Classification Policies CSH 5 Chapter 67 Developing Classification
- Slides: 16
Classification Policies CSH 5 Chapter 67 “Developing Classification Policies for Data” Karthik Raman & Kevin Beets 1 Copyright © 2020 M. E. Kabay. All rights reserved.
TOPICS ØIntroduction ØPurpose / Benefits ØRole in IA ØLegal Requirements ØDesign & Implementation ØDC Solutions 2 Copyright © 2020 M. E. Kabay. All rights reserved.
Introduction Ø Popular literature / media refer to “TOP SECRET” q. No clear understanding of issues q. Misrepresentation as negative: hiding information from stakeholders Ø Data classification q. Labels info to support compliance with data-protection policies q. Historically used by government, military, government contractors q. Now increasingly used to comply with legal requirements on commercial organizations üFinancial / operational records üPrivacy protection 3 Copyright © 2020 M. E. Kabay. All rights reserved.
Purpose / Benefits Ø Information life cycle management (ILM) q. Control of data Benefits q. Throughout life cycle • Compliance with data standards, legal üCreation requirements • Streamlined/secure data üAccess sharing üModification • Efficient data storage / retrieval üDestruction • Tracking data through ILM Ø Legal requirements increasing pressure in private sector; e. g. , q. HIPAA q. European Privacy Directive 4 Copyright © 2020 M. E. Kabay. All rights reserved.
Role in IA Ø Federal Financial Institutions Examinations Council (FFIEC) guidelines q. Ensure consistent protection of data q. Focus controls / efforts efficiently q. Systems must be classified at highest level of information stored / transmitted Ø Supports risk analysis Ø Clarifies basis for access restrictions Ø Supports business continuity planning & disaster recovery planning Ø May be mandatory Ø Necessary for data-loss prevention (DLP) 5 Copyright © 2020 M. E. Kabay. All rights reserved.
Legal Requirements in US Ø Privacy Act of 1974 q. Including Computer Matching & Privacy Protection Act of 1988 Ø Family Educational Rights & Privacy Act (FERPA) Ø Health Insurance Portability & Accountability 8 Act (HIPAA) Ø Gramm-Leach-Bliley Act (GLBA) Ø Sarbanes-Oxley Act (SOX) Ø Federal rules of Civil Procedure (FRCP) 6 Copyright © 2020 M. E. Kabay. All rights reserved.
Compliance Standards (1) 7 Ø US Federal Government Executive Order 12958 q. Further Amendment to Executive Order 12958… Classified National Security Information Ø ISO/IEC 27001: 2005 q. Guidelines & principles for information security management q 5 levels üPublic documents üInternal use only üProprietary üHighly confidential üTop secret Copyright © 2020 M. E. Kabay. All rights reserved.
Compliance Standards (2) Ø Defense contracting (Do. D) Ø Finances (Federal Financial Institutions Examination Council – FFIEC) Ø Life sciences (FDA) Ø Media, telecom (FCC) 8 Copyright © 2020 M. E. Kabay. All rights reserved.
Design Ø Obtain management approval Ø Study BCP, IT assets, storage-management Ø Present benefits DC to business unit (BU) heads Ø Survey users in BUs re data utilization / management & preferences for organization & labeling Ø List revenue-generation & mission-critical usage of data for each BU; Ø Study information sharing 9 Copyright © 2020 M. E. Kabay. All rights reserved.
Implementation Ø Obtain management approval Ø Map data-labeling to available hardware, networks, systems, storage Ø Apply automation / DC tools as appropriate Ø Guide users through adoption & solicit feedback Ø Develop service-level agreements (SLAs) for data usage Ø Plan for DLP Ø Develop cost model Ø Report results to management 10 Copyright © 2020 M. E. Kabay. All rights reserved.
DC Solutions Ø Primarily related to data storage q. Virtualization q. Deduplication q. Cheaper media Ø Features of DC software q. Policy-based data-type discovery q. File metadata classification q. Multiple file system management q. Compliance & legal consideration q. Report style 11 Copyright © 2020 M. E. Kabay. All rights reserved.
12 Copyright © 2020 M. E. Kabay. All rights reserved. http: //searchstorage. techtarget. com/report/Product-Roundup. Data-classification Product Roundup from Search. Storage
Varonis http: //www. varonis. com/products/data-classification-framework. html Professor Kabay has no financial interest in any of the products shown as examples. • 13 Copyright © 2020 M. E. Kabay. All rights reserved.
TITUS http: //www. titus. com/software/message-classification/ Specifically for email control 14 Copyright © 2020 M. E. Kabay. All rights reserved. Professor Kabay has no financial interest in any of the products shown as
Some Useful Videos Ø Data Classification q. Part 1 < http: //www. youtube. com/watch? v=rf. P 56 qua 5 pc > q. Part 2 < http: //www. youtube. com/watch? v=1 -Y 2 Ev. WMh. D 0 > Ø What is Network Data Loss Prevention (Mc. Afee) q< http: //www. youtube. com/watch? v=9 j. LK 5 jyb. Sn. I > Ø TITUS Classification Solutions Overview q< http: //www. youtube. com/watch? v=dsu. H_EA_Nd. Y&feature=pyv > Ø Mc. Afee Data Loss Prevention (DLP) q< http: //www. youtube. com/watch? v=TXYNNSa. Mxs. I > 15 Copyright © 2020 M. E. Kabay. All rights reserved.
DISCUSSION 16 Copyright © 2020 M. E. Kabay. All rights reserved.
- Ksh vs sh
- Csh chicago
- Csh inspections
- Csh
- Nnc
- Chapter 11 school policies and their functions
- Chapter 6 supply demand and government policies
- Chapter 35 developing a business plan
- Chapter 8 training and developing employees
- Chapter 15 developing fraction concepts
- Developing guidance skills chapter 14
- Chapter 35 developing a business plan
- The central instrument for directing and coordinating
- Chapter 17:1 developing job-keeping skills
- Chapter 8 training and development
- Chapter 3 achieving mental and emotional health
- Chapter 7 developing a vast wilderness