Archive for the ‘Information Spillage’ Category

World Data Privacy Day

Wednesday, January 28th, 2015

It’s Data Privacy Day today, and TITUS is participating with other organizations around the world to raise awareness about the need to protect personal data. While much of the focus of Data Privacy Day is on how individuals can protect their data from the mischievous, the opportunist and the criminal, here at TITUS we like to look at it from the other side. How can the bank, the clinic, the department store, the utility, the educational institution, and all of the other legitimate organizations that collect personal details be good stewards of this information?

Your Success Is Tied to Your Intellectual Property; Is Your IP Tied to You?

Friday, July 19th, 2013

A few years back my wife and I spent a great deal of time and effort writing a business plan. We researched the market place, analyzed the threat from local competitors and built the financial and resourcing plans that would ensure our success. When we were done, we shared the plan with our potential investors (friends and family).

Happily, when we shared our plan it received an enthusiastic response. Unhappily, it was so well received that one of our friends thought to share our business plan with some of his work colleagues.


Complying with Obama’s Executive Order to Improve Security of Classified Networks

Thursday, October 13th, 2011

On October 7, 2011 President Obama issued an Executive Order (Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information) “in order to ensure the responsible sharing and safeguarding of classified national security information (classified information) on computer networks”. This is as a result of the Wikileaks incident of last year.  One of the major focus areas of the Executive order is to reduce the possible threat of insiders leaking classified information out of the government.

Redaction for Microsoft Outlook email – How it Can Support Data Loss Prevention

Monday, July 25th, 2011

Since there are a number of ways to implement Data Loss Prevention (DLP) within an enterprise, it is important to understand the value of different approaches. One approach to DLP is called “Redaction”, which involves blacking out the characters in a message or document, so that future consumers of the document can’t see sensitive portions of the document. The image below shows how a redacted message might look. Redaction has been mostly used in highly sensitive government or military environments for documents, but redaction can also be used in commercial organizations where the loss of sensitive information via email is a concern.

Clearly, in order to effectively redact content, some kind of rules must be applied to determine which portions should be blacked out. Once the sensitive portions have been identified, a number of different actions are usually taken to ensure that the sensitive information is not released. This article focuses on why redaction is an important option to have in an email system, and how it can be automated to help users protect sensitive information.


Controlled Unclassified Information (CUI) Initial Implementation Guidance

Tuesday, June 21st, 2011

On June 9, NARA released an implementation guidance document to help agencies prepare to meet Executive Order 13556.  The guidance document provides agencies with some key information needed for them to prepare their CUI implementation plans.  These plans are due to NARA in early November of this year.  

 Here are some of the highlights:

  •  They give guidance on how to handle legacy documents.  This has been area of great interest to the government folks that we have been speaking with – they will appreciate the clarity. 
  • Safeguarding of CUI per existing OMB and NIST direction (a good thing – don’t think anyone wanted new standards).
  • De-control dates for each category (welcome for various open government advocates). 
  • View into marking format: CUI//Authorized Category-Subcategory.  Everyone’s been waiting for this one!
  • They encourage portion marking.  Portion marking refers to applying paragraph level markings that may be different than other markings within the same document or email.  Portion marking is widely used across the intelligence and DoD community. It will be interesting to see this leveraged on the civilian side of things – end user training and education will be paramount to successful adoption.

Overall, this helps set the stage for what is to come.  Expect to see more guidance issued as we get closer to the registry live date (November 2011, if they keep on track).  The registry will hold all the approved CUI markings and be available to the public.

 The guidance can be found at:

Leveraging enterprise directories for real-time validation of email recipients

Wednesday, January 26th, 2011

We’ve all heard about the recent examples of emails being sent to the wrong recipients. Everything from the UBS GM IPO example, to things we’ve experiences ourselves. Whoops….. I wish I could get that email back. While the email sender typically has an idea of the sensitivity of their message, they often have less immediate visibility into the “clearance levels” and “need-to-know” of their intended recipients.

This blog looks at two areas of email “Recipient Validation”. These features can be very valuable in helping companies avoid inadvertent data leakage.