Archive for the ‘Information Spillage’ Category

Your Success Is Tied to Your Intellectual Property; Is Your IP Tied to You?

Friday, July 19th, 2013

A few years back my wife and I spent a great deal of time and effort writing a business plan. We researched the market place, analyzed the threat from local competitors and built the financial and resourcing plans that would ensure our success. When we were done, we shared the plan with our potential investors (friends and family).

Happily, when we shared our plan it received an enthusiastic response. Unhappily, it was so well received that one of our friends thought to share our business plan with some of his work colleagues.

Yikes!
(more…)

Complying with Obama’s Executive Order to Improve Security of Classified Networks

Thursday, October 13th, 2011

On October 7, 2011 President Obama issued an Executive Order (Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information) “in order to ensure the responsible sharing and safeguarding of classified national security information (classified information) on computer networks”. This is as a result of the Wikileaks incident of last year.  One of the major focus areas of the Executive order is to reduce the possible threat of insiders leaking classified information out of the government.
(more…)

Redaction for Microsoft Outlook email – How it Can Support Data Loss Prevention

Monday, July 25th, 2011

Since there are a number of ways to implement Data Loss Prevention (DLP) within an enterprise, it is important to understand the value of different approaches. One approach to DLP is called “Redaction”, which involves blacking out the characters in a message or document, so that future consumers of the document can’t see sensitive portions of the document. The image below shows how a redacted message might look. Redaction has been mostly used in highly sensitive government or military environments for documents, but redaction can also be used in commercial organizations where the loss of sensitive information via email is a concern.

Clearly, in order to effectively redact content, some kind of rules must be applied to determine which portions should be blacked out. Once the sensitive portions have been identified, a number of different actions are usually taken to ensure that the sensitive information is not released. This article focuses on why redaction is an important option to have in an email system, and how it can be automated to help users protect sensitive information.

(more…)

Controlled Unclassified Information (CUI) Initial Implementation Guidance

Tuesday, June 21st, 2011

On June 9, NARA released an implementation guidance document to help agencies prepare to meet Executive Order 13556.  The guidance document provides agencies with some key information needed for them to prepare their CUI implementation plans.  These plans are due to NARA in early November of this year.  

 Here are some of the highlights:

  •  They give guidance on how to handle legacy documents.  This has been area of great interest to the government folks that we have been speaking with – they will appreciate the clarity. 
  • Safeguarding of CUI per existing OMB and NIST direction (a good thing – don’t think anyone wanted new standards).
  • De-control dates for each category (welcome for various open government advocates). 
  • View into marking format: CUI//Authorized Category-Subcategory.  Everyone’s been waiting for this one!
  • They encourage portion marking.  Portion marking refers to applying paragraph level markings that may be different than other markings within the same document or email.  Portion marking is widely used across the intelligence and DoD community. It will be interesting to see this leveraged on the civilian side of things – end user training and education will be paramount to successful adoption.

Overall, this helps set the stage for what is to come.  Expect to see more guidance issued as we get closer to the registry live date (November 2011, if they keep on track).  The registry will hold all the approved CUI markings and be available to the public.

 The guidance can be found at:  http://www.fas.org/sgp/cui/guidance.pdf

Leveraging enterprise directories for real-time validation of email recipients

Wednesday, January 26th, 2011

We’ve all heard about the recent examples of emails being sent to the wrong recipients. Everything from the UBS GM IPO example, to things we’ve experiences ourselves. Whoops….. I wish I could get that email back. While the email sender typically has an idea of the sensitivity of their message, they often have less immediate visibility into the “clearance levels” and “need-to-know” of their intended recipients.

This blog looks at two areas of email “Recipient Validation”. These features can be very valuable in helping companies avoid inadvertent data leakage.

(more…)

The importance of timely email content validation feedback

Friday, January 14th, 2011

Although it may seem like an easy task to select classifications on outgoing messages, email can be one of the most difficult types of corporate information content to classify and control in a practical way. Every organization has different internal information flows, and the timeliness of email messages in some workflows can be critical.

So, while automated Email filtering – or content validation – is becoming a staple of corporate networks, the basic architecture of the solution can have a significant impact on the efficiency of workflows and staff productivity. This article will highlight one of the challenges with applying content validation on email messages within an organization, and explain how Titus Message Classification can help ensure timely processing and feedback to users so they can get their jobs done more efficiently. (more…)

This is no fairy tale – why email data leaks can ruin the happy ending!

Wednesday, November 10th, 2010

Once upon a time… (that’s the way all good stories start, don’t they!?)

Anyway, once upon a time, actually just a few weeks ago, there was an employee. This employee was not malicious, wasn’t trying to cause any harm, but was simply trying to get some ‘work-related assistance’ from someone outside of their organization, and inadvertently emailed a file containing all of the names and social security numbers of all of the employees of that organization to someone outside of the organization.
(more…)

Controlling Email Flow with Classification and the Cisco IronPort Email Security Appliance

Tuesday, September 28th, 2010

Radicati estimates there are 730 million corporate email accounts today. They also estimate that on average those users are sending or receiving 110 emails per day.

I won’t make you do the math – if their numbers are right that’s 80 billion emails. Per day. With that many messages flowing in and out of organizations every day, what could go wrong?

(more…)