Embed Size (px)
Citation preview
Information Assurance in a Military Environment
Carlos GonzalezRegional Sales Manager Latin AmericaTitus
Message Classification
Document Classification
SharePoint Solutions
Server 2008 R2 FCI
Its all about Classification…
Sample Customer Snapshot
Government
• US Dept of Energy• US Dept of Veterans Affairs• US Department of Commerce• NASA• 30+ Australian Federal Depts.• Bank of Canada• Government of Scotland• Serious Organized Crime
Agency• 15+ UK Police Forces• Defence Science and Tech.• UK Nuclear
Decommissioning Office• U.S. Department of
Transportation• U.S. Department of Sate
Military• Canada DND• NATO • Danish Defense• U.S. Air Force• Australian Department of
Defence • U.S Army Accessions
Command• U.S. CENTCOM, SOUTHCOM,
STRATCOM• U.S. Forces Japan• U.S. Navy• Albanian Armed Forces• Lithuanian MoD• Belgian MoD• USMC Combat Operations• U.S. Army Central Command
Commercial
• G4S Bulgaria• Paternoster• Dow Corning• Bechtel• DRS Technologies• AT&T• Comma Oil & Chemicals• Fujitsu Services• Hitachi• International Monetary Fund• BAE Systems• Honeywell• Northrop Grumman• Pratt & Whitney• Mazda• Pharma Suisse• Amerigroup
Titus….Focus on the User
• Add value to data and create end user awareness
Identify Content
• Automate encryption based on labels
Enforce Policy
• Warn users and prevent information flow to the wrong people
Prevent Data Loss
It All Starts with Protective Marking
Forces users to stop and think about the value of dataHelps inform risk-management based decisionsPromotes secure information sharing
PROTECTIVELY MARKED
INTERNAL USE ONLY
RESTRICTED
Why the User?
AwarenessAccountabilityComplianceMetadata
Educate the User
Information Assurance Model
The Inexperienced
Awareness and Accountability
The Stressed
The Careless
The Disorganized
The Industrious
The Newcomer
The OvercautiousThe Home
Worker
The Partisan The Spy The Lazy
ComplianceEU Data Protection DirectiveUK Data Protection ActUK Global Protective Marking StandardAustralia E- Protective Marking StandardUS Federal CUI DirectiveMalaysia’s Personal Data Protection BillGlobal Data Breach Notification Laws
Identify Information Sensitivity
Software is customizable to incorporate required protective markings
Compose email
Click Send
Guided classificatio
n
Classification pop-up
Visual Labels for Awareness
Header
Footer
Disclaimer
Subject Marking
Classification Selector in Word
Save
Compose
document
Guided classificatio
n
Classification pop-up
Visual Labels for Awareness
Header/footer
Not shown:Footer
Watermark
User Awareness Policy Examples
Policy Verifier: Before Send Check Recipients Check
Attachments Check Content
All messages are customizable
Keep Internal Information Internal
Forward
External address warning
Internal Only
Check Attached Documents
Attach document
Select labelAttachment
Check
Document label added
Message upgraded
Content Validation – Sensitive Project
Send Anyway can be disabled
Sensitive content detected
Default label is blank
Click Send
Content Validation – Sensitive Project
Visual markings added
Change to Internal
Desktop Classification and SharePoint
Do My Users Always Have to Mark?
We think a quick speed bump is not a bad thingBut the answer is ‘It depends’ or ‘not necessarily’
You can turn off marking and just enable Titus Policies and/or Content Validation (Pratt and Whitney)You can create a default classification that can be changed with ‘One Click Protection’ (Large Financial Institution)
Prevent Inadvertent Disclosure
Click Send
Export Warning
Send Anyway allowed in this case because this is an awareness policy only
New! One Click ClassificationOutlook 2003
Information Assurance
supported share not need to know
safe enablement not secure
hindrance
responsibility not automated security
accountability not mistrust
education not enforcement
Critical Success FactorsInteroperability with existing security solutions/legacy and future environmentCentralized administrationFast and easy deploymentPolicy VerificationContent Validation
