SlideShare une entreprise Scribd logo

Securing Business-Information from Microsoft -Presented by Atidan

Télécharger en tant que DOCX, PDF
David J Rosenthal
David J Rosenthal
Technologie
1  sur  9
Work Smart Securing Business Information Overview All forms of information, including ideas and concepts, have potential business value. Whether you are exchanging emails, sharing documents, or having a phone conversation, it is your responsibility to help protect confidential information from any unauthorized disclosure. This Work Smart Guide provides an overview on how to properly classify business information and understand the technology solutions used to help protect your information before you transmit, share, store, or destroy it. Recommended reading This Work Smart Guide provides the foundational knowledge for securing your data. Other guides are available to teach you how to help protect your information. For detailed step- by-step guidance, review the documents listed under the Work Smart link in the For More Information section of this guide. Topics in this guide include: Classifying your information Protecting your information Classification and data dissemination guidelines Decision tree: Securing your information Recommended security practices For more information
Powered by Instant.ly 2 | Securing Business Information Overview Classifying your information Determining information classification At Microsoft, all forms of information, including ideas and concepts, have potential business value. Whether you are exchanging emails, sharing documents, or having a phone conversation, it is your responsibility to help protect confidential information from any unauthorized disclosure. This Work Smart Guide details how to properly classify business information and understand the technology solutions used to help protect your information before you transmit, share, store, or destroy it. Information is classified into three areas:HighBusinessImpact(HBI), ModerateBusinessImpact(MBI),andLowBusinessImpact (LBI). Table 1: Information Classification HBI High Business Impact HBI applies to any information including emails, documents, messages and phone conversations that, if disclosed without authorization, could result in immediate, direct or considerable impact to Microsoft, the information owner and customers. HBI information should only be shared with those on a “need-to-know” basis. HBI includes Highly Sensitive Personally Identifiable Information (HSPII). MBI Medium Business Impact MBI applies to information that, if disclosed, could cause indirect, limited impact to Microsoft, the asset’s owner and valued customers. MBI information should only be accessible to those people who have a legitimate business need to view the information. MBI includes Personally Identifiable Information (PII). LBI Low Business Impact LBI classification applies to information assets that, if disclosed without authorization, could cause limited, or no material loss to Microsoft, the asset owner, or relying parties. Important:Youare responsible for classifying your information accurately. Therefore, in the following sections, be aware that the examples of HBI, MBI, and LBI data could have more restrictive classification levels, depending on how sensitive a specific asset’s owner deems the content.
Powered by Instant.ly 3 | Securing Business Information Overview How to classify your information Below is table of guidelines that you may use to determine your data's classification level. Data includes the following info: HBI MBI LBI Email Address X Social Security Number X Documents regarding process or procedure X Private cryptographic keys X Username and Passwords X Publicly accessible information X Company trade secrets X Financial information related to revenue generation X List of Phone Numbers X Employee Zip Codes X Numeric ID sequences / PINs X Note: • Use the most restrictive classification if data falls into more than one classification level or if you are unsure of its classification. • Treat information as HBI if it does not have a classification, but is marked or “confidential.” Important: • It is your responsibility to understand the business value of your information and to apply the correct classification and protection. • Remove HBI or MBI information from your computer before retiring it or sending it offsite for repairs. • Remember to check your company policies as their classification levels may vary from the examples provided in the table above.
Powered by Instant.ly 4 | Securing Business Information Overview Protecting your information Now that you know how to classify your information, you will learn what tools are available to ensure that your data is protected when it is sent, shared, stored, backed up, or deleted. There are four main technologies which Microsoft uses to help protect information. These services include: Information Rights Management (IRM) - an Office feature of Rights Management Services (RMS), Secure/Multipurpose Internet Mail Extensions (S/MIME), BitLocker Drive Encryption, and Encrypted File System (EFS). Thankfully, these tools are simple to use. A few clicks within Office, Outlook, or SharePoint and you can protect your data according to the appropriate classification. Listed below are the definitions of each technology and the data it protects. For more information about each solution, click the named hyperlink. IRM Enables you to apply specific access permissions to documents, workbooks, and presentations to prevent unauthorized forwarding, printing, or copying; and to set expiration dates after which files no longer are available. S/MIMEEnables you to encrypt and/or digitally sign your email messages. Encrypting your messages converts data with a cipher text so that only people who you specify can read it. Digitally signing an email message helps ensure that no tampering occurs while your message and its attachments are in transit. BitLocker BitLocker Drive Encryption protects data on your computer by preventing unauthorized access to the hard disk drive or removable media by applying full disk encryption. EFS If your computer is not BitLocker compatible, EFS can encrypt your files and folders by using a certificate that Microsoft issues after you join your computer to the corporate domain. EFS requires that other people enter the appropriate decryption key before they can access the encrypted content. EFS is not a recommended protection method for Microsoft hard drives. The following table provides guidelines on which preferred technology that you should use to encrypt HBI or MBI information that you will transmit, share, or store on your computer: Table 3: Protecting your information Data includes the following info: IRM S/MIME EFS BitLocker Transmit with internal email Preferred solution Acceptable solution N/A N/A Transmit with external email Works only with other federated RMS organizations Preferred solution N/A N/A Share by using SharePoint Online (for tenant administrators and not site owners or users.) Preferred solution N/A N/A N/A Storing on computer Acceptable solution with BitLocker N/A Acceptable with BitLocker Required solution Storing on computer (Vista or older OS) Preferred solution N/A Acceptable solution Storing on removable mediaBitLocker to Go Acceptable solution N/A Acceptable solution Preferred solution
Powered by Instant.ly 5 | Securing Business Information Overview Classification and data dissemination guidelines The following tables provide guidelines for how you should send, share, store, back up, and dispose of information, depending on its classification: Table 4. Classification and data dissemination guidelines Subject HBI MBI LBI Send data (via file transfer or email) Requires asset owner approval to forward, export, or copy. Requires encryption for internal and external delivery. Requires encryption with S/MIME or IRM for email. Requires encryption for transfer outside of organization. Requires encryption with S/MIME for email sent outside the corporate network. No special requirements. Share (via O365 SharePoint Online) Use IRM to restrict forwarding, copying, and printing. Restrict permissions to those identified by asset owner. Requires formal agreement, which legal approves, for third parties, such as business partners. Restricts permissions to those with legitimate business needs only. Requires formal agreement, which legal approves, for third parties, such as business partners. No special requirements. Store (server, PC, CD, USB) Requires encryption (BitLocker). Allows storage on handheld devices only if device supports strong encryption and authentication security controls. May require encryption (as determined by the asset owner). No special requirements. Back up Performed only by authorized personnel and stored only at a location approved by IT Security. Encrypt storage media. Store in a physically secure location in which backups are logged and access is controlled and monitored. No special requirements. Dispose of Cross-shred or incinerate paper documents. Destroy tapes and other magnetic media. Request that hard disk drives be destroyed . Follow your organization policies for the appropriate disposal of retired hardware and media. Cross-shred or incinerate paper documents. Destroy tapes and other magnetic media. Remove data on hard disks that you plan to reuse or retire. Destroy inoperable hard disk drives. No special requirements.
Powered by Instant.ly 6 | Securing Business Information Overview Decision tree: Securing your data The decision tree below will help you understand the multiple considerations for sharing any company information. The graphic includes the best solution to help protect your information and the platform that should be used to share the information. Figure 1: HBI decision tree Figure 2: MBI decision tree
Powered by Instant.ly 7 | Securing Business Information Overview Figure 1: LBI decision tree
Powered by Instant.ly 8 | Securing Business Information Overview Recommended security practices Use the Microsoft Office System Document Inspector If you plan to share an electronic copy of a Microsoft Word document with clients or colleagues, it is a good idea to review the document for hidden data or personal information that might be stored in the document itself or in the document properties (metadata). Document Inspector is a built-in tool that can be used to scan your data before sharing it with others. For more information on how to use Document Inspector, see: Remove hidden data and personal information by inspecting documents. Guard confidential information Do not discuss confidential information in public places. Beware of multiple network connections Never concurrently connect your computer to your companies corporate network and the Internet, or any other network that your company does not manage. This compromises your company's network security. Review list of group recipients Think globally before posting any content. Before you send or reply to email, post to Yammer, One Drive, or any another social website, or post data to SharePoint, make sure that the information is appropriate for disclosure to everyone who has access to the email or website. Use Outlook Web Access Use Outlook Web Access (OWA) to check your email from your home computer. Be careful if you access corporate resources by using kiosks and other public locations, even though OWA, as key strokes may be monitored if the public network does not have the correct configuration. Do not leave documents or presentations unattended Remove all documents after meetings, and erase whiteboards. Beware of posting on walls or bulletin boards If your document is HBI, do not post it on hallway walls or bulletin boards.
Powered by Instant.ly 9 | Securing Business Information Overview For more information Work Smart Guides On the Work Smart productivity guides page,search for the following titles: http://technet.microsoft.com/en-us/library/bb687781.aspx. Securing your business information Secure collaboration using SharePoint Online Securing your computer Protecting data with Windows 8 BitLocker Information Rights Management (IRM) http://technet.microsoft.com/en-us/library/cc179103.aspx Introduction to IRM for email messages http://office.microsoft.com/en-us/outlook-help/introduction-to-irm-for- email-messages-HA102749366.aspx Secure/Multipurpose Internet Mail Extensions (S/MIME) http://technet.microsoft.com/en-us/library/jj891023.aspx BitLocker http://technet.microsoft.com/en-us/library/hh831713.aspx Encrypted File System (EFS) http://technet.microsoft.com/en-us/library/bb457116.aspx Video: Getting Started with Encrypting File System in Windows 7 http://technet.microsoft.com/en-us/windows/how-do-i-get-started-with- the-encrypting-file-system-in-windows-7.aspx International Data Protection Standards http://download.microsoft.com/download/B/8/2/B8282D75-433C-4B7E- B0A0-FFA413E20060/international_privacy_standards.pdf Modern IT Experience featuring IT Showcase http://microsoft.com/microsoft-IT This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. © 2013 Microsoft Corporation. All rights reserved. More Work Smart content: http://technet.microsoft.com/en-us/library/bb687781.aspx

Recommandé

Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodataSteph Cliche
 
GDPR compliance with Varonis
GDPR compliance with VaronisGDPR compliance with Varonis
GDPR compliance with VaronisAngad Dayal
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trustlmgangi
 
Microsoft Rights Management
Microsoft Rights ManagementMicrosoft Rights Management
Microsoft Rights ManagementPeter1020
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftDavid J Rosenthal
 
The Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving ComplianceThe Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving CompliancePortalGuard
 
Handling PII and sensitive content in SAP BusinessObjects
Handling PII and sensitive content in SAP BusinessObjects Handling PII and sensitive content in SAP BusinessObjects
Handling PII and sensitive content in SAP BusinessObjects Wiiisdom
 

Recommandé

Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodataSteph Cliche
 
GDPR compliance with Varonis
GDPR compliance with VaronisGDPR compliance with Varonis
GDPR compliance with VaronisAngad Dayal
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trustlmgangi
 
Microsoft Rights Management
Microsoft Rights ManagementMicrosoft Rights Management
Microsoft Rights ManagementPeter1020
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftDavid J Rosenthal
 
The Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving ComplianceThe Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving CompliancePortalGuard
 
Handling PII and sensitive content in SAP BusinessObjects
Handling PII and sensitive content in SAP BusinessObjects Handling PII and sensitive content in SAP BusinessObjects
Handling PII and sensitive content in SAP BusinessObjects Wiiisdom
 
eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!J. David Morris
 
Datasheet top reasons
Datasheet top reasonsDatasheet top reasons
Datasheet top reasonsJos Reterink
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights ManagementRahul Neel Mani
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copySandra (Sandy) Dunn
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the CloudIESL - The Institution of Engineers, Sri Lanka
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record managementGreenLeafInst
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
The Data Privacy Imperative
The Data Privacy ImperativeThe Data Privacy Imperative
The Data Privacy Imperativebutest
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacySolix Technologies, Inc
 
Beyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditBeyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditOmo Osagiede
 
Online Focus Groups Privacy and Security Considerations
Online Focus Groups Privacy and Security ConsiderationsOnline Focus Groups Privacy and Security Considerations
Online Focus Groups Privacy and Security ConsiderationsAlfonso Sintjago
 
What is IRM? bright talk
What is IRM? bright talkWhat is IRM? bright talk
What is IRM? bright talkritupande
 
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Morgan
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Data Protection: Process Information
Data Protection: Process InformationData Protection: Process Information
Data Protection: Process InformationCristina Villavicencio
 
Seclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder WalkthroughSeclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder Walkthroughsiddarthc
 
Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010madamseane
 
Data Lost Prevention (DLP).pdf
Data Lost Prevention (DLP).pdfData Lost Prevention (DLP).pdf
Data Lost Prevention (DLP).pdfAgusto Sipahutar
 
The Financial Balance Sheet Part I This slidesh.docx
The Financial Balance Sheet Part I This slidesh.docxThe Financial Balance Sheet Part I This slidesh.docx
The Financial Balance Sheet Part I This slidesh.docxarnoldmeredith47041
 

Contenu connexe

Tendances

eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!J. David Morris
 
Datasheet top reasons
Datasheet top reasonsDatasheet top reasons
Datasheet top reasonsJos Reterink
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights ManagementRahul Neel Mani
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copySandra (Sandy) Dunn
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record managementGreenLeafInst
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
The Data Privacy Imperative
The Data Privacy ImperativeThe Data Privacy Imperative
The Data Privacy Imperativebutest
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacySolix Technologies, Inc
 
Beyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditBeyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditOmo Osagiede
 
Online Focus Groups Privacy and Security Considerations
Online Focus Groups Privacy and Security ConsiderationsOnline Focus Groups Privacy and Security Considerations
Online Focus Groups Privacy and Security ConsiderationsAlfonso Sintjago
 
What is IRM? bright talk
What is IRM? bright talkWhat is IRM? bright talk
What is IRM? bright talkritupande
 
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Morgan
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Seclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder WalkthroughSeclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder Walkthroughsiddarthc
 
Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010madamseane
 

Tendances (20)

eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!
 
Datasheet top reasons
Datasheet top reasonsDatasheet top reasons
Datasheet top reasons
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights Management
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copy
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the Cloud
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record management
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of Record
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?
 
The Data Privacy Imperative
The Data Privacy ImperativeThe Data Privacy Imperative
The Data Privacy Imperative
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacy
 
Beyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditBeyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal Audit
 
Online Focus Groups Privacy and Security Considerations
Online Focus Groups Privacy and Security ConsiderationsOnline Focus Groups Privacy and Security Considerations
Online Focus Groups Privacy and Security Considerations
 
What is IRM? bright talk
What is IRM? bright talkWhat is IRM? bright talk
What is IRM? bright talk
 
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Data Protection: Process Information
Data Protection: Process InformationData Protection: Process Information
Data Protection: Process Information
 
Seclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder WalkthroughSeclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder Walkthrough
 
Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010
 

Similaire à Securing Business-Information from Microsoft -Presented by Atidan

Data Lost Prevention (DLP).pdf
Data Lost Prevention (DLP).pdfData Lost Prevention (DLP).pdf
Data Lost Prevention (DLP).pdfAgusto Sipahutar
 
The Financial Balance Sheet Part I This slidesh.docx
The Financial Balance Sheet Part I This slidesh.docxThe Financial Balance Sheet Part I This slidesh.docx
The Financial Balance Sheet Part I This slidesh.docxarnoldmeredith47041
 
Share point encryption
Share point encryptionShare point encryption
Share point encryptioncsmith2009
 
Trusted information protection
Trusted information protection Trusted information protection
Trusted information protection Pablo Junco
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionGianmarco Ferri
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 
Global Security and Compliance Community conference 2021
Global Security and Compliance Community conference 2021Global Security and Compliance Community conference 2021
Global Security and Compliance Community conference 2021Albert Hoitingh
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYODFernando Palma
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!Caroline Johnson
 
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsFredBrandonAuthorMCP
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss PreventionGary Bahadur
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseTechSoup
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxV2Infotech1
 
Gdpr questions for compliance difficulties
Gdpr questions for compliance difficultiesGdpr questions for compliance difficulties
Gdpr questions for compliance difficultiesSteven Meister
 

Similaire à Securing Business-Information from Microsoft -Presented by Atidan (20)

Data Lost Prevention (DLP).pdf
Data Lost Prevention (DLP).pdfData Lost Prevention (DLP).pdf
Data Lost Prevention (DLP).pdf
 
The Financial Balance Sheet Part I This slidesh.docx
The Financial Balance Sheet Part I This slidesh.docxThe Financial Balance Sheet Part I This slidesh.docx
The Financial Balance Sheet Part I This slidesh.docx
 
Term assignment
Term assignmentTerm assignment
Term assignment
 
Is It Possible to Prevent Data Leaks in an Effective Manner.pdf
Is It Possible to Prevent Data Leaks in an Effective Manner.pdfIs It Possible to Prevent Data Leaks in an Effective Manner.pdf
Is It Possible to Prevent Data Leaks in an Effective Manner.pdf
 
Share point encryption
Share point encryptionShare point encryption
Share point encryption
 
Siem requirement.pdfsd
Siem requirement.pdfsdSiem requirement.pdfsd
Siem requirement.pdfsd
 
Trusted information protection
Trusted information protection Trusted information protection
Trusted information protection
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdata
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtection
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
 
Global Security and Compliance Community conference 2021
Global Security and Compliance Community conference 2021Global Security and Compliance Community conference 2021
Global Security and Compliance Community conference 2021
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYOD
 
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!
 
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance Solutions
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and Use
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
 
Gdpr questions for compliance difficulties
Gdpr questions for compliance difficultiesGdpr questions for compliance difficulties
Gdpr questions for compliance difficulties
 

Plus de David J Rosenthal

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleDavid J Rosenthal
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021David J Rosenthal
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021David J Rosenthal
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from MicrosoftDavid J Rosenthal
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainDavid J Rosenthal
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldDavid J Rosenthal
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the EnterpriseDavid J Rosenthal
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantDavid J Rosenthal
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021David J Rosenthal
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureDavid J Rosenthal
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active DirectoryDavid J Rosenthal
 

Plus de David J Rosenthal (20)

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made Simple
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from Microsoft
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva Introduction
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva Learning
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva Topics
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid World
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital Assistant
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow Overview
 
Microsoft Power BI Overview
Microsoft Power BI OverviewMicrosoft Power BI Overview
Microsoft Power BI Overview
 

Dernier

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Dernier (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Securing Business-Information from Microsoft -Presented by Atidan

  • 1. Work Smart Securing Business Information Overview All forms of information, including ideas and concepts, have potential business value. Whether you are exchanging emails, sharing documents, or having a phone conversation, it is your responsibility to help protect confidential information from any unauthorized disclosure. This Work Smart Guide provides an overview on how to properly classify business information and understand the technology solutions used to help protect your information before you transmit, share, store, or destroy it. Recommended reading This Work Smart Guide provides the foundational knowledge for securing your data. Other guides are available to teach you how to help protect your information. For detailed step- by-step guidance, review the documents listed under the Work Smart link in the For More Information section of this guide. Topics in this guide include: Classifying your information Protecting your information Classification and data dissemination guidelines Decision tree: Securing your information Recommended security practices For more information
  • 2. Powered by Instant.ly 2 | Securing Business Information Overview Classifying your information Determining information classification At Microsoft, all forms of information, including ideas and concepts, have potential business value. Whether you are exchanging emails, sharing documents, or having a phone conversation, it is your responsibility to help protect confidential information from any unauthorized disclosure. This Work Smart Guide details how to properly classify business information and understand the technology solutions used to help protect your information before you transmit, share, store, or destroy it. Information is classified into three areas:HighBusinessImpact(HBI), ModerateBusinessImpact(MBI),andLowBusinessImpact (LBI). Table 1: Information Classification HBI High Business Impact HBI applies to any information including emails, documents, messages and phone conversations that, if disclosed without authorization, could result in immediate, direct or considerable impact to Microsoft, the information owner and customers. HBI information should only be shared with those on a “need-to-know” basis. HBI includes Highly Sensitive Personally Identifiable Information (HSPII). MBI Medium Business Impact MBI applies to information that, if disclosed, could cause indirect, limited impact to Microsoft, the asset’s owner and valued customers. MBI information should only be accessible to those people who have a legitimate business need to view the information. MBI includes Personally Identifiable Information (PII). LBI Low Business Impact LBI classification applies to information assets that, if disclosed without authorization, could cause limited, or no material loss to Microsoft, the asset owner, or relying parties. Important:Youare responsible for classifying your information accurately. Therefore, in the following sections, be aware that the examples of HBI, MBI, and LBI data could have more restrictive classification levels, depending on how sensitive a specific asset’s owner deems the content.
  • 3. Powered by Instant.ly 3 | Securing Business Information Overview How to classify your information Below is table of guidelines that you may use to determine your data's classification level. Data includes the following info: HBI MBI LBI Email Address X Social Security Number X Documents regarding process or procedure X Private cryptographic keys X Username and Passwords X Publicly accessible information X Company trade secrets X Financial information related to revenue generation X List of Phone Numbers X Employee Zip Codes X Numeric ID sequences / PINs X Note: • Use the most restrictive classification if data falls into more than one classification level or if you are unsure of its classification. • Treat information as HBI if it does not have a classification, but is marked or “confidential.” Important: • It is your responsibility to understand the business value of your information and to apply the correct classification and protection. • Remove HBI or MBI information from your computer before retiring it or sending it offsite for repairs. • Remember to check your company policies as their classification levels may vary from the examples provided in the table above.
  • 4. Powered by Instant.ly 4 | Securing Business Information Overview Protecting your information Now that you know how to classify your information, you will learn what tools are available to ensure that your data is protected when it is sent, shared, stored, backed up, or deleted. There are four main technologies which Microsoft uses to help protect information. These services include: Information Rights Management (IRM) - an Office feature of Rights Management Services (RMS), Secure/Multipurpose Internet Mail Extensions (S/MIME), BitLocker Drive Encryption, and Encrypted File System (EFS). Thankfully, these tools are simple to use. A few clicks within Office, Outlook, or SharePoint and you can protect your data according to the appropriate classification. Listed below are the definitions of each technology and the data it protects. For more information about each solution, click the named hyperlink. IRM Enables you to apply specific access permissions to documents, workbooks, and presentations to prevent unauthorized forwarding, printing, or copying; and to set expiration dates after which files no longer are available. S/MIMEEnables you to encrypt and/or digitally sign your email messages. Encrypting your messages converts data with a cipher text so that only people who you specify can read it. Digitally signing an email message helps ensure that no tampering occurs while your message and its attachments are in transit. BitLocker BitLocker Drive Encryption protects data on your computer by preventing unauthorized access to the hard disk drive or removable media by applying full disk encryption. EFS If your computer is not BitLocker compatible, EFS can encrypt your files and folders by using a certificate that Microsoft issues after you join your computer to the corporate domain. EFS requires that other people enter the appropriate decryption key before they can access the encrypted content. EFS is not a recommended protection method for Microsoft hard drives. The following table provides guidelines on which preferred technology that you should use to encrypt HBI or MBI information that you will transmit, share, or store on your computer: Table 3: Protecting your information Data includes the following info: IRM S/MIME EFS BitLocker Transmit with internal email Preferred solution Acceptable solution N/A N/A Transmit with external email Works only with other federated RMS organizations Preferred solution N/A N/A Share by using SharePoint Online (for tenant administrators and not site owners or users.) Preferred solution N/A N/A N/A Storing on computer Acceptable solution with BitLocker N/A Acceptable with BitLocker Required solution Storing on computer (Vista or older OS) Preferred solution N/A Acceptable solution Storing on removable mediaBitLocker to Go Acceptable solution N/A Acceptable solution Preferred solution
  • 5. Powered by Instant.ly 5 | Securing Business Information Overview Classification and data dissemination guidelines The following tables provide guidelines for how you should send, share, store, back up, and dispose of information, depending on its classification: Table 4. Classification and data dissemination guidelines Subject HBI MBI LBI Send data (via file transfer or email) Requires asset owner approval to forward, export, or copy. Requires encryption for internal and external delivery. Requires encryption with S/MIME or IRM for email. Requires encryption for transfer outside of organization. Requires encryption with S/MIME for email sent outside the corporate network. No special requirements. Share (via O365 SharePoint Online) Use IRM to restrict forwarding, copying, and printing. Restrict permissions to those identified by asset owner. Requires formal agreement, which legal approves, for third parties, such as business partners. Restricts permissions to those with legitimate business needs only. Requires formal agreement, which legal approves, for third parties, such as business partners. No special requirements. Store (server, PC, CD, USB) Requires encryption (BitLocker). Allows storage on handheld devices only if device supports strong encryption and authentication security controls. May require encryption (as determined by the asset owner). No special requirements. Back up Performed only by authorized personnel and stored only at a location approved by IT Security. Encrypt storage media. Store in a physically secure location in which backups are logged and access is controlled and monitored. No special requirements. Dispose of Cross-shred or incinerate paper documents. Destroy tapes and other magnetic media. Request that hard disk drives be destroyed . Follow your organization policies for the appropriate disposal of retired hardware and media. Cross-shred or incinerate paper documents. Destroy tapes and other magnetic media. Remove data on hard disks that you plan to reuse or retire. Destroy inoperable hard disk drives. No special requirements.
  • 6. Powered by Instant.ly 6 | Securing Business Information Overview Decision tree: Securing your data The decision tree below will help you understand the multiple considerations for sharing any company information. The graphic includes the best solution to help protect your information and the platform that should be used to share the information. Figure 1: HBI decision tree Figure 2: MBI decision tree
  • 7. Powered by Instant.ly 7 | Securing Business Information Overview Figure 1: LBI decision tree
  • 8. Powered by Instant.ly 8 | Securing Business Information Overview Recommended security practices Use the Microsoft Office System Document Inspector If you plan to share an electronic copy of a Microsoft Word document with clients or colleagues, it is a good idea to review the document for hidden data or personal information that might be stored in the document itself or in the document properties (metadata). Document Inspector is a built-in tool that can be used to scan your data before sharing it with others. For more information on how to use Document Inspector, see: Remove hidden data and personal information by inspecting documents. Guard confidential information Do not discuss confidential information in public places. Beware of multiple network connections Never concurrently connect your computer to your companies corporate network and the Internet, or any other network that your company does not manage. This compromises your company's network security. Review list of group recipients Think globally before posting any content. Before you send or reply to email, post to Yammer, One Drive, or any another social website, or post data to SharePoint, make sure that the information is appropriate for disclosure to everyone who has access to the email or website. Use Outlook Web Access Use Outlook Web Access (OWA) to check your email from your home computer. Be careful if you access corporate resources by using kiosks and other public locations, even though OWA, as key strokes may be monitored if the public network does not have the correct configuration. Do not leave documents or presentations unattended Remove all documents after meetings, and erase whiteboards. Beware of posting on walls or bulletin boards If your document is HBI, do not post it on hallway walls or bulletin boards.
  • 9. Powered by Instant.ly 9 | Securing Business Information Overview For more information Work Smart Guides On the Work Smart productivity guides page,search for the following titles: http://technet.microsoft.com/en-us/library/bb687781.aspx. Securing your business information Secure collaboration using SharePoint Online Securing your computer Protecting data with Windows 8 BitLocker Information Rights Management (IRM) http://technet.microsoft.com/en-us/library/cc179103.aspx Introduction to IRM for email messages http://office.microsoft.com/en-us/outlook-help/introduction-to-irm-for- email-messages-HA102749366.aspx Secure/Multipurpose Internet Mail Extensions (S/MIME) http://technet.microsoft.com/en-us/library/jj891023.aspx BitLocker http://technet.microsoft.com/en-us/library/hh831713.aspx Encrypted File System (EFS) http://technet.microsoft.com/en-us/library/bb457116.aspx Video: Getting Started with Encrypting File System in Windows 7 http://technet.microsoft.com/en-us/windows/how-do-i-get-started-with- the-encrypting-file-system-in-windows-7.aspx International Data Protection Standards http://download.microsoft.com/download/B/8/2/B8282D75-433C-4B7E- B0A0-FFA413E20060/international_privacy_standards.pdf Modern IT Experience featuring IT Showcase http://microsoft.com/microsoft-IT This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. © 2013 Microsoft Corporation. All rights reserved. More Work Smart content: http://technet.microsoft.com/en-us/library/bb687781.aspx