Implementing Agricultural Conservation Practices: Barriers ...
Top 10 Best Practices for Implementing Data Classification
-
Upload
watchful-software -
Category
Software
-
view
202 -
download
0
Transcript of Top 10 Best Practices for Implementing Data Classification
Help Organizations
Monday, May 1, 2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 2
data is truly sensitive?
should have access to it?
is the data to be handled?
should the classification change?
What
Who
How
When
should the data be protected?
Where
ContentContext
MetadataReal-time
Identification
Automated
Classification
Custom
Tagging
HEADER
Internal Use Only
Printed by Jo
hn
DoeFOOTER
Thor
ough
Logg
ing
Seamless
Protection
Enforced
Blocking &
WarningP
OL
ICY
Glo
bally
Uni
que
Iden
tifie
r78
9EE
AB
1-86
1F-4
8A2-
B96
2-B
C6B
4B67
E32
2
Steve Horst - Regional Sales [email protected]
David Thornbury - Regional Sales [email protected]
Monday, May 1, 2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 4
To See Watchful Software In Action
Agenda
o Who We Are
o What We Do
o How We Do It
o Top 10 Best Practices for Data Classification
1. Determine Project Objectives2. Determine Project Pre-Requisites3. Figure out Solution Options4. Create the Right Policy5. Meet Infrastructure Requirements6. Deploy and Rollout7. Train the Right Personnel8. On-going Support and Maintenance9. On-going Measurement10. Improve Continuously
Who We AreWomen-owned, award-winning, fast-growing and innovative. SPHERE has created a niche for providing analytics, remediating risks and implementing automated solutions for the management of human- and machine- generated data and enterprise assets.
SPHERE solves a variety of technology needs through three robust offerings.
Specialized Professional ServicesStrategic SoftwareCustom Integration
Creating customized solutions using third-party or internally developed software.
What Does SPHERE Do?
DATA
ACCESSSYSTEMS
Compliance
Gove
rnan
ce Security
ASSESS
REMEDIATE
AUTO
MAT
EPLAN
How Does SPHERE Do It?
SPHEREboard
Automation and Visual
Representation
SPHEREengine
Business Intelligence
Direct Access
Third Party Tools
SPHEREcollector
SPHERE Methodology
COLLECTING PROCESSING REPORTING
Assess
Plan
Remediate
Automate
Static
Dynamic
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution Options
4. Create the Right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the Right Personnel
8. On-going Support and Maintenance
10. Improve Continuously
9. On-going Measure-ment
When you look at the Top Ten Best Practices for Data Classification…
you need to think about a process…
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution Options
4. Create the Right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the Right Personnel
8. On-going Support and Maintenance
10. Improve Continuously
9. On-going Measure-ment
What are the steps?
What are the key factors for each?
Lets explore them…
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution options
4. Create the right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the right personnel
8. On-going Support and Maintenance
10. Improve Continuously
9. On-going Measure-ment
• Understand level of risk
• Understand why your data needs to be protected
• Set scope of deployment
1. Determine Project Objectives
Understand what and why you are
protecting
• PCI• HIPAA• SOX
And
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution options
4. Create the right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the right personnel
8. On-going Support and Maintenance
10. Improve Continuously
9. On-going Measure-ment
2. Determine Project Pre-RequisitesEnsure a roll-out team is
created. Typically the team consists of:
System Administrator(s) of
Technical Environment,
SQL, AD, RMS, Desktop Support, Mobile Device
Support, Exchange, SharePoint
IT Infrastructure Project ManagementLegal
Risk Assessment Security
2. Determine Project Pre-Requisites
Identify• Technical Needs • Hardware • Software
…that is needed to deploy the Classification Solution
And Communicate with affected business users in advance
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution Options
4. Create the right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the right personnel
8. On-going Support and Maintenance
10. Improve Continuously
9. On-going Measure-ment
3. Figure out Solution Options
What…is the best set of technical controls to protect data?
• Use a DLP 1.0 tool• Restrict access to all data• Deploy a Dynamic Classification Solution
3. Figure out Solution Options
What…is the best set of technical controls to protect data?
• Restrict access to all data• Use a DLP 1.0 tool• Deploy a dynamic classification solution
A security professional must compare each option and weigh the benefits against the level of risk
identified in the Project Objectives phase
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution options
4. Create the Right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the right personnel
8. On-going Support and Maintenance
10. Improve Continuously
9. On-going Measure-ment
4. Create the Right PolicyClassification
levelsReview your data classification policies and confirm validity
RolesDetermine “Right-to-Know” based on organizational structure, department, job description, etc.
Rules based on:
• Legal and Compliance Regulations• Existing Information Security Policies• Business Unit Requirements• Geographical Requirements/Differentiators• Business Processes• Understanding of Sensitive Data and where it is
stored
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution options
4. Create the right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the right personnel
8. On-going Support and Maintenance
10. Improve Continuously
9. On-going Measure-ment
Ex:
5. Meet Infrastructure Requirements
Program Team must talk to…
…to ensure all is in place
Microsoft Active Directory exists, is healthy, and is being used for user authentication
Microsoft RMS is implemented or available for implementation
Information Technology
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution options
4. Create the right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the right personnel
8. On-going Support and Maintenance
10. Improve Continuously
9. On-going Measure-ment
3. Determine the metrics and methods for measuring the results
6. Deploy and RolloutInitial Roll-Out Action Items
1. Select group(s) that are candidates to be the first users of software
4. Identify users/key stakeholders in the selected groups
2. Define the duration of the initial roll-out period for each group of users
5. Define which policy rules will/will not be activated and applied6. Push client software to end users
Repeat the process for next group(s)
6. Deploy and RolloutInitial Roll-Out Action Items
End User TrainingOverview of the user interface and why policies are being enforced
Review and evaluate results of the deployment and adjust as necessary
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution options
4. Create the right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the Right Personnel
8. On-going Support and Maintenance
10. Improve Continuously
9. On-going Measure-ment
7. Train the Right PersonnelEnd User Administrator Help Desk
Educate on...
1. The policies in place
2. Why the policies are necessary
3. What data needs to be protected (i.e. proprietary vs. regulated)
Educate on…
1. Basics of product architecture
2. Operationpolicy
3. Rules creation and modification
Educate on…1. Providing on-going support
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution options
4. Create the right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the right personnel
8. On-going Support and Maintenance
9. On-going Measure-ment
10. Improve Continuously
8. Facilitate ongoing Support and Maintenance
Continue to…develop policy and
processes for handling policy
violations
Determine teamsresponsible for
support including End-User Support
and Admin Support
Measure…The effectiveness of the support teams
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution options
4. Create the right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the right personnel
8. On-going Support and Maintenance
10. Improve Continuously
9. On-going Measure-ment
How is the program being measured? What KPI’s determine success? How is program effectiveness
communicated across to stakeholders? How does reporting from the classification
solution integrate with other dashboards? How do you facilitate continuous
improvement to the program? How do you manage workflows and policy
violations?
9. Facilitate Ongoing Measurement
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution options
4. Create the right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the right personnel
8. On-going Support and Maintenance
10. Improve Continuously
9. On-going Measure-ment
10. Improve ContinuouslyMeasure… Modify… Implement…
…the effectiveness of the program
…policies to improve the effectiveness of the program
…new policies to enhance security and improve compliance
Is the deployment Use Case protecting data?
Should the policies developed for deployment Use Case be more stringent?
What other data in the enterprise requires protection?
Top Ten Best Practices for Data Classification
1. Determine Project Objectives
2. Determine Project Pre-Requisites
3. Figure out Solution Options
4. Create the Right Policy
5. Meet Infra. Requirement
6. Deploy and Rollout
7. Train the Right Personnel
8. On-going Support and Maintenance
10. Improve Continuously
9. On-going Measure-ment
Presented By:Presented On:
Thank you!
Visit www.sphereco.com for more information.