Archive for ‘Protective Marking’

CUI Compliance – What You Need To Know

Monday, October 2nd, 2017

Established by Executive Order 13556, the Controlled Unclassified Information (CUI) program defines a uniform policy for the treatment of unclassified information that requires safeguarding or dissemination controls. This framework standardizes practices around the sharing of controlled unclassified information, with the goal of improving the sharing of information across Federal executive branch agencies.

In this two-part blog series, Patricia Hammar, founder of PKH Enterprises and a recognized expert in the areas of government policy and privacy, answers some key questions on CUI compliance.




Protecting Information in a Multi-Cloud World

Wednesday, January 11th, 2017


Around our office there is a lot of talk about “hybrid Cloud” as we help our customers create strategies to safely migrate from on-premise to cloud storage and applications. A hybrid cloud strategy provides both flexibility and peace of mind, enabling organizations to ease into utilizing the Cloud at their pace. The actual challenge however is not finding the right balance between on-premise and the Cloud, but coping with the multitude of cloud options.




3 Steps to Prevent Information From Just Walking Out the Door

Wednesday, January 6th, 2016


We put a lot of resources into data loss prevention, information classification and cyber security projects in an effort to ensure our information is safe. We have developed sophisticated methods of detecting sensitive information and stopping it from being copied over the network, uploaded to the cloud, copied to USB sticks and even burned to DVDs. But there is still one (low tech) leak that seems unstoppable: paper. What is to prevent someone from printing out sensitive information and then taking it out the door or losing control of it in some other way?

blog confidential doc

At first glance it may seem there is nothing we can do, but there are steps that can be taken.



Cyber Security Awareness Month

Thursday, October 8th, 2015


October is National Cyber Security Awareness Month. This week, the focus is on creating a culture of cyber security at work. For TITUS, helping to create a culture of security is a cornerstone for our solutions.

Implementing digital and technology security solutions within an organization usually involves several components, including secure network gateways, data loss prevention systems, and encryption. But with the rapid explosion of mobile devices that can store gigabytes of data and the easy access to cloud sync and share services, it is difficult for technology and IT teams to keep up and ensure that users are not accidentally leaking sensitive information. It is essential, therefore, that your users understand digital security risks and correct policies for sharing information.

To foster a culture of security, organizations need a solution that will:



Why Isn’t My DLP Investment Paying Off?

Wednesday, January 4th, 2012

It’s a common scenario: a large organization invests millions of dollars in a DLP solution, only to leave it in “watch mode” because the rate of false positives is too high to enable full blocking. The result is a DLP investment that becomes a white elephant: a promising technology that does not pay off in actually preventing data loss.

The problem often begins with an over-reliance on automated scanning to prevent data loss. The DLP system is expected to automatically identify all sensitive content, which requires IT administrators to translate business processes and policies into automated rules for every data loss scenario. This is an impossible task, which usually results in overly restrictive rules that block non-sensitive data (false positives) or overly permissive rules that mistakenly release sensitive data (false negatives).

The impact of false positives can be just as detrimental to the business as the data loss caused by false negatives. False positives disrupt business agility and productivity, and can impact collaboration, innovation, and business growth. As well, false positives can actually lead to increased data loss, with users looking for alternative, less secure methods to get around restrictions and carry out their business tasks.

The best way to address this problem is for organizations to identify their information appropriately. The sensitivity of each piece of information must be identified, or ‘classified’. Information classification is crucial for proper handling, and for the ultimate security of an enterprise’s information. Classification provides context to unstructured data such as email and business documents, making it possible for DLP solutions to know how to protect your organization’s sensitive information. (more…)



New White Paper: 5 Easy Steps for Implementing a Classification Policy

Monday, December 5th, 2011

Most organizations have an established corporate information handling policy to protect sensitive and confidential information. This policy is typically expressed with a classification scheme that describes the handling procedure based on the sensitivity of the material in question. The challenge, however, has been implementing and enforcing this policy; in other words, ensuring that sensitive information is adequately protected on a consistent basis.

To address this challenge, organizations often make large investments in technologies such as data loss prevention (DLP) and information rights management (IRM) solutions. Unfortunately, these technologies are often implemented without classification as a first step, and therefore lack context about the information they are protecting. This results in inconsistent and inaccurate data protection, which increases the organization’s risk exposure, may reduce business velocity, and can make a large infrastructure investment a white elephant.

The solution to this challenge is to make classification the foundation of your information protection policy. Fortunately, implementing a classification policy is actually quite simple. In our new white paper entitled “5 Easy Steps for Implementing a Classification Policy”, we discuss how you can implement – and enforce – a classification policy that will increase user security awareness, enhance DLP and IRM solutions, and protect your organization against data loss. (more…)



How Classification Labels Enable End-User Security Awareness

Friday, June 17th, 2011

As much as we’d like it to, technology simply can’t protect our data 100 percent of the time. When it’s in databases, or travelling over a network, data can be encrypted, or can be protected with strict access controls. However, at some point in time, most of our business processes involve documents such as reports, spreadsheets, presentations and emails. Whenever we put information into these kinds of portable formats, it becomes harder to protect with technology. Applying classification labels to documents when they are created enables a level of security awareness among users.  This extends our security policies into the realm of human information exchanges (as opposed to electronic exchanges between systems).

While the big picture view of security awareness and data classification may not be obvious, it’s worthwhile looking at the parallels between automated and manual information exchanges to appreciate the critical elements on the human side. 




Bulk Classification – Classifying and Marking / Labeling Large Numbers of Files

Friday, March 4th, 2011

As organizations mature their content protection strategies, they typically establish policies that ensure that all newly created documents and emails include proper classification. Once the information is classified, organizations’ can implement information security controls matched to the classification of the information.

However, most organizations have a large volume of legacy documents that have never been classified. This poses a problem for the organization’s information security policy. How can we bulk classify large numbers of legacy files so appropriate security controls can also be applied to these documents?




Security Risks and Considerations with Outlook Web Access – Part 2

Thursday, December 9th, 2010

In last week’s post, I discussed several ways to improve the security of Outlook Web Access. With built-in features like forms-based authentication, WebReady Document Reading, and OWA Segmentation, organizations have several configuration options for reducing the risk of web-based email. 

But what about security risks that aren’t so straightforward for technology to detect – risks like discussing corporate secrets in public places, or carelessly forwarding a sensitive email to the wrong recipients? Maybe back in the office users are more risk sensitive, but when they are in informal environments such as airports and home offices, their sense of caution is often minimized. This is where some well-timed, user-based education and warnings can really play a role in reducing the risk of inadvertent disclosure. 

Titus Message Classification for OWA is an important piece of this security puzzle. As a Carnegie Mellon University research experiment showed, if users are warned ahead of time about the security risks of sending sensitive information over the internet, they will be much less likely to send it. This is what Titus Message Classification for OWA does: it makes users stop and think before they send an email, helping them to make the right decisions for protecting their organization’s valuable information.  (more…)