Archive for ‘Military Classification’

Top Data Security Blog Posts for 2011: Data Classification, Mobile Security, Data Security and Compliance, Data Loss Prevention, and Cloud Data Security

Wednesday, December 28th, 2011

As 2011 draws to a close, I thought it would be interesting to provide a list of the most popular data security articles on this blog. Here are the topics and articles that were most popular with our readers:

1) Data Classification

More and more commercial organizations have started to see data classification as the foundation of their information protection strategy. We wrote several articles about this trend, including an article that described how to implement a data classification policy in 5 simple steps, and an article that recommended best practices for defining a data classification scheme. Readers were also interested in how to use classification software to bulk classify, mark, and label large numbers of files.

2) Mobile Security

Mobile security has become a hot topic, especially with the trend toward consumerization of mobile devices. (more…)

 

 

New White Paper: 5 Easy Steps for Implementing a Classification Policy

Monday, December 5th, 2011

Most organizations have an established corporate information handling policy to protect sensitive and confidential information. This policy is typically expressed with a classification scheme that describes the handling procedure based on the sensitivity of the material in question. The challenge, however, has been implementing and enforcing this policy; in other words, ensuring that sensitive information is adequately protected on a consistent basis.

To address this challenge, organizations often make large investments in technologies such as data loss prevention (DLP) and information rights management (IRM) solutions. Unfortunately, these technologies are often implemented without classification as a first step, and therefore lack context about the information they are protecting. This results in inconsistent and inaccurate data protection, which increases the organization’s risk exposure, may reduce business velocity, and can make a large infrastructure investment a white elephant.

The solution to this challenge is to make classification the foundation of your information protection policy. Fortunately, implementing a classification policy is actually quite simple. In our new white paper entitled “5 Easy Steps for Implementing a Classification Policy”, we discuss how you can implement – and enforce – a classification policy that will increase user security awareness, enhance DLP and IRM solutions, and protect your organization against data loss. (more…)

 

 

Wikileaks Guantanamo Files – How Can Security on Classified Systems be Improved?

Wednesday, May 4th, 2011

Last week saw another round of Wikileaks releases. This time secret US files on 764 detainees held at Guantánamo Bay, Cuba over the past decade have been published by the WikiLeaks website. These memoranda, which contain JTF-GTMO’s recommendations about whether the prisoners in question should continue to be held, or should be released (transferred to their home governments, or to other governments) contain a wealth of important and previously undisclosed information, including risk and health assessments.

The documents are available from WikiLeaks as PDF documents, but could well have been originally written as Microsoft Word documents. The documents have been properly classified. For example, here is a typical classification from one of the documents – S E C R E T / / NOFORN / / 20330428, which means the document is classified as Secret and should not be released to any foreign governments.
(more…)

 

 

CUI: Unclassified Information Isn’t Always Public

Tuesday, November 2nd, 2010

The United States Government is currently going through a review of how it labels and handles “Controlled Unclassified Information”. In May 2008, President George W. Bush issued a Memorandum for the Heads of Executive Departments and Agencies on the Designation and Sharing of Controlled Unclassified Information (CUI) to replace the existing “Sensitive But Unclassified” (SBU) Information Sharing Environment. The National Archives and Records Administration (NARA) was appointed as the Executive Agent for implementation and oversight of the CUI program. In this article we’ll look briefly at some of the important elements of the CUI Framework, and their impacts on how unclassified information is handled in the US Government.

(more…)

 

 

Information Marking for Greater Security Awareness

Tuesday, September 7th, 2010

It’s hard to expect staff to handle a document securely if there aren’t any security markings on it. One of the original and most important purposes for document security classification – even before computers began relying on it for enforcement of policy – was to inform readers of a document’s sensitivity, and how to handle it securely. As unreliable as it may sound, people were actually the first enforcers of security policies. This means that no matter who handled the document, it had to be easy for them to recognize its classification and decide on which handling procedures were applicable. That’s why you may see (if you have the appropriate clearance) sensitivity markings such as TOP SECRET in large text on the front cover and on every page of a very sensitive military document.

(more…)