The Inexperienced 19 The Stressed The Careless The Disorganized The Industrious The Newcomer The...
-
Upload
jemima-gibson -
Category
Documents
-
view
257 -
download
6
Transcript of The Inexperienced 19 The Stressed The Careless The Disorganized The Industrious The Newcomer The...
Efficient Classification: A Big Step Toward Information Assurance in a Federated WorldScott MorinVice President of SalesTitus
Sound Bytes from Yesterday“Information sharing is a source of power”
First Admiral Dato’ Hj Rusli“You have got to deal with the person machine interface”
First Admiral Dato’ Hj Rusli“Moving from Milspec to COTS makes a lot of sense in certain circumstances”
Lt. Colonel Jim Dryburgh
Sound Bytes From Yesterday
“Operate, Innovate, Educate”Air Vice-Marshall John Blackburn
Titus
“Provides COTS applications that enable information sharing and assurance that are easy to use while educating end users on information policy should they inadvertently make a mistake”
Up Next
Demo
Not so fast
“Talk to me about how your industry perspective can contribute to the solution of my problem - don’t talk product!”
Air Vice-Marshall John Blackburn
For Now – Lets talk about
The Volvo Shift
HistoricallyFocused on protecting the payload in the event of an incident (crash)Seatbelts, Strong Steel, Crumple zones
New Focus is on preventing the incidents in the first placeFocus on the Driver (user)
*You should still wear your seat belt
Drivers (Users) Role and Responsibility in Safety (Security)
User Warning System
Warns user when violating policy
Following too close can be dangerousBenefit: Education and Awareness - “Safe Driving Distance”
Risk Management Controls
User can tune policy based on their risk tolerance
Adaptive Cruise Control
Uses Sensors to Detect Threats (other cars)Applies policies based on the situationPolicies: Acceleration, Braking
Other Services
Lane Departure Warning
Collision Avoidance
Won’t make coffee, but will tell you when it is time for one
Technology Helps, Not perfect
Still a role for the driverSomebody (or some dog) could get hurt
Observations
Works great in some environmentsAutobahn in Germany
Does not work everywhere …
Too many WarningsDistractedReduced ProductivitySometimes you have to disable the system
Some Observations
Technology can helpEducateCreate situational awareness
User/Driver still needs to be part of the equation for best results
Need to find the right balance
Information Assurance Model
The Inexperienced
The User Community
19
The Stressed
The Careless
The Disorganized
The Industrious
The Newcomer
The OvercautiousThe Home
Worker
The Partisan The Spy The Lazy
User Awareness and Responsibility
Raise User AwarenessApply Visual MarkingsForce User to Classify and react to policy violationsHelp themRecord Actions
Identify Information Sensitivity
Software is customizable to incorporate required protective markings
Compose email
Click Send
Guided classificatio
n
Classification pop-up
Visual Labels for Awareness
22
Header
Footer
Disclaimer
Subject Marking
Classification Selector in Word
23
Save
Compose
document
Guided classificatio
n
Classification pop-up
Visual Labels for Awareness
24
Header/footer
Not shown:Footer
Watermark
User Awareness Policy Examples
Policy Verifier: Before Send Check Recipients Check Attachments Check Content
All messages are customizable
Keep Internal Information Internal
Forward
External address warning
Internal Only
Check Attached Documents
Attach document
Select labelAttachment
Check
Document label added
Message upgraded
Content Validation – Sensitive Project
Send Anyway can be
disabled
Sensitive content detected
Default label is blank
Click Send
Content Validation – Sensitive Project
Visual markings
added
Change to Internal
Examples of Military Markings
Please Note: Markings within this presentation are for illustration purposes only and do not contain any sensitive data
Assurance =- supported share not need to know
- safe enablement not secure
hindrance
- responsibility not automated security
- accountability not mistrust
- education not enforcement
Critical Success Factors
Interoperability with existing security solutions Centralized administration Fast and easy deployment Verifies policies Validates content
Wiki Leaks – How Labeling helps
Selected WorldWide Defence Customers
34
• United States Army Accessions Command
• Lithuanian MoD• Belgian MoD• ARCENT• SOCCENT• JFCOM• SOUTHCOM• STRATCOM • US Forces Korea• US Veterans Affairs
• Australian Department of Defence• Danish Defence• Albanian Armed Forces• United States Air Force - SIPR• Central Command• United States Marine Corps• United States Navy• Central Air Force (USAF)• Canadian Armed Forces• Finnish Air Force• NATO – NC3A