Archive for the ‘Classification’ Category

Easily Transition from UK GPMS to GSC

Thursday, April 3rd, 2014

Effective April 2, 2014, the new UK Government Security Classifications (GSC) policy replaces the previous Government Protective Marking Scheme (GPMS). The new policy requires the classification of Her Majesty’s Government (HMG) information assets into one of three types: OFFICIAL, SECRET, and TOP SECRET. This classification scheme, simplified from the previous GPMS seven-level classification scheme, will help ensure that government staff, contractors, and service providers can more easily safeguard information.
(more…)

Security is a Business Imperative, Not an IT Task

Thursday, November 21st, 2013

I’ve noticed a distinct theme throughout a number of different analyst report I’ve recently read  -  that the protection of information and data assets is a business task which needs guidance from the business unit leaders. Take as an example…

As executives see more and more media coverage of data breaches and security incidents, the inevitable question is: “What are we doing to make sure that doesn’t happen to us?”

Contrary to 2012 when privacy responsibility was shifting to an organization-wide accountability, in 2013 it’s falling more onto the security group within enterprises. [It’s] a matter of concern if more and more enterprises deem the security group fully responsible for privacy and regulations. Ensuring privacy requires a union of technology, policy, and culture, and a harmony between many business units from security to legal to HR to employees.

-          Understand the State of Data Security and Privacy: 2013 to 2014 (Forrester)

(more…)

The Evolution of Classification

Wednesday, October 23rd, 2013

Last week, the lead whitepaper in TechTarget’s Daily Top 5 was titled, How to Tackle Information Classification – published by the Jericho Forum. Naturally, I was interested to see what it had to say and eagerly downloaded it only to find that it was originally published in January 2009 – almost 5 years ago. Despite its age, the whitepaper is a solid introduction to information classification, the benefits and the challenges. In particular, it provides confirmation that classification is the lynchpin to successful security in a “de-perimeterised environment.” But there were a few areas where it was a bit, shall we say, “stale.” The Jericho Forum whitepaper identified some problems which, in the years since it was published, have been successfully addressed.

Let’s look at the three main problems areas that the Jericho Forum whitepaper identified: (more…)

Stop Guessing the Value of Your Data

Thursday, October 17th, 2013

It is budget season and I have been wondering: how does a company prioritize their data security spend? Unlike building the business case for revenue generating activities, like a new sales plan or a new product, the business case for data security is difficult to quantify. Why? Because it is focused on limiting loss – but it is difficult to both, a) put a value to your data, and b) estimate the cost of a breach.

Legal obligations force a “value” on certain data, so it is fair to say that the cost and effort to protect this data is a good minimum budget. But is that enough to protect the rest? (more…)

Changes to ITAR compliance coming

Tuesday, September 17th, 2013

In October, there will be two new rules affecting the Export Control Reform made by the Departments of State and Commerce. On October 15, jurisdiction of many military items, which have been deemed less sensitive, will be moved from the U.S. Munitions List and governed by the State Department’s International Traffic in Arms Regulations (ITAR), to be on the Commerce Control List that is governed by the Commerce Department’s Export Administration Regulations (EAR). The 600 Series classification provisions will allow this to happen, as it will mandate sweeping changes to the affected items, such as a “catch-and-release” definition of items that are controlled for defense and trade purposes.

“While there is still more work to be done, taken together, these reforms will focus our resources on the threats that matter most, and help us work more effectively with our allies in the field,” President Obama said at the Department of Commerce Annual Export Controls Update Conference. “They’ll bring transparency and coherence to a field of regulation which has long been lacking both.”
(more…)

Your Success Is Tied to Your Intellectual Property; Is Your IP Tied to You?

Friday, July 19th, 2013

A few years back my wife and I spent a great deal of time and effort writing a business plan. We researched the market place, analyzed the threat from local competitors and built the financial and resourcing plans that would ensure our success. When we were done, we shared the plan with our potential investors (friends and family).

Happily, when we shared our plan it received an enthusiastic response. Unhappily, it was so well received that one of our friends thought to share our business plan with some of his work colleagues.

Yikes!
(more…)

TITUS Classification Solutions Now Support Microsoft Office 2013

Friday, April 5th, 2013

Microsoft Office 2013 has been available to corporate customers for about 4 months, and it was released to the public in February of this year.  Office 2013 is available via its traditional packaging, and is now also available via the Office 365 subscriptions.   The Office 365 subscription allows customers to stream the Office 2013 install to their desktop.  In either case there are a number of major changes to Office in this release. 
(more…)

US Export Control and ITAR: Upcoming Changes

Monday, April 1st, 2013

March has been a very busy month for US export control reform. On March 8, President Obama signed a new Executive Order that updates delegated presidential authorities over the administration of certain export and import controls. The Administration also announced that it had notified Congress on March 7th about its proposed export control changes for aircraft and gas turbine engines. These changes are very important because they involve transferring certain parts and components from the ITAR-controlled United States Munitions List (USML) to the Commerce Control List (CCL). This transfer will lead to a more streamlined export control process, which will make it easier for companies to export items to US allies, helping to boost sales and increase US competitiveness.
(more…)

TITUS Classification solutions provide compliance support for new UK government marking requirements

Friday, March 15th, 2013

Organizations throughout the world have the need to comply with various regulations in order to ensure that their most sensitive information is protected. In Australia, for example, Australian government departments use TITUS classification solutions to meet the requirements of the Email Protective Marking Standard (EPMS). For a number of years, TITUS has also been assisting our UK government customers by helping them to comply with the Government Protective Marking Scheme (GPMS).

In the UK, government agencies and public sector organizations need to comply with Her Majesty’s Government (HMG) Security Policy Framework to protect their most important assets. In order to comply with this requirement, departments and agencies must adopt policies in accordance with the Government Protective Marking System, which is designed to help staff determine and indicate to others the levels of protection required to help prevent the compromise of information via protective markings to emails and documents.

(more…)

TITUS continues to support Australian Standard – EPMS 2012

Thursday, September 13th, 2012

They were one of our first customers. Their requirements are one of the reasons that TITUS began developing email classification security software. From our relationship with them, a better classification product was born.

(more…)