Archive for ‘Compliance’

Introducing Classification for Mac, offering the broadest Outlook coverage on the market

Wednesday, September 14th, 2016

libby_robinson-ns

TITUS is excited to announce the addition of Outlook for Mac to our Classification for Outlook offering!

Email is everywhere.  It’s across various platforms and devices, even within a single organization.  While the majority of users may still be on Windows based computers, more and more are beginning to choose Macs.

According to Aberdeen Research, 20% of organizations have enterprise email installations that include both Windows and Mac. In isolation, this number may not seem particularly large, but often these Mac deployments are on desktops where the most sensitive information resides – primarily executive offices, as well as designers and developers.

If your efforts to secure the information transmitted via email is limited only to certain members of your organization, you are risking breaches of either your own intellectual property (IP), or of PII, PCI or PHI.  You don’t want to spill your secret sauce, or face the possibility of loss of consumer trust, market share, or substantial fines.
(more…)

 

 

The TITUS Experience

Friday, August 26th, 2016

bergen_wilde-ns

During a recent TITUS event, I had the opportunity to listen to a conversation between a deployed customer and another still in the planning phase that highlighted the classification challenges many organizations are facing. The questions being asked of the deployed customer weren’t technical ones, but focused on business transformation, such as:

  • How did you train your users on the meaning of the classification levels?
  • Would you recommend a full-fledged, single phase implementation or break it into several smaller phases?
  • How much did you choose to involve the workers in the application of classification at first?

meeting-blog

(more…)

 

 

Preparing for EU GDPR

Thursday, August 18th, 2016

sandra_catana-ns

On 28th May 2018, the European Union (EU) General Data Protection Regulation (GDPR) will come into force with harsh fines and onerous implications. The primary goal of GDPR is to harmonize the protection of personal data across all EU member states. It will have an impact in the EU and around the world, affecting any organization that handles the personal data of EU residents. Don’t let that seemingly distant date delay you from starting to prepare.

TITUS-EU-GDPR-blog
(more…)

 

 

How Will ‘Brexit’ Impact EU GDPR Compliance?

Tuesday, July 26th, 2016

craig_adams-ns

As a Brit who thinks our country is great, but also a European who spends a large part of his time travelling around the continent, I was shocked to find that the UK electorate voted to leave the European Union! If I’m honest with myself, I didn’t see it coming. My general impression of the British public is that, on the whole, we are conservative with a small “c” and typically vote to maintain the status quo. – the grass is very rarely greener…

Brexit
(more…)

 

 

5 Email Policies to Save the Saints

Tuesday, July 5th, 2016

I think that I communicate with my colleagues almost as much via email as through verbal communications – even those I share an office with. In fact, probably about a third of the verbal communications are social interaction rather than direct business discussion. In email, however, most of the communication with my colleagues contains business information, sometimes including large attachments containing sensitive strategic plans. And unlike a verbal conversation which is lost to the ether, email endures. So, while talking about business plans outside the office where someone might overhear has some risk to the company, sending an email to the wrong recipient can be significantly more damaging. Yet, organizations are still not protecting themselves from these accidental breaches.

As a case in point I offer you this example from the National Football League (NFL). It is reported that on July 1st, the New Orleans Saints intended to send an email to the NFL head office regarding their plans to pick up a player who was just put on waivers (released) by the Cleveland Browns. The email, however, was accidentally addressed to the entire league. In other words, they broadcast their plan to all of their competition.

NFL-blog-image
(more…)

 

 

For EU GDPR Compliance, Accountability Starts with End Users

Thursday, May 12th, 2016

craig_adams-ns

I was speaking at an event in Stockholm recently, and was preceded by an eminent lawyer in the field of data protection. He was telling the audience how, after years of discussion, the European Union’s new data protection framework, the EU General Data Protection Regulation, has finally been agreed upon. He gave lots of detail on the specific obligations organisations will now have to comply with to ensure the protection of personal data, but in essence his message boiled down to three things:

• You are accountable and need to be able to demonstrate compliance coherently across your processes, employees and systems
• If you get it wrong, it’s really going to hurt
• You need to start thinking about how to become compliant before it’s too late (more…)

 

 

Regulatory Developments for Cloud Data Privacy

Wednesday, December 9th, 2015

lara_bender-ns

Data privacy in the cloud continues to be a hot topic for regulators. This week, I’d like to cover two important data privacy developments that have a tie-in to concerns about US surveillance programs and cloud data. The first is the US Email Privacy Act, and the second is the revocation of the US-EU Safe Harbor agreement.

Email Privacy Act

The Email Privacy Act is a proposed US Federal law that would require the government to obtain a warrant before accessing email, text messages, and other private content stored in the cloud by Internet Service Providers.

blog_Dec82015
(more…)

 

 

Are you ready for NERC CIP v5?

Wednesday, December 2nd, 2015

lara_bender-ns

If your organization is a bulk power system owner or operation in North America, then you probably already know that you need to be compliant with NERC CIP v5 by April 1, 2016.

For readers who are not familiar with the topic, North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the reliability of the bulk power system in North America. NERC develops and enforces Reliability Standards, including Critical Infrastructure Protection (CIP) standards to secure cyber assets essential to the reliable operation of the electric grid.

NERC Image
(more…)

 

 

Time to Get Serious about Controlled Unclassified Information

Wednesday, August 26th, 2015

It’s time to start getting serious about Controlled Unclassified Information (CUI) and the implementation of a solution that ensures compliance. It is expected that the 32 Code of Federal Regulations (CFR) 2002 will be completed in the November-December 2015 time frame. With the rules and markings in place, the National Archives and Records Administration (NARA) will release the official Marking Handbook to kick off the phased implementation process.

TITUS Classification software can help any department easily comply with these regulations. By using the TITUS classification and marking solution, organizations can enhance their overall security program and realize the following benefits:
(more…)