Securing Business-Information from Microsoft -Presented by Atidan
 

Like this? Share it with your network

Share

Securing Business-Information from Microsoft -Presented by Atidan

on

  • 1,026 views

 

Statistics

Views

Total Views
1,026
Views on SlideShare
1,024
Embed Views
2

Actions

Likes
0
Downloads
4
Comments
0

2 Embeds 2

https://www.linkedin.com 1
http://www.atidan.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Securing Business-Information from Microsoft -Presented by Atidan Document Transcript

  • 1. Work Smart Securing Business Information Overview All forms of information, including ideas and concepts, have potential business value. Whether you are exchanging emails, sharing documents, or having a phone conversation, it is your responsibility to help protect confidential information from any unauthorized disclosure. This Work Smart Guide provides an overview on how to properly classify business information and understand the technology solutions used to help protect your information before you transmit, share, store, or destroy it. Recommended reading This Work Smart Guide provides the foundational knowledge for securing your data. Other guides are available to teach you how to help protect your information. For detailed step- by-step guidance, review the documents listed under the Work Smart link in the For More Information section of this guide. Topics in this guide include: Classifying your information Protecting your information Classification and data dissemination guidelines Decision tree: Securing your information Recommended security practices For more information
  • 2. Powered by Instant.ly 2 | Securing Business Information Overview Classifying your information Determining information classification At Microsoft, all forms of information, including ideas and concepts, have potential business value. Whether you are exchanging emails, sharing documents, or having a phone conversation, it is your responsibility to help protect confidential information from any unauthorized disclosure. This Work Smart Guide details how to properly classify business information and understand the technology solutions used to help protect your information before you transmit, share, store, or destroy it. Information is classified into three areas:HighBusinessImpact(HBI), ModerateBusinessImpact(MBI),andLowBusinessImpact (LBI). Table 1: Information Classification HBI High Business Impact HBI applies to any information including emails, documents, messages and phone conversations that, if disclosed without authorization, could result in immediate, direct or considerable impact to Microsoft, the information owner and customers. HBI information should only be shared with those on a “need-to-know” basis. HBI includes Highly Sensitive Personally Identifiable Information (HSPII). MBI Medium Business Impact MBI applies to information that, if disclosed, could cause indirect, limited impact to Microsoft, the asset’s owner and valued customers. MBI information should only be accessible to those people who have a legitimate business need to view the information. MBI includes Personally Identifiable Information (PII). LBI Low Business Impact LBI classification applies to information assets that, if disclosed without authorization, could cause limited, or no material loss to Microsoft, the asset owner, or relying parties. Important:Youare responsible for classifying your information accurately. Therefore, in the following sections, be aware that the examples of HBI, MBI, and LBI data could have more restrictive classification levels, depending on how sensitive a specific asset’s owner deems the content.
  • 3. Powered by Instant.ly 3 | Securing Business Information Overview How to classify your information Below is table of guidelines that you may use to determine your data's classification level. Data includes the following info: HBI MBI LBI Email Address X Social Security Number X Documents regarding process or procedure X Private cryptographic keys X Username and Passwords X Publicly accessible information X Company trade secrets X Financial information related to revenue generation X List of Phone Numbers X Employee Zip Codes X Numeric ID sequences / PINs X Note: • Use the most restrictive classification if data falls into more than one classification level or if you are unsure of its classification. • Treat information as HBI if it does not have a classification, but is marked or “confidential.” Important: • It is your responsibility to understand the business value of your information and to apply the correct classification and protection. • Remove HBI or MBI information from your computer before retiring it or sending it offsite for repairs. • Remember to check your company policies as their classification levels may vary from the examples provided in the table above.
  • 4. Powered by Instant.ly 4 | Securing Business Information Overview Protecting your information Now that you know how to classify your information, you will learn what tools are available to ensure that your data is protected when it is sent, shared, stored, backed up, or deleted. There are four main technologies which Microsoft uses to help protect information. These services include: Information Rights Management (IRM) - an Office feature of Rights Management Services (RMS), Secure/Multipurpose Internet Mail Extensions (S/MIME), BitLocker Drive Encryption, and Encrypted File System (EFS). Thankfully, these tools are simple to use. A few clicks within Office, Outlook, or SharePoint and you can protect your data according to the appropriate classification. Listed below are the definitions of each technology and the data it protects. For more information about each solution, click the named hyperlink. IRM Enables you to apply specific access permissions to documents, workbooks, and presentations to prevent unauthorized forwarding, printing, or copying; and to set expiration dates after which files no longer are available. S/MIMEEnables you to encrypt and/or digitally sign your email messages. Encrypting your messages converts data with a cipher text so that only people who you specify can read it. Digitally signing an email message helps ensure that no tampering occurs while your message and its attachments are in transit. BitLocker BitLocker Drive Encryption protects data on your computer by preventing unauthorized access to the hard disk drive or removable media by applying full disk encryption. EFS If your computer is not BitLocker compatible, EFS can encrypt your files and folders by using a certificate that Microsoft issues after you join your computer to the corporate domain. EFS requires that other people enter the appropriate decryption key before they can access the encrypted content. EFS is not a recommended protection method for Microsoft hard drives. The following table provides guidelines on which preferred technology that you should use to encrypt HBI or MBI information that you will transmit, share, or store on your computer: Table 3: Protecting your information Data includes the following info: IRM S/MIME EFS BitLocker Transmit with internal email Preferred solution Acceptable solution N/A N/A Transmit with external email Works only with other federated RMS organizations Preferred solution N/A N/A Share by using SharePoint Online (for tenant administrators and not site owners or users.) Preferred solution N/A N/A N/A Storing on computer Acceptable solution with BitLocker N/A Acceptable with BitLocker Required solution Storing on computer (Vista or older OS) Preferred solution N/A Acceptable solution Storing on removable mediaBitLocker to Go Acceptable solution N/A Acceptable solution Preferred solution
  • 5. Powered by Instant.ly 5 | Securing Business Information Overview Classification and data dissemination guidelines The following tables provide guidelines for how you should send, share, store, back up, and dispose of information, depending on its classification: Table 4. Classification and data dissemination guidelines Subject HBI MBI LBI Send data (via file transfer or email) Requires asset owner approval to forward, export, or copy. Requires encryption for internal and external delivery. Requires encryption with S/MIME or IRM for email. Requires encryption for transfer outside of organization. Requires encryption with S/MIME for email sent outside the corporate network. No special requirements. Share (via O365 SharePoint Online) Use IRM to restrict forwarding, copying, and printing. Restrict permissions to those identified by asset owner. Requires formal agreement, which legal approves, for third parties, such as business partners. Restricts permissions to those with legitimate business needs only. Requires formal agreement, which legal approves, for third parties, such as business partners. No special requirements. Store (server, PC, CD, USB) Requires encryption (BitLocker). Allows storage on handheld devices only if device supports strong encryption and authentication security controls. May require encryption (as determined by the asset owner). No special requirements. Back up Performed only by authorized personnel and stored only at a location approved by IT Security. Encrypt storage media. Store in a physically secure location in which backups are logged and access is controlled and monitored. No special requirements. Dispose of Cross-shred or incinerate paper documents. Destroy tapes and other magnetic media. Request that hard disk drives be destroyed . Follow your organization policies for the appropriate disposal of retired hardware and media. Cross-shred or incinerate paper documents. Destroy tapes and other magnetic media. Remove data on hard disks that you plan to reuse or retire. Destroy inoperable hard disk drives. No special requirements.
  • 6. Powered by Instant.ly 6 | Securing Business Information Overview Decision tree: Securing your data The decision tree below will help you understand the multiple considerations for sharing any company information. The graphic includes the best solution to help protect your information and the platform that should be used to share the information. Figure 1: HBI decision tree Figure 2: MBI decision tree
  • 7. Powered by Instant.ly 7 | Securing Business Information Overview Figure 1: LBI decision tree
  • 8. Powered by Instant.ly 8 | Securing Business Information Overview Recommended security practices Use the Microsoft Office System Document Inspector If you plan to share an electronic copy of a Microsoft Word document with clients or colleagues, it is a good idea to review the document for hidden data or personal information that might be stored in the document itself or in the document properties (metadata). Document Inspector is a built-in tool that can be used to scan your data before sharing it with others. For more information on how to use Document Inspector, see: Remove hidden data and personal information by inspecting documents. Guard confidential information Do not discuss confidential information in public places. Beware of multiple network connections Never concurrently connect your computer to your companies corporate network and the Internet, or any other network that your company does not manage. This compromises your company's network security. Review list of group recipients Think globally before posting any content. Before you send or reply to email, post to Yammer, One Drive, or any another social website, or post data to SharePoint, make sure that the information is appropriate for disclosure to everyone who has access to the email or website. Use Outlook Web Access Use Outlook Web Access (OWA) to check your email from your home computer. Be careful if you access corporate resources by using kiosks and other public locations, even though OWA, as key strokes may be monitored if the public network does not have the correct configuration. Do not leave documents or presentations unattended Remove all documents after meetings, and erase whiteboards. Beware of posting on walls or bulletin boards If your document is HBI, do not post it on hallway walls or bulletin boards.
  • 9. Powered by Instant.ly 9 | Securing Business Information Overview For more information Work Smart Guides On the Work Smart productivity guides page,search for the following titles: http://technet.microsoft.com/en-us/library/bb687781.aspx. Securing your business information Secure collaboration using SharePoint Online Securing your computer Protecting data with Windows 8 BitLocker Information Rights Management (IRM) http://technet.microsoft.com/en-us/library/cc179103.aspx Introduction to IRM for email messages http://office.microsoft.com/en-us/outlook-help/introduction-to-irm-for- email-messages-HA102749366.aspx Secure/Multipurpose Internet Mail Extensions (S/MIME) http://technet.microsoft.com/en-us/library/jj891023.aspx BitLocker http://technet.microsoft.com/en-us/library/hh831713.aspx Encrypted File System (EFS) http://technet.microsoft.com/en-us/library/bb457116.aspx Video: Getting Started with Encrypting File System in Windows 7 http://technet.microsoft.com/en-us/windows/how-do-i-get-started-with- the-encrypting-file-system-in-windows-7.aspx International Data Protection Standards http://download.microsoft.com/download/B/8/2/B8282D75-433C-4B7E- B0A0-FFA413E20060/international_privacy_standards.pdf Modern IT Experience featuring IT Showcase http://microsoft.com/microsoft-IT This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. © 2013 Microsoft Corporation. All rights reserved. More Work Smart content: http://technet.microsoft.com/en-us/library/bb687781.aspx