Monday, February 16, 2009
Monday, February 09, 2009
FAA gets unvanted visitors into their computer systems last week according to a union leader, accessing names and national identification numbers of 45,000 employees and retirees, View article...
Wednesday, February 04, 2009
Microsoft and EMC announces a continuance of their partnership, and Ballmer is talking about the DLP collaboration between RSA and Microsoft in this article: http://news.cnet.com/8301-10805_3-10156015-75.html?tag=newsLeadStoriesArea.1
Tuesday, February 03, 2009
Search, SharePoint, tagging of sites and documents for classification purposes
How would you improve the security of SharePoint. One would be to classify sites and tag classified documents. The problem is the static nature of a search. A DLP pattern or fingerprint, is really nothing else than a search. It is more specialized than a search conducted by a user, however it is still search using regular expressions and fingerprints in addition to keywords etc.
How can search be improved for security purposes? I believe it is best done by placing more enabling tools in the hands of users. What is needed is improved feedback loops and a better understanding of the users of the system. In other words, can SharePoint security be improved upon by using the playbook from the semantic web movement? I believe it can.
Here is how I envision it to work. The SharePoint sites are scanned for sensitive information using rules and patterns that has a high accuracy rate, and tag/classify the matching documents found. This result set should then be visible to the users who has access to the site, whether it is directly when visiting the site, or when the site is shown in a search result.
Because documents of the same type tends to be clustered, the users of the site should be asked about the sensitivity of the documents not yet tagged on the site. According to research done at Microsoft users with similar interests tended to rank their search results similarly. The assumption I would make, is that high frequency users of a specific SharePoint site would classify the documents the same. If these users are then also asked to supply more information about these documents than just the classification level, you can start creating richness in the tagging such as type of document: Health information, financial information, hr information etc. This could also be done automatically if you know what department t he most frequent users belong to. If the automated tag turns out to be wrong, a feedback opportunity to change should be presented to users. An example where this is done in a similar fashion for searches on Ask.com where users are presented with information telling them about the soundness of the site they are about to visit using tools from Symantec.
How would you improve the security of SharePoint. One would be to classify sites and tag classified documents. The problem is the static nature of a search. A DLP pattern or fingerprint, is really nothing else than a search. It is more specialized than a search conducted by a user, however it is still search using regular expressions and fingerprints in addition to keywords etc.
How can search be improved for security purposes? I believe it is best done by placing more enabling tools in the hands of users. What is needed is improved feedback loops and a better understanding of the users of the system. In other words, can SharePoint security be improved upon by using the playbook from the semantic web movement? I believe it can.
Here is how I envision it to work. The SharePoint sites are scanned for sensitive information using rules and patterns that has a high accuracy rate, and tag/classify the matching documents found. This result set should then be visible to the users who has access to the site, whether it is directly when visiting the site, or when the site is shown in a search result.
Because documents of the same type tends to be clustered, the users of the site should be asked about the sensitivity of the documents not yet tagged on the site. According to research done at Microsoft users with similar interests tended to rank their search results similarly. The assumption I would make, is that high frequency users of a specific SharePoint site would classify the documents the same. If these users are then also asked to supply more information about these documents than just the classification level, you can start creating richness in the tagging such as type of document: Health information, financial information, hr information etc. This could also be done automatically if you know what department t he most frequent users belong to. If the automated tag turns out to be wrong, a feedback opportunity to change should be presented to users. An example where this is done in a similar fashion for searches on Ask.com where users are presented with information telling them about the soundness of the site they are about to visit using tools from Symantec.
Study Finds Consumers Want Control over Data
Consumers try to protect their privacy, but don't fully understand how privacy and security technologies work or what protection is being provided, according to a new study.
Consumers try to protect their privacy, but don't fully understand how privacy and security technologies work or what protection is being provided, according to a new study.
Monday, February 02, 2009
I belive the issues surrounding compliance will follow us into the cloud. Here is a great link that explains the cloud taxonomy and cloud ontology: http://news.cnet.com/8301-19413_3-10152106-240.html
Subscribe to:
Posts (Atom)
