Archive for the ‘Compliance’ Category

Time to Get Serious about Controlled Unclassified Information

Wednesday, August 26th, 2015

It’s time to start getting serious about Controlled Unclassified Information (CUI) and the implementation of a solution that ensures compliance. It is expected that the 32 Code of Federal Regulations (CFR) 2002 will be completed in the November-December 2015 time frame. With the rules and markings in place, the National Archives and Records Administration (NARA) will release the official Marking Handbook to kick off the phased implementation process.

TITUS Classification software can help any department easily comply with these regulations. By using the TITUS classification and marking solution, organizations can enhance their overall security program and realize the following benefits:
(more…)

Policy Tetris

Wednesday, April 8th, 2015

Remember Tetris? Admit it – you’ve wasted hours on Tetris. Well, let me share with you something I like to call “Policy Tetris.”

(more…)

Do Newborns Really Need a Name? The Top 10 Reasons Organizations are Not Naming Their Data Babies

Wednesday, March 11th, 2015

Think about this…on that special day when we are born our parents give us a name. Makes sense, right? Having a name keeps you from getting mixed up with the other babies. If you are late for supper and your mom needs to find you right away, she calls your entire name just to make sure the right “Mike” comes home. Should you get lost, it would be pretty difficult for your parents to say to police: “Well, he is 7 years old but doesn’t have a name. See if he answers to ‘Steve’. We always liked that name…”

I digress…

Your company’s data isn’t much different, is it? Without a unique identifier your sensitive data is subject to misuse or improper handling. Everything from securing, storing and retrieving your information is much more difficult, time consuming, and less efficient without first properly identifying—or classifying —your data.

Many organizations are beginning to see the value in “naming their data”, or data classification, and are starting to do something about. However, there are still some organizations out there that do not classify their data. Here is a top 10 list of excuses why organizations DO NOT classify their data “babies”.
(more…)

Top 6 Reasons Financial Services Companies Classify Data

Wednesday, February 25th, 2015

Next week, SC Magazine will be hosting a webinar on how Provident Bank transformed their information protection strategy [link updated to webinar recording]. While it might be a bit of a spoiler, I will let you know that Provident Bank thought enough of classification to make it central to their data protection transformation, as have many other financial organizations. I have worked with a number of different financial services companies, and while each might deal with much of the same kinds of data – payment card information (PCI), personally identifiable information (PII), and intellectual property (IP) – they all had their own unique drivers for implementing classification. It made me wonder — what are the top 5 reasons that financial organizations have asked TITUS to help them classify their data? Here is what I found:
(more…)

Targeting Healthcare Data

Monday, February 9th, 2015

In light of last week’s announcement that the records of 80 million customers were stolen from healthcare insurer Anthem, it is worth noting that healthcare organizations have a particularly heavy data protection burden to bear. As the NY Times reported, Protected Health Information (PHI) is incredibly valuable. Where credit card records were selling for just 33 cents each, a patient medical record on the black market sold for $251.

Why is PHI so valuable?
(more…)