Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Copyright © 2014 M. E. Kabay. All rights reserved. CSH5 Chapter 67 “Developing Classification Policies for Data” Karthik Raman & Kevin Beets Classification.

Published byJuliet Bryant Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Copyright © 2014 M. E. Kabay. All rights reserved. CSH5 Chapter 67 “Developing Classification Policies for Data” Karthik Raman & Kevin Beets Classification."— Presentation transcript:

1 1 Copyright © 2014 M. E. Kabay. All rights reserved. CSH5 Chapter 67 “Developing Classification Policies for Data” Karthik Raman & Kevin Beets Classification Policies

2 2 Copyright © 2014 M. E. Kabay. All rights reserved. TOPICS  Introduction  Purpose / Benefits  Role in IA  Legal Requirements  Design & Implementation  DC Solutions

3 3 Copyright © 2014 M. E. Kabay. All rights reserved. Introduction  Popular literature / media refer to “TOP SECRET”  No clear understanding of issues  Misrepresentation as negative: hiding information from stakeholders  Data classification  Labels info to support compliance with data-protection policies  Historically used by government, military, government contractors  Now increasingly used to comply with legal requirements on commercial organizations Financial / operational records Privacy protection

4 4 Copyright © 2014 M. E. Kabay. All rights reserved. Purpose / Benefits  Information life cycle management (ILM)  Control of data  Throughout life cycle Creation Access Modification Destruction  Legal requirements increasing pressure in private sector; e.g.,  HIPAA  European Privacy Directive Benefits Compliance with data standards, legal requirements Streamlined/secure data sharing Efficient data storage / retrieval Tracking data through ILM

5 5 Copyright © 2014 M. E. Kabay. All rights reserved. Role in IA  Federal Financial Institutions Examinations Council (FFIEC) guidelines  Ensure consistent protection of data  Focus controls / efforts efficiently  Systems must be classified at highest level of information stored / transmitted  Supports risk analysis  Clarifies basis for access restrictions  Supports business continuity planning & disaster recovery planning  May be mandatory  Necessary for data-loss prevention (DLP)

6 6 Copyright © 2014 M. E. Kabay. All rights reserved. Legal Requirements in US  Privacy Act of 1974  Including Computer Matching & Privacy Protection Act of 1988  Family Educational Rights & Privacy Act (FERPA)  Health Insurance Portability & Accountability8 Act (HIPAA)  Gramm-Leach-Bliley Act (GLBA)  Sarbanes-Oxley Act (SOX)  Federal rules of Civil Procedure (FRCP)

7 7 Copyright © 2014 M. E. Kabay. All rights reserved. Compliance Standards (1)  US Federal Government Executive Order 12958  Further Amendment to Executive Order 12958… Classified National Security Information  ISO/IEC 27001:2005  Guidelines & principles for information security management  5 levels Public documents Internal use only Proprietary Highly confidential Top secret

8 8 Copyright © 2014 M. E. Kabay. All rights reserved. Compliance Standards (2)  Defense contracting (DoD)  Finances (Federal Financial Institutions Examination Council – FFIEC)  Life sciences (FDA)  Media, telecom (FCC)

9 9 Copyright © 2014 M. E. Kabay. All rights reserved. Design  Obtain management approval  Study BCP, IT assets, storage-management  Present benefits DC to business unit (BU) heads  Survey users in BUs re data utilization / management & preferences for organization & labeling  List revenue-generation & mission-critical usage of data for each BU;  Study information sharing

10 10 Copyright © 2014 M. E. Kabay. All rights reserved. Implementation  Obtain management approval  Map data-labeling to available hardware, networks, systems, storage  Apply automation / DC tools as appropriate  Guide users through adoption & solicit feedback  Develop service-level agreements (SLAs) for data usage  Plan for DLP  Develop cost model  Report results to management

11 11 Copyright © 2014 M. E. Kabay. All rights reserved. DC Solutions  Primarily related to data storage  Virtualization  Deduplication  Cheaper media  Features of DC software  Policy-based data-type discovery  File metadata classification  Multiple file system management  Compliance & legal consideration  Report style

12 12 Copyright © 2014 M. E. Kabay. All rights reserved. Product Roundup from SearchStorage http://searchstorage.techtarget.com/report/Product-Roundup-Data-classification

13 13 Copyright © 2014 M. E. Kabay. All rights reserved. Varonis http://www.varonis.com/products/data-classification-framework.html Professor Kabay has no financial interest in any of the products shown as examples.

14 14 Copyright © 2014 M. E. Kabay. All rights reserved. TITUS http://www.titus.com/software/message-classification/ Specifically for email control Professor Kabay has no financial interest in any of the products shown as examples.

15 15 Copyright © 2014 M. E. Kabay. All rights reserved. Some Useful Videos  Data Classification  Part 1 http://www.youtube.com/watch?v=rfP56qua5pc  Part 2 http://www.youtube.com/watch?v=1-Y2EvWMhD0  What is Network Data Loss Prevention (McAfee)  http://www.youtube.com/watch?v=9jLK5jybSnI  TITUS Classification Solutions Overview  http://www.youtube.com/watch?v=dsuH_EA_NdY&feature=pyv  McAfee Data Loss Prevention (DLP)  http://www.youtube.com/watch?v=TXYNNSaMxsI

16 16 Copyright © 2014 M. E. Kabay. All rights reserved. DISCUSSION

Download ppt "1 Copyright © 2014 M. E. Kabay. All rights reserved. CSH5 Chapter 67 “Developing Classification Policies for Data” Karthik Raman & Kevin Beets Classification."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Managing Outsourced Service Providers By: Philip Romero, CISSP, CISA.

Managing Outsourced Service Providers By: Philip Romero, CISSP, CISA.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Introduction to Records Management Policy

Introduction to Records Management Policy
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Westbrook Technologies from Document Management’s Role in HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Chapter 5: Asset Classification

Chapter 5: Asset Classification
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Auditing Computer Systems

Auditing Computer Systems
Security Controls – What Works

Security Controls – What Works
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.
1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”

1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Department of Commerce Records Management Training.

Department of Commerce Records Management Training.

Similar presentations

Ads by Google