Efficient Classification: A Big Step Toward Information Assurance in a Federated WorldScott MorinVice President of SalesTitus

Sound Bytes from Yesterday“Information sharing is a source of power”

First Admiral Dato’ Hj Rusli“You have got to deal with the person machine interface”

First Admiral Dato’ Hj Rusli“Moving from Milspec to COTS makes a lot of sense in certain circumstances”

Lt. Colonel Jim Dryburgh

Sound Bytes From Yesterday

“Operate, Innovate, Educate”Air Vice-Marshall John Blackburn

Titus

“Provides COTS applications that enable information sharing and assurance that are easy to use while educating end users on information policy should they inadvertently make a mistake”

Up Next

Demo

Not so fast

“Talk to me about how your industry perspective can contribute to the solution of my problem - don’t talk product!”

Air Vice-Marshall John Blackburn

For Now – Lets talk about

The Volvo Shift

HistoricallyFocused on protecting the payload in the event of an incident (crash)Seatbelts, Strong Steel, Crumple zones

New Focus is on preventing the incidents in the first placeFocus on the Driver (user)

*You should still wear your seat belt

Drivers (Users) Role and Responsibility in Safety (Security)

User Warning System

Warns user when violating policy

Following too close can be dangerousBenefit: Education and Awareness - “Safe Driving Distance”

Risk Management Controls

User can tune policy based on their risk tolerance

Adaptive Cruise Control

Uses Sensors to Detect Threats (other cars)Applies policies based on the situationPolicies: Acceleration, Braking

Other Services

Lane Departure Warning

Collision Avoidance

Won’t make coffee, but will tell you when it is time for one

Technology Helps, Not perfect

Still a role for the driverSomebody (or some dog) could get hurt

Observations

Works great in some environmentsAutobahn in Germany

Does not work everywhere …

Too many WarningsDistractedReduced ProductivitySometimes you have to disable the system

Some Observations

Technology can helpEducateCreate situational awareness

User/Driver still needs to be part of the equation for best results

Need to find the right balance

Information Assurance Model

The Inexperienced

The User Community

19

The Stressed

The Careless

The Disorganized

The Industrious

The Newcomer

The OvercautiousThe Home

Worker

The Partisan The Spy The Lazy

User Awareness and Responsibility

Raise User AwarenessApply Visual MarkingsForce User to Classify and react to policy violationsHelp themRecord Actions

Identify Information Sensitivity

Software is customizable to incorporate required protective markings

Compose email

Click Send

Guided classificatio

n

Classification pop-up

Visual Labels for Awareness

22

Header

Footer

Disclaimer

Subject Marking

Classification Selector in Word

23

Save

Compose

document

Guided classificatio

n

Classification pop-up

Visual Labels for Awareness

24

Header/footer

Not shown:Footer

Watermark

User Awareness Policy Examples

Policy Verifier: Before Send Check Recipients Check Attachments Check Content

All messages are customizable

Keep Internal Information Internal

Forward

External address warning

Internal Only

Check Attached Documents

Attach document

Select labelAttachment

Check

Document label added

Message upgraded

Content Validation – Sensitive Project

Send Anyway can be

disabled

Sensitive content detected

Default label is blank

Click Send

Content Validation – Sensitive Project

Visual markings

added

Change to Internal

Examples of Military Markings

Please Note: Markings within this presentation are for illustration purposes only and do not contain any sensitive data

Assurance =- supported share not need to know

- safe enablement not secure

hindrance

- responsibility not automated security

- accountability not mistrust

- education not enforcement

Critical Success Factors

Interoperability with existing security solutions Centralized administration Fast and easy deployment Verifies policies Validates content

Wiki Leaks – How Labeling helps

Selected WorldWide Defence Customers

34

• United States Army Accessions Command

• Lithuanian MoD• Belgian MoD• ARCENT• SOCCENT• JFCOM• SOUTHCOM• STRATCOM • US Forces Korea• US Veterans Affairs

• Australian Department of Defence• Danish Defence• Albanian Armed Forces• United States Air Force - SIPR• Central Command• United States Marine Corps• United States Navy• Central Air Force (USAF)• Canadian Armed Forces• Finnish Air Force• NATO – NC3A

Thank You!

Scott MorinScott.Morin@Titus.com

www.titus.com