Archive for the ‘Classification’ Category

« Older Entries

TITUS Classification Solutions Now Support Microsoft Office 2013

Friday, April 5th, 2013

Microsoft Office 2013 has been available to corporate customers for about 4 months, and it was released to the public in February of this year.  Office 2013 is available via its traditional packaging, and is now also available via the Office 365 subscriptions.   The Office 365 subscription allows customers to stream the Office 2013 install to their desktop.  In either case there are a number of major changes to Office in this release. 
(more…)

Tags:
Posted in Classification, Microsoft Office Security | No Comments »

US Export Control and ITAR: Upcoming Changes

Monday, April 1st, 2013

March has been a very busy month for US export control reform. On March 8, President Obama signed a new Executive Order that updates delegated presidential authorities over the administration of certain export and import controls. The Administration also announced that it had notified Congress on March 7th about its proposed export control changes for aircraft and gas turbine engines. These changes are very important because they involve transferring certain parts and components from the ITAR-controlled United States Munitions List (USML) to the Commerce Control List (CCL). This transfer will lead to a more streamlined export control process, which will make it easier for companies to export items to US allies, helping to boost sales and increase US competitiveness.
(more…)

Tags: , , , ,
Posted in Classification, ITAR / Export Control | No Comments »

TITUS Classification solutions provide compliance support for new UK government marking requirements

Friday, March 15th, 2013

Organizations throughout the world have the need to comply with various regulations in order to ensure that their most sensitive information is protected. In Australia, for example, Australian government departments use TITUS classification solutions to meet the requirements of the Email Protective Marking Standard (EPMS). For a number of years, TITUS has also been assisting our UK government customers by helping them to comply with the Government Protective Marking Scheme (GPMS).

In the UK, government agencies and public sector organizations need to comply with Her Majesty’s Government (HMG) Security Policy Framework to protect their most important assets. In order to comply with this requirement, departments and agencies must adopt policies in accordance with the Government Protective Marking System, which is designed to help staff determine and indicate to others the levels of protection required to help prevent the compromise of information via protective markings to emails and documents.

(more…)

Posted in Classification, Compliance, Email Security | No Comments »

TITUS continues to support Australian Standard – EPMS 2012

Thursday, September 13th, 2012

They were one of our first customers. Their requirements are one of the reasons that TITUS began developing email classification security software. From our relationship with them, a better classification product was born.

(more…)

Tags: , ,
Posted in Classification, Compliance, Email Security | No Comments »

Using Resource Properties and Classification in Windows Server 2012 Dynamic Access Control

Monday, March 19th, 2012

Windows Server 2012 introduces a new way to secure files, folders, and shared resources called Dynamic Access Control (DAC).  This new functionality helps protect sensitive data, and can ensure that those who are accessing the data and the systems they are using are trusted.  Unlike the way files and shares were protected in Windows 7 and previous Windows operating systems, DAC allow administrators to manage security policies for the whole enterprise.  These policies can be defined centrally and enforced on servers, shares and folders located throughout the organization.
(more…)

Tags: , , , ,
Posted in Classification, Dynamic Access Control (DAC) | No Comments »

Chaos and Data and Copters…oh my! Time for RSA 2012!!

Friday, February 10th, 2012

One VERY SHORT year ago, TITUS made our debut – a coming out party of sorts – at RSA. And what a debut it was! We had excitement, we had NASCAR racing, we gave away PS3s, and we had HUGE crowds of people at our booth wanting to learn more about how to involve their end users in securing sensitive information… what a week!

So, what’s the first thought that went through our collective minds when planning this year’s event… “How the heck are we going to top that excitement this year!?” But, we put those collective minds to work, and, well, I think we’ve found a way!

(more…)

Posted in Classification, Cloud Data Security | No Comments »

Why Isn’t My DLP Investment Paying Off?

Wednesday, January 4th, 2012

It’s a common scenario: a large organization invests millions of dollars in a DLP solution, only to leave it in “watch mode” because the rate of false positives is too high to enable full blocking. The result is a DLP investment that becomes a white elephant: a promising technology that does not pay off in actually preventing data loss.

The problem often begins with an over-reliance on automated scanning to prevent data loss. The DLP system is expected to automatically identify all sensitive content, which requires IT administrators to translate business processes and policies into automated rules for every data loss scenario. This is an impossible task, which usually results in overly restrictive rules that block non-sensitive data (false positives) or overly permissive rules that mistakenly release sensitive data (false negatives).

The impact of false positives can be just as detrimental to the business as the data loss caused by false negatives. False positives disrupt business agility and productivity, and can impact collaboration, innovation, and business growth. As well, false positives can actually lead to increased data loss, with users looking for alternative, less secure methods to get around restrictions and carry out their business tasks.

The best way to address this problem is for organizations to identify their information appropriately. The sensitivity of each piece of information must be identified, or ‘classified’. Information classification is crucial for proper handling, and for the ultimate security of an enterprise’s information. Classification provides context to unstructured data such as email and business documents, making it possible for DLP solutions to know how to protect your organization’s sensitive information. (more…)

Posted in Classification, DLP, Email Security, Protective Marking | No Comments »

Top Data Security Blog Posts for 2011: Data Classification, Mobile Security, Data Security and Compliance, Data Loss Prevention, and Cloud Data Security

Wednesday, December 28th, 2011

As 2011 draws to a close, I thought it would be interesting to provide a list of the most popular data security articles on this blog. Here are the topics and articles that were most popular with our readers:

1) Data Classification

More and more commercial organizations have started to see data classification as the foundation of their information protection strategy. We wrote several articles about this trend, including an article that described how to implement a data classification policy in 5 simple steps, and an article that recommended best practices for defining a data classification scheme. Readers were also interested in how to use classification software to bulk classify, mark, and label large numbers of files.

2) Mobile Security

Mobile security has become a hot topic, especially with the trend toward consumerization of mobile devices. (more…)

Posted in Classification, Cloud Data Security, Compliance, Controlled Unclassified Information (CUI), DLP, Email Security, ITAR / Export Control, Military Classification, Outlook Web Access Security, Prevent Wikileaks, Web Mail | No Comments »

New White Paper: 5 Easy Steps for Implementing a Classification Policy

Monday, December 5th, 2011

Most organizations have an established corporate information handling policy to protect sensitive and confidential information. This policy is typically expressed with a classification scheme that describes the handling procedure based on the sensitivity of the material in question. The challenge, however, has been implementing and enforcing this policy; in other words, ensuring that sensitive information is adequately protected on a consistent basis.

To address this challenge, organizations often make large investments in technologies such as data loss prevention (DLP) and information rights management (IRM) solutions. Unfortunately, these technologies are often implemented without classification as a first step, and therefore lack context about the information they are protecting. This results in inconsistent and inaccurate data protection, which increases the organization’s risk exposure, may reduce business velocity, and can make a large infrastructure investment a white elephant.

The solution to this challenge is to make classification the foundation of your information protection policy. Fortunately, implementing a classification policy is actually quite simple. In our new white paper entitled “5 Easy Steps for Implementing a Classification Policy”, we discuss how you can implement – and enforce – a classification policy that will increase user security awareness, enhance DLP and IRM solutions, and protect your organization against data loss. (more…)

Posted in Classification, Compliance, Email Security, ITAR / Export Control, Military Classification, Protective Marking | No Comments »

Best Practices for Defining a Classification Scheme

Wednesday, November 2nd, 2011

In my previous blog post, 5 Easy Steps for Implementing a Classification Policy, I discussed the importance of starting with a simple set of classification labels. In this post, I will expand on the topic of classification schemes, especially as they apply to commercial organizations.

At TITUS, we recommend that organizations try to keep the number of classification options down to four or fewer. We find that the simpler your classification scheme, the easier it will be for users to decide which category to use. Later, as your users become used to classifying content, you can add additional categories.

Many organizations use three categories:

1) A category such as “Public” to indicate non-sensitive information
2) An “Internal” category for information that should stay within the organization
3) A category such as “Confidential” or “Restricted” for information that is particularly sensitive

Surprisingly, the “Public” category is often what causes the most debate in commercial organizations. (more…)

Posted in Classification, Compliance, Controlled Unclassified Information (CUI), ITAR / Export Control, Secure Email Gateway | No Comments »

« Older Entries