using are trusted.  Unlike the way files and shares were protected in Windows 7 and previous Windows operating systems, DAC allow administrators to manage security policies for the whole enterprise.  These policies can be defined centrally and enforced on servers, shares and folders located throughout the organization.

In Windows Server 2012 you can define Dynamic Access Control Policies.  Policies can be made up of one or more Access Control Rules.  A rule defines the 1) claims needed to access a resource and the 2) properties of the resource.



Why Isn’t My DLP Investment Paying Off?

Wednesday, January 4th, 2012

It’s a common scenario: a large organization invests millions of dollars in a DLP solution, only to leave it in “watch mode” because the rate of false positives is too high to enable full blocking. The result is a DLP investment that becomes a white elephant: a promising technology that does not pay off in actually preventing data loss.

The problem often begins with an over-reliance on automated scanning to prevent data loss. The DLP system is expected to automatically identify all sensitive content, which requires IT administrators to translate business processes and policies into automated rules for every data loss scenario. This is an impossible task, which usually results in overly restrictive rules that block non-sensitive data (false positives) or overly permissive rules that mistakenly release sensitive data (false negatives).

The impact of false positives can be just as detrimental to the business as the data loss caused by false negatives. False positives disrupt business agility and productivity, and can impact collaboration, innovation, and business growth. As well, false positives can actually lead to increased data loss, with users looking for alternative, less secure methods to get around restrictions and carry out their business tasks.

The best way to address this problem is for organizations to identify their information appropriately. The sensitivity of each piece of information must be identified, or ‘classified’. Information classification is crucial for proper handling, and for the ultimate security of an enterprise’s information. Classification provides context to unstructured data such as email and business documents, making it possible for DLP solutions to know how to protect your organization’s sensitive information. (more…)



Top Data Security Blog Posts for 2011: Data Classification, Mobile Security, Data Security and Compliance, Data Loss Prevention, and Cloud Data Security

Wednesday, December 28th, 2011

As 2011 draws to a close, I thought it would be interesting to provide a list of the most popular data security articles on this blog. Here are the topics and articles that were most popular with our readers:

1) Data Classification

More and more commercial organizations have started to see data classification as the foundation of their information protection strategy. We wrote several articles about this trend, including an article that described how to implement a data classification policy in 5 simple steps, and an article that recommended best practices for defining a data classification scheme. Readers were also interested in how to use classification software to bulk classify, mark, and label large numbers of files.

2) Mobile Security

Mobile security has become a hot topic, especially with the trend toward consumerization of mobile devices. (more…)



New White Paper: 5 Easy Steps for Implementing a Classification Policy

Monday, December 5th, 2011

Most organizations have an established corporate information handling policy to protect sensitive and confidential information. This policy is typically expressed with a classification scheme that describes the handling procedure based on the sensitivity of the material in question. The challenge, however, has been implementing and enforcing this policy; in other words, ensuring that sensitive information is adequately protected on a consistent basis.

To address this challenge, organizations often make large investments in technologies such as data loss prevention (DLP) and information rights management (IRM) solutions. Unfortunately, these technologies are often implemented without classification as a first step, and therefore lack context about the information they are protecting. This results in inconsistent and inaccurate data protection, which increases the organization’s risk exposure, may reduce business velocity, and can make a large infrastructure investment a white elephant.

The solution to this challenge is to make classification the foundation of your information protection policy. Fortunately, implementing a classification policy is actually quite simple. In our new white paper entitled “5 Easy Steps for Implementing a Classification Policy”, we discuss how you can implement – and enforce – a classification policy that will increase user security awareness, enhance DLP and IRM solutions, and protect your organization against data loss. (more…)