Archive for the ‘Compliance’ Category

Top 6 Reasons Financial Services Companies Classify Data

Wednesday, February 25th, 2015

Next week, SC Magazine will be hosting a webinar on how Provident Bank transformed their information protection strategy. While it might be a bit of a spoiler, I will let you know that Provident Bank thought enough of classification to make it central to their data protection transformation, as have many other financial organizations. I have worked with a number of different financial services companies, and while each might deal with much of the same kinds of data – payment card information (PCI), personally identifiable information (PII), and intellectual property (IP) – they all had their own unique drivers for implementing classification. It made me wonder — what are the top 5 reasons that financial organizations have asked TITUS to help them classify their data? Here is what I found:
(more…)

Targeting Healthcare Data

Monday, February 9th, 2015

In light of last week’s announcement that the records of 80 million customers were stolen from healthcare insurer Anthem, it is worth noting that healthcare organizations have a particularly heavy data protection burden to bear. As the NY Times reported, Protected Health Information (PHI) is incredibly valuable. Where credit card records were selling for just 33 cents each, a patient medical record on the black market sold for $251.

Why is PHI so valuable?
(more…)

Security is a Business Imperative, Not an IT Task

Thursday, November 21st, 2013

I’ve noticed a distinct theme throughout a number of different analyst report I’ve recently read  –  that the protection of information and data assets is a business task which needs guidance from the business unit leaders. Take as an example…

As executives see more and more media coverage of data breaches and security incidents, the inevitable question is: “What are we doing to make sure that doesn’t happen to us?”

Contrary to 2012 when privacy responsibility was shifting to an organization-wide accountability, in 2013 it’s falling more onto the security group within enterprises. [It’s] a matter of concern if more and more enterprises deem the security group fully responsible for privacy and regulations. Ensuring privacy requires a union of technology, policy, and culture, and a harmony between many business units from security to legal to HR to employees.

–          Understand the State of Data Security and Privacy: 2013 to 2014 (Forrester)

(more…)

Changes to ITAR compliance coming

Tuesday, September 17th, 2013

In October, there will be two new rules affecting the Export Control Reform made by the Departments of State and Commerce. On October 15, jurisdiction of many military items, which have been deemed less sensitive, will be moved from the U.S. Munitions List and governed by the State Department’s International Traffic in Arms Regulations (ITAR), to be on the Commerce Control List that is governed by the Commerce Department’s Export Administration Regulations (EAR). The 600 Series classification provisions will allow this to happen, as it will mandate sweeping changes to the affected items, such as a “catch-and-release” definition of items that are controlled for defense and trade purposes.

“While there is still more work to be done, taken together, these reforms will focus our resources on the threats that matter most, and help us work more effectively with our allies in the field,” President Obama said at the Department of Commerce Annual Export Controls Update Conference. “They’ll bring transparency and coherence to a field of regulation which has long been lacking both.”
(more…)

TITUS Classification solutions provide compliance support for new UK government marking requirements

Friday, March 15th, 2013

Organizations throughout the world have the need to comply with various regulations in order to ensure that their most sensitive information is protected. In Australia, for example, Australian government departments use TITUS classification solutions to meet the requirements of the Email Protective Marking Standard (EPMS). For a number of years, TITUS has also been assisting our UK government customers by helping them to comply with the Government Protective Marking Scheme (GPMS).

In the UK, government agencies and public sector organizations need to comply with Her Majesty’s Government (HMG) Security Policy Framework to protect their most important assets. In order to comply with this requirement, departments and agencies must adopt policies in accordance with the Government Protective Marking System, which is designed to help staff determine and indicate to others the levels of protection required to help prevent the compromise of information via protective markings to emails and documents.

(more…)

TITUS continues to support Australian Standard – EPMS 2012

Thursday, September 13th, 2012

They were one of our first customers. Their requirements are one of the reasons that TITUS began developing email classification security software. From our relationship with them, a better classification product was born.

(more…)

Top Data Security Blog Posts for 2011: Data Classification, Mobile Security, Data Security and Compliance, Data Loss Prevention, and Cloud Data Security

Wednesday, December 28th, 2011

As 2011 draws to a close, I thought it would be interesting to provide a list of the most popular data security articles on this blog. Here are the topics and articles that were most popular with our readers:

1) Data Classification

More and more commercial organizations have started to see data classification as the foundation of their information protection strategy. We wrote several articles about this trend, including an article that described how to implement a data classification policy in 5 simple steps, and an article that recommended best practices for defining a data classification scheme. Readers were also interested in how to use classification software to bulk classify, mark, and label large numbers of files.

2) Mobile Security

Mobile security has become a hot topic, especially with the trend toward consumerization of mobile devices. (more…)