Differences

This shows you the differences between two versions of the page.

--- exim4:email_classification [2016/11/25 11:27] – created peter
+++ exim4:email_classification [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 2: / Line 2: @@
 TODO
+identify - sensitive and high-value data
+discover - location and accessibility of sensitive data
+classify - data according to value to the organisation
+secure - employ security controls and protection measures
+monitor - measure and evolve security practices
+===== Identify Data =====
+First, you need to build a strong foundation of knowledge around your data, to understand exactly what you hold and the potential risks to its security.  identifying the types of data that are of greatest importance to the business, so you can pinpoint where you need to focus protection and controls.
+===== Discover =====
+Unknown data makes you vulnerable to attack.
+Cut retention costs, too, by disposing of redundant data
+You need to establish:
+what data you hold
+what is being collected
+what is being created
+where it's stored or located
+why you have it
+how sensitive it is, and
+who is accessing, using or sharing it.
+Data discovery examine file stores and databases, scanning for certain types of information, key words, criteria and classification metadata.
+===== Classify Data =====
+Data needs to be classified according to its importance or sensitivity to ensure data is appropriately controlled.  at the point of creating, editing, sending or saving.
+automate the process, and human input.
+who should have access to each type of data.
+decide how many categories you’ll have.  Aim for three or four such as Confidential, Internal only and Public.  category relating to information that’s subject to regulatory controls – such as EU GDPR, ITAR controlled or HIPAA/HITECH restricted.
+The EU General Data Protection Directive (Directive 95/46/EC) is designed to protect all personal data collected for, or about, citizens of the EU, in particular as it relates to processing, using, or exchanging data.
+The US Health Insurance Portability and Accountability Act (HIPAA) is intended to improve the efficiency of the U.S. health care system by encouraging the widespread use of electronic data.
+===== Secure Data =====
+Data loss prevention (DLP) solutions.  shield the business against intentional and accidental data loss by, for example, blocking employees from uploading a file marked ‘Confidential’ to Dropbox, or stopping a file containing credit card numbers from being emailed to a third party.
+Email gateways which will automatically encrypt any file marked ‘Confidential’.
+Discovery tools – enabling employees to rapidly locate information and understand instantly how it can be used.
+Security incident and event monitoring (SIEM) tools that pick up on potentially risky user behaviour before a breach occurs – flagging up, for example, if someone keeps copying sensitive documents to a storage device.
+Data governance - Who is accessing sensitive information, and who might be violating policy,
+Data retention.  Retention rules can also be set for different classifications.
+===== Email Classification =====
 To classify incoming and outgoing emails.
+Advanced attack defence focusing on the application content
+Allow releasable data to pass from a "high" system to a "low" system.  For example "SECRET" content is always blocked from being released to "lowsystem.com" whilst "PUBLIC" content is allowed.
+Allow safe data to pass from a "low" system to a "high" system
 ATTACHMENT INVENTORY  Append details of attached files (including their classification) to the end of an email - provides an attachment history and maintains awareness of original content, even when printed
 Application of a Microsoft Rights Management Service (RMS) policy or invoke S/MIME encryption and digital signing
+Apply security policy decisions before sensitive data either leaves or enters the organisation.
 AUDITING & REPORTING Records classification events to support audit and management reporting requirements, providing visibility of user behaviour and allowing better targeting of security training and improved understanding of compliance position.
 Automatically encrypt critical data automatically apply S/MIME protection according to the message classification.
+Block messages and attachments containing viruses and dirty words
 CLASSIFICATION ENFORCEMENT Option to require a user to classify each message – automating compliance with data classification and information assurance policies.
@@ Line 35: / Line 106: @@
 Where a message remains undelivered or unread after a set period of time, the message is forwarded onto a mailbox monitored 24 hours a day where action is guaranteed. Intended message recipients are sent a message explaining what has happened to the message.