This document provides guidance on classifying and protecting business information. It discusses classifying information as high, moderate, or low business impact based on the potential effect of unauthorized disclosure. It also recommends tools for protecting information, such as Information Rights Management, BitLocker encryption, and Secure/Multipurpose Internet Mail Extensions. Guidelines are provided for sending, sharing, storing, backing up, and disposing of information based on its classification.
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Data Loss Prevention - Introduction
- Symantec Data Loss Prevention - Components
- Symantec Data Loss Prevention - Features & Use Cases
- Symantec Data Loss Prevention - System Requirements
- Symantec Data Loss Prevention - Appendix (extra information)
This provides a brief overview of Symantec Data Loss Prevention (DLP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
Data Leakage is an important concern for the business organizations in this increasingly networked world these days. Unauthorized disclosure may have serious consequences for an organization in both long term and short term. Risks include losing clients and stakeholder confidence, tarnishing of brand image, landing in unwanted lawsuits, and overall losing goodwill and market share in the industry.
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
DATA LOSS PREVENTION ENSURES CRITICAL INFORMATION ARE KEPT SAFELY AT THE CORPORATE NETWORK AND HELPS ADMINISTRATOR CONTROL THE DATA WHAT
END-USERS WISH TO TRANSFER.
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Data Loss Prevention - Introduction
- Symantec Data Loss Prevention - Components
- Symantec Data Loss Prevention - Features & Use Cases
- Symantec Data Loss Prevention - System Requirements
- Symantec Data Loss Prevention - Appendix (extra information)
This provides a brief overview of Symantec Data Loss Prevention (DLP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
Data Leakage is an important concern for the business organizations in this increasingly networked world these days. Unauthorized disclosure may have serious consequences for an organization in both long term and short term. Risks include losing clients and stakeholder confidence, tarnishing of brand image, landing in unwanted lawsuits, and overall losing goodwill and market share in the industry.
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
DATA LOSS PREVENTION ENSURES CRITICAL INFORMATION ARE KEPT SAFELY AT THE CORPORATE NETWORK AND HELPS ADMINISTRATOR CONTROL THE DATA WHAT
END-USERS WISH TO TRANSFER.
Overview of Data Loss Prevention Policies in Office 365Dock 365
Presentation about identifying, monitoring, and automatically protect sensitive information across Office 365.
With a DLP Policy, you can:
- Identify sensitive information across many locations, such as SharePoint Online and OneDrive for Business.
- Prevent the accidental sharing of sensitive information.
- Monitor and protect sensitive information in the desktop versions of Excel 2016, PowerPoint 2016, and Word 2016.
- Help users learn how to stay compliant without interrupting their workflow.
- View DLP reports showing content that matches your organization's DLP policies.
Visit www.mydock365.com to learn more about SharePoint with Dock.
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
Microsoft Information Protection demystified Albert HoitinghAlbert Hoitingh
This session was presented at the North American Collaboration Summit 2022. It covers the many technical aspects of Microsoft Purview Information Protection.
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
DLP is a technology that detects potential data breach incidents in timely manner and prevents them by monitoring data in-use (endpoints), in-motion (network traffic), and at-rest (data storage). It has been driven by regulatory compliances and intellectual property protection. This talk will introduce DLP models that describe the capabilities and scope that a DLP system should cover. A few system categories will be discussed accordingly with high-level system architecture. DLP is an interesting technology in that it provides advanced content inspection techniques. As such, a few content inspection techniques will be proposed and investigated in rigorous terms.
security concepts ,goals of computer security , problem and requirements ,identifying the assets ,identifying the threats, identifying the impacts, vulnerability ,user authentication ,security system and facilities ,system access control , password management ,privileged user management ,user account management ,data resource protection, sensitive system protection ,cryptography ,intrusion detection ,computer-security classification
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
Its one thing encrypting and protecting your data from prying eyes but what use is it, if it is not retained or protected against loss. With Microsoft Information Protection, Microsoft provides organisations the ability to:
• Protection content from deletion
• Adhere to compliance standards (GDPR, HIPAA, etc)
• Discover content for litigation
• Manage access to content based on rules
By implementing the correct rules, organisations are able to mitigate risk and remain compliant and at the same time ensure that content is identified, classified, retained and disposed of accordingly.
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
Vast amounts of your organization's sensitive data are accessible, stored, and used by authorized employees and partners on a host of devices and servers. Protecting that data where ever it is stored or travels is a top priority.
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
Overview of Data Loss Prevention Policies in Office 365Dock 365
Presentation about identifying, monitoring, and automatically protect sensitive information across Office 365.
With a DLP Policy, you can:
- Identify sensitive information across many locations, such as SharePoint Online and OneDrive for Business.
- Prevent the accidental sharing of sensitive information.
- Monitor and protect sensitive information in the desktop versions of Excel 2016, PowerPoint 2016, and Word 2016.
- Help users learn how to stay compliant without interrupting their workflow.
- View DLP reports showing content that matches your organization's DLP policies.
Visit www.mydock365.com to learn more about SharePoint with Dock.
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
Microsoft Information Protection demystified Albert HoitinghAlbert Hoitingh
This session was presented at the North American Collaboration Summit 2022. It covers the many technical aspects of Microsoft Purview Information Protection.
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
DLP is a technology that detects potential data breach incidents in timely manner and prevents them by monitoring data in-use (endpoints), in-motion (network traffic), and at-rest (data storage). It has been driven by regulatory compliances and intellectual property protection. This talk will introduce DLP models that describe the capabilities and scope that a DLP system should cover. A few system categories will be discussed accordingly with high-level system architecture. DLP is an interesting technology in that it provides advanced content inspection techniques. As such, a few content inspection techniques will be proposed and investigated in rigorous terms.
security concepts ,goals of computer security , problem and requirements ,identifying the assets ,identifying the threats, identifying the impacts, vulnerability ,user authentication ,security system and facilities ,system access control , password management ,privileged user management ,user account management ,data resource protection, sensitive system protection ,cryptography ,intrusion detection ,computer-security classification
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
Its one thing encrypting and protecting your data from prying eyes but what use is it, if it is not retained or protected against loss. With Microsoft Information Protection, Microsoft provides organisations the ability to:
• Protection content from deletion
• Adhere to compliance standards (GDPR, HIPAA, etc)
• Discover content for litigation
• Manage access to content based on rules
By implementing the correct rules, organisations are able to mitigate risk and remain compliant and at the same time ensure that content is identified, classified, retained and disposed of accordingly.
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
Vast amounts of your organization's sensitive data are accessible, stored, and used by authorized employees and partners on a host of devices and servers. Protecting that data where ever it is stored or travels is a top priority.
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
Data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.
Data Loss Prevention solutions help companies avoid data loss incidents through a continuous data monitoring process across endpoints, networks and clouds.
The Financial
Balance Sheet
Part I
This slideshow reviews the Financial
Balance Sheet (FBS). The foundational
information in this slideshow will be
used throughout the text.
• A model of the corporation used to visualize the financial
functions and objectives of a firm.
The Financial Balance Sheet (FBS)
• Deals with a firm’s investments, such as:
– accounts on the accounting statement
– tangible and intangible assets
The Left-Hand Side (LHS)
• Deals with a firm’s sources of financing, which are
divided into two kinds of claims:
– Fixed claims are legally protected
– Residual claims are not legally protected
The Right-Hand Side (RHS)
• Capital gained from RHS claims is used to make LHS
investments. Cash generated by investments is then used
to satisfy claims and/or reinvested in the company.
LHS and RHS Interaction
• The three methods of acquiring capital are trade credit,
secondary trading, and retention of residual cash flows.
Capital Acquisition
• Financial managers make decisions related to both sides
of the FBS:
– LHS decisions include investments a firm makes
– RHS decisions include sources of capital used to fund
investments
Management and the FBS
Slide Number 1Slide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8
ITS 833 – INFORMATION GOVERNANCE
Chapter 11 – Information Governance
Privacy and Security Functions
[email protected] Asante 2019
1
1
CHAPTER GOALS AND OBJECTIVES
[email protected] Asante 2019
2
Things To Know:
Sources of Threats to protection of data
Solution
s to threats to protection of data
Identify some privacy laws that apply to securing an organization’s data
What is meant by redaction
What are the limitations on perimeter security?
What is IAM?
What are the challenges of securing confidential e-documents?
What are the limitations on an repository-based approach to securing confidential e-documents?
Things to Know:
What are some solutions to securing confidential e-documents?
What is stream messaging?
How is a digital signature different from an electronic signature?
What is DLP Technology?
What are some basic DLP methods?
What are some of the limitations of DLP?
What is IRM?
What are some key characteristics or requirements for effective IRM?
What are some approaches to security data once it leaves the organization?
2
Who are the victims ?
Government
Corporations
Banks
Schools
Defense Contractors
Private Individuals
Cyberattack Proliferation
[email protected] Asante 2019
3
Who are the perpetrators?
Foreign Governments
Domestic and foreign businesses
Individual Hackers/Hacking societies
Insiders
3
INSIDER THREATS
[email protected] Asante 2019
4
Some malicious/some not malicious
Insider threats can be more costly than outside threats
Nearly 70% of employees have engaged in IP theft
Nearly 33% have taken customer contact information, databases and customer data
Most employees send e-documents .
Nikola, IT menadžer Microsofta, nam je držao predavanje o novostima u Office 2013, sa posebnim osvrtom na KONTROLU podataka. Ukoliko neko nije instalirao novi Office 2013 – neka to obavezno uradi. Zaista vredi!
Cyber criminals are always on the lookout to find ways for gaining profits by misusing the data leaks of an organisation. In this blog, Explain How to Prevent Data Leakage. Techno Edge Systems LLC provide Endpoint Security Solutions in Dubai, UAE for Businesses. Call at 054-4653108 Visit us: www.itamcsupport.ae.
Information Protection is the ability to positively control and report on the use and modification of your most important information assets. In this whitepaper you will find useful information to protect your organization with Microsoft Technologies,
Top 5 Ways How Accounting Firms Can Protect Their Client Data Avni Rajput
Providing exceptional accounting services to your clients and simultaneously securing their sensitive data is what can make your accounting firm stand out from the competition.
Here are top ways how your accounting firm can protect clients' accounting data.
What is a Security Information Event Management?
is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security.
Cyber criminals are always on the lookout to find ways for gaining profits by misusing the data leaks of an organization. In this Blog We are providing some effective ways to prevent data leakage. Techno Edge Systems LLC is the best affordable provider of Endpoint Security Solutions in Dubai. Contact us: 054-4653108 Visit us: www.itamcsupport.ae
7 Practices To Safeguard Your Business From Security Breaches!Caroline Johnson
Cybercriminals are out to get your business, and they're doing it in a big way. It's no secret that though cybercriminals often target large businesses, smaller organizations are also attractive to them. The logic is simple: small businesses usually follow a standard "not much to steal" mindset using fewer controls and easy-to-breach data protection strategies.
Here are the seven best practices every small business should implement immediately to protect their organization from cyberattacks and keep their data safe from thieves and hackers. To know about it visit: https://bit.ly/3G96FDr
The Role of Password Management in Achieving CompliancePortalGuard
Password management solutions have had a dramatic impact on organiza-tions; from eliminating password-related Help Desk calls to simplifying end-user access, password management has gone beyond tightening security to delivering improvements to the bottom line. Now, with the implementation of Sarbanes-Oxley, HIPAA and other regulations, password management has proven to be a strategic component for successful compliance.
http://www.portalguard.com
Data Privacy, Data Security, and Data Protection are three terms that are commonly renowned these days, as the entire internet is based on data and to make sure that nobody uses it negatively awareness of these three terms is crucial. In this blog, we will understand more about security and its importance in data privacy.
How to Secure Data Privacy in 2024.pptxV2Infotech1
Data Privacy, Data Security, and Data Protection are three terms that are commonly renowned these days, as the entire internet is based on data and to make sure that nobody uses it negatively awareness of these three terms is crucial. In this blog, we will understand more about security and its importance in data privacy.
Similar to Classifying Data to Help Secure Business Information - Template fromMicrosoft (20)
Microsoft Teams Phone
Stay connected with voice and video calling using Microsoft Teams Phone on your computer, tablet, mobile device, or desk phone.
Stay connected with a modern calling solution
Make and receive voice and video calls directly in Microsoft Teams. Stay in touch and get more done anywhere.
Calling in the flow of work
Work smarter with an all-in-one app that brings together calling, chat, meetings, and collaboration.
Business-critical calling
Use built-in, innovative, and AI-powered calling experiences and integrated partner software solutions.
Devices for any calling scenario
Benefit from a wide portfolio of devices for any business need and get flexible financing options.
Simple set up and management
Easily add, monitor, and manage voice and video calling from the Teams admin center.
Microsoft Teams Phone with Calling Plan includes:
Cloud-based phone system with advanced features including call transfer, multilevel auto attendants, and call queues.
A domestic calling plan with 3,000 minutes2 per user, per month within the US and Canada.
Call from anywhere, on any device through the Microsoft Teams app on desktop, mobile, web, and desk phones.
Around-the-clock customer support seven days a week, backed by Microsoft.
Teams Phone with Calling Plan requires a Microsoft 365 subscription that includes Microsoft Teams
Microsoft Teams
Built for hybrid work
Feel seen and heard no matter where you are and do your best work, your way.
Empower people and teams in a hybrid work world
Flexible work is here to stay, and embracing it is critical to your future success. The latest tools from Microsoft empower hybrid work environments and enable flexible work beyond organizational boundaries.
Whats New in Microsoft Teams Hybrid Meetings November 2021David J Rosenthal
Microsoft Teams
Built for hybrid work
Feel seen and heard no matter where you are and do your best work, your way.
Empower people and teams in a hybrid work world
Flexible work is here to stay, and embracing it is critical to your future success. The latest tools from Microsoft empower hybrid work environments and enable flexible work beyond organizational boundaries.
Microsoft Viva Connections
A curated, company-branded experience that brings together relevant news, conversations, and resources in the apps and devices you use every day. Viva Connections is included in all Microsoft 365 plans with SharePoint Online.
Create connection
Encourage meaningful connections across the organization in a hybrid workplace.
Drive alignment
Rally the entire organization around your vision, mission, and strategic priorities.
Empower contribution
Foster a culture of inclusion by empowering every employee to contribute ideas and share feedback.
Built on Microsoft 365
Deploy and manage Viva Connections through your existing infrastructure.
Protect your hybrid workforce across the attack chainDavid J Rosenthal
Security is one of the most important considerations for SMBs. In fact, 77% of SMBs in a recent survey consider security a top feature when purchasing new PCs.1
Last year alone, 67% of SMBs experienced a security breach that cost, on average, 3.3% of their revenue.1 That’s a big risk to both profitability and reputation, and it shows how critical strong security protections are for businesses.
The good news is that 69% of SMBs in a recent survey agreed that new Windows 10 Pro devices offered better security and data protection than older devices.1
Research shows that modern devices help business owners by preventing identity attacks, minimizing phishing, and reducing the risk of malware attacks. These are all common ways that bad actors steal business data, steal personal information, or hold our devices hostage in exchange for huge amounts of ransom money.
And with modern PCs, most security functions can happen in the cloud, without interrupting worker productivity.
Connections is a company branded employee app in Teams. It is a gateway to your employee experience, with personalized news, communications, tasks, people and resources. It provides a single curated employee destination that can be configured for specific roles like frontline workers. So, leaders can communicate and engage their employees, and employees can get easy access to the tools and resources they need from one place.. Connections builds on existing capabilities in Microsoft 365 like SharePoint and Yammer. And it pulls your communications together into a pre-configured app in Teams, designed for both desktop and mobile workers. It also acts as a launching pad to the other 3 Viva modules
Insights brings together Workplace Analytics, MyAnalytics and Glint into a unified insights app in Teams to provide data-driven and privacy-protected insights for individuals, managers and leaders. For example, employees get personalized insights, only they can see, that help them protect their time for breaks, focused work, and learning in order to promote improved productivity and wellbeing.
Topics focuses on knowledge and expertise. Topics applies AI to identify knowledge and experts and organize them into shared topics. AI automatically creates a topic page for each topic. It’s like Wikipedia for the enterprise where AI does the first draft. And these topic pages are surfaced as Topic Cards right in the flow of work in Office and Teams.
Finally, Learning allows employees to easily discover informal and formal learning in the flow of work. It aggregates content from LinkedIn Learning, Microsoft Learn and 3rd party training content and your own organizations content – all in one place. Along with providing aggregation and recommendations, it also allows managers to assign and track training, as well as report on training within and across teams.
Connections is a company branded employee app in Teams. It is a gateway to your employee experience, with personalized news, communications, tasks, people and resources. It provides a single curated employee destination that can be configured for specific roles like frontline workers. So, leaders can communicate and engage their employees, and employees can get easy access to the tools and resources they need from one place.. Connections builds on existing capabilities in Microsoft 365 like SharePoint and Yammer. And it pulls your communications together into a pre-configured app in Teams, designed for both desktop and mobile workers. It also acts as a launching pad to the other 3 Viva modules
Insights brings together Workplace Analytics, MyAnalytics and Glint into a unified insights app in Teams to provide data-driven and privacy-protected insights for individuals, managers and leaders. For example, employees get personalized insights, only they can see, that help them protect their time for breaks, focused work, and learning in order to promote improved productivity and wellbeing.
Topics focuses on knowledge and expertise. Topics applies AI to identify knowledge and experts and organize them into shared topics. AI automatically creates a topic page for each topic. It’s like Wikipedia for the enterprise where AI does the first draft. And these topic pages are surfaced as Topic Cards right in the flow of work in Office and Teams.
Finally, Learning allows employees to easily discover informal and formal learning in the flow of work. It aggregates content from LinkedIn Learning, Microsoft Learn and 3rd party training content and your own organizations content – all in one place. Along with providing aggregation and recommendations, it also allows managers to assign and track training, as well as report on training within and across teams.
Connections is a company branded employee app in Teams. It is a gateway to your employee experience, with personalized news, communications, tasks, people and resources. It provides a single curated employee destination that can be configured for specific roles like frontline workers. So, leaders can communicate and engage their employees, and employees can get easy access to the tools and resources they need from one place.. Connections builds on existing capabilities in Microsoft 365 like SharePoint and Yammer. And it pulls your communications together into a pre-configured app in Teams, designed for both desktop and mobile workers. It also acts as a launching pad to the other 3 Viva modules
Insights brings together Workplace Analytics, MyAnalytics and Glint into a unified insights app in Teams to provide data-driven and privacy-protected insights for individuals, managers and leaders. For example, employees get personalized insights, only they can see, that help them protect their time for breaks, focused work, and learning in order to promote improved productivity and wellbeing.
Topics focuses on knowledge and expertise. Topics applies AI to identify knowledge and experts and organize them into shared topics. AI automatically creates a topic page for each topic. It’s like Wikipedia for the enterprise where AI does the first draft. And these topic pages are surfaced as Topic Cards right in the flow of work in Office and Teams.
Finally, Learning allows employees to easily discover informal and formal learning in the flow of work. It aggregates content from LinkedIn Learning, Microsoft Learn and 3rd party training content and your own organizations content – all in one place. Along with providing aggregation and recommendations, it also allows managers to assign and track training, as well as report on training within and across teams.
Our end-to-end, integrated portfolio of cloud solutions across Microsoft 365, Dynamics 365, and Azure is built on a foundation of security and privacy and helps every organization in every industry build resilience and improve the bottom line.
Azure Arc offers simplified management, faster app development, and consistent Azure services. Easily organize, govern, and secure Windows, Linux, SQL Server, and Kubernetes clusters across data centers, the edge, and multicloud environments right from Azure. Architect, design, and build cloud-native apps anywhere without sacrificing central visibility and control. Get Azure innovation and cloud benefits by deploying consistent Azure data, application, and machine learning services on any infrastructure.
Gain central visibility, operations, and compliance
Centrally manage a wide range of resources including Windows and Linux servers, SQL server, Kubernetes clusters, and Azure services.
Establish central visibility in the Azure portal and enable multi-environment search with Azure Resource Graph.
Meet governance and compliance standards for apps, infrastructure, and data with Azure Policy.
Delegate access and manage security policies for resources using role-based access control (RBAC) and Azure Lighthouse.
Organize and inventory assets through a variety of Azure scopes, such as management groups, subscriptions, resource groups, and tags.
Learn more about hybrid and multicloud management in the Microsoft Cloud Adoption Framework for Azure.
Windows Server 2022 is now in preview, the next release in our Long-Term Servicing Channel (LTSC), which will be generally available later this calendar year. It builds on Windows Server 2019, our fastest adopted Windows Server ever. This release includes advanced multi-layer security, hybrid capabilities with Azure, and a flexible platform to modernize applications with containers.
Windows 365 also creates a new hybrid personal computing category called Cloud PC, which uses both the power of the cloud and the capabilities of the device to provide a full, personalized Windows experience. This new Windows experience comes as organizations around the world grapple with the best ways to facilitate hybrid work models where employees are both on-site and distributed across the globe.
The Windows 365 Cloud PC experience is:
Versatile, familiar and productive by delivering users their personalized content, settings, and applications
Simple to deploy and manage from a single console, easy for anyone to use
Secure by design, leaving no data on the device
Available on any device and optimized for the best experience on a Windows PC at a predictable price
And lastly, it’s scalable and resilient to support changing workforce needs and new business scenarios
Designed for hybrid work
Productive
Improve employee productivity and focus with a simple, powerful user experience.
Collaborative
Discover a smarter way to collaborate with Microsoft Teams integration.
Secure
Protect data and secure access with a Zero Trust-ready operating system.
Consistent
Make adoption easy with app compatibility and cloud management.
Productive and collaborative
Reach your individual and team goals with built-in assistance features in Windows 11.
Simple, modern visuals
Snap assist
Personalized widgets
Intelligent video conferencing
Share a window while presenting
Meet now in Microsoft Teams
The Microsoft Teams call and chat function in the taskbar of Windows 11.
Meet now in Microsoft Teams
Connect with anyone on any platform with fast, easy-to-use calling and chat right from the taskbar.
The most secure Windows yet
Increase security with hardware-based integrity protection in Windows 11, from the silicon to the cloud.
Go passwordless
Get secure, multifactor single sign-on from devices to the cloud and apps with Windows Hello for Business.
Perfect for remote work
Ship employees a corporate-owned device secured by company policy and easily provisioned by them.
Microsoft Scheduler for M365 - Personal Digital AssistantDavid J Rosenthal
An assistant for everyone
Enjoy the speed of a virtual assistant augmented with human understanding.
Easy scheduling
Save time by handing off the time-consuming task of scheduling using your own words.
Works 24/7
Request a meeting at any time. Cortana works around the clock even when you are offline or busy.
You control your data
Scheduler works within your Microsoft 365 compliance boundaries and keeps the data inside your organization. You control your data.
Smart technology with human assistance
Increased reliability that will always complete your request by using human assistance to resolve ambiguities and context.
Grows with your needs
Available 24/7 and capable of handling thousands of requests at the same time.
What is New in Teams Meetings and Meeting Rooms July 2021David J Rosenthal
Chat
Share your opinion, and your personality. Send gifs, stickers, and emojis in a group chat or in one-to-one messages.
Instant messaging
Meet
Instantly go from group chat to video conference with the touch of a button. Teams of 2 or 10,000 can meet in one place, no matter how many places they’re in.
Online meetings
Call
Make and receive calls with internal and external groups using Microsoft Teams Phone, Operator Connect, or Direct Routing.
Voice calling
Collaborate
Easily find, share, and edit files in real time using familiar apps like Word, PowerPoint, and Excel in Teams.
Video conferencing
Make meetings more personal and increase your productivity by collaborating in real time.
Screen sharing
Keep everyone on the same page by sharing your screen so they can see the same content.
Custom backgrounds
Create the perfect virtual setting by choosing, uploading, or blurring your background.
Together mode
Digitally sit in a shared background, making it feel like you’re in the same room with everyone else.1
File sharing
Co-author files in real time. Securely store, access, share, and collaborate on files from anywhere.
Apps and workflows
Streamline tasks and critical business processes by integrating apps and workflows.
Market availability
Available in 53 languages and 181 markets. Connect across Windows, Mac, iOS, and Android.
Privacy and security
Meet regulatory, legal, and organizational needs with industry-leading compliance offerings.
The Java ecosystem is very broad, with different technologies including Java SE, Java EE/Jakarta EE, Spring, numerous application servers, and other frameworks. Wherever you are in Java, Azure supports your workload and process with an abundance of choice – from IaaS to fully managed services. You can run any application architecture, from monoliths, to containerized monoliths, all the way to completely microservices based apps.
We see three broad patterns for running Java applications in the cloud, depending on how much control or productivity you need.
The first is lift and shift with Virtual Machines:
Virtual machines provide the most flexibility, control and visibility while moving to the cloud, especially for initial lift and shift of Java workloads. Azure provides a variety of Java focused VM images and solutions templates in the Azure Marketplace to get you up and running quickly.
The second is modernization using containers:
Containers provide portability, flexibility, scalability, manageability, repeatability, and predictability.
Azure provides best of breed support for Docker and Kubernetes, especially through the Azure Kubernetes Service (AKS) and Azure Red Hat OpenShift.
Finally, Azure has the most managed hosting options for Java applications of any major cloud platform with fully managed PaaS for Spring, Tomcat, and JBoss EAP:
Managed services offer ease-of-use, ease-of-management, productivity, and lower total cost of ownership.
You can focus on building your applications, not managing infrastructure.
All of this is supported by managed databases and DevOps tooling:
Use fully managed SQL and NoSQL databases, including PostgreSQL, MySQL, Cosmos DB, and SQL.
Keep using the tools you love, with plugins for IntelliJ and Eclipse, integrations with a variety of DevOps tools like Maven, Gradle, Jenkins, and GitHub.
Get comprehensive protection across all your platforms and clouds
Protect your organization from threats across devices, identities, apps, data and clouds. Get unmatched visibility into your multiplatform environment that unifies Security Information and Event Management (SIEM) and Extended Detection and Response (XDR). Simplify your security stack with Azure Sentinel and Microsoft Defender.
Protect your business with a universal identity platform
The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks.
Gartner named Microsoft a leader in Magic Quadrant 2020 for Access Management
Single sign-on simplifies access to your apps from anywhere
Conditional Access and multi-factor authentication help protect and govern access
A single identity platform lets you engage with internal and external users more securely
Developer tools make it easy to integrate identity into your apps and services
Connect your workforce
Whether people are on-site or remote, give them seamless access to all their apps so they can stay productive from anywhere. Automate workflows for user lifecycle and provisioning. Save time and resources with self-service management.
Choose from thousands of SaaS apps
Simplify single sign-on. Azure AD supports thousands of pre-integrated software as a service (SaaS) applications.
Protect and govern access
Safeguard user credentials by enforcing strong authentication and conditional access policies. Efficiently manage your identities by ensuring that the right people have the right access to the right resources.
Engage with your customers and partners
Secure and manage customers and partners beyond your organizational boundaries, with one identity solution. Customize user journeys and simplify authentication with social identity and more.
Integrate identity into your apps
Accelerate adoption of your application in the enterprise by supporting single sign-on and user provisioning. Reduce sign-in friction and automate the creation, removal, and maintenance of user accounts.
The Nintex Platform is Easy-to-use, Powerful and Complete to manage, automate and optimize your processes.
Manage processes by discovering, mapping and sharing across process participants and owners.
This often leads to opportunities for process automation. Many processes involve the capture of information and our forms capability provides an ease-to-use, responsive design experience, often eliminating paper forms. With advanced workflow capabilities you can quickly design powerful applications using advanced logic and rules to eliminate manual work. Nintex RPA drives speed by automating those mundane, repetitive tasks. Since many processes involve the need to generate a document we have a DocGen offering to automatically create documents from both unstructured and structured data sources. With Nintex Sign powered by Adobe Sign you can easily integrate eSign into your signature-based workflows for total automation.
Once you have been managing and automating processes, imagine the amount of information available on how your business is operating. Leveraging Nintex Analytics you are able to get process intelligence allowing you to monitor, analyze and improve your business.
With the Nintex platform our customers and partners value our extensibility, using pre-built connecters as well as leveraging our Xtensions to build powerful bi-directional connectors to orchestrate processes across any systems in your organization.
Combining the power of Nintex with our customer success and vast partner network it is easy to see why our customers are so successful.
Microsoft Power BI is a unified self-service and enterprise business intelligence platform that combines an intuitive user experience with intelligent data visualizations to provide greater depth of data insight. Reports can be shared within Microsoft tools like Teams, SharePoint, PowerPoint, or within other productivity products.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Classifying Data to Help Secure Business Information - Template fromMicrosoft
1. Work Smart by Microsoft IT
Classifying and Protecting Your
Business Information
Customization note: This document is based on the experience of Microsoft IT and contains
guidance and/or step-by-step instructions that can be reused, customized, or deleted entirely if
they do not apply to your organization’s environment or installation scenarios.
All forms of information, including ideas and concepts, have potential business value.
Whether you are exchanging emails, sharing documents, or having a phone conversation, it
is your responsibility to help protect your company’s confidential information. The greater
the information’s value, the more security controls you should put in place to protect it.
This guide provides an overview on how to properly classify business information and data
according to the potential impact of unintentional disclosure: High, Moderate, and Low
Business Impact. It also introduces some solutions that are available to help protect your
information before you transmit, share, store, or dispose of it.
Topics in this guide include:
Classifying your
information
Protecting your
information
Classification and
data dissemination
guidelines
Recommended
security practices
For more information
2. 2 | Classifying and Protecting Your Business Information
Classifying your information
Information can be classified into three areas, according to the potential impact of its
unintentional disclosure: High Business Impact (HBI), Moderate Business Impact (MBI), and
Low Business Impact (LBI).
Table 1. Information classifications
HBI HBI applies to any information including emails, documents, messages and phone
conversations that, if disclosed without authorization, could result in immediate,
direct or considerable impact to the company, the information owner and
customers. HBI information should only be shared with those on a “need-to-know”
basis. HBI includes Highly Sensitive Personally Identifiable Information (HSPII).
MBI MBI applies to information that, if disclosed, could cause indirect, limited impact
the company, the asset’s owner and valued customers. MBI information should only
be accessible to those people who have a legitimate business need to view the
information. MBI includes Personally Identifiable Information (PII).
LBI LBI classification applies to information assets that, if disclosed without
authorization, could cause limited, or no material loss to the company, the asset
owner, or relying parties.
Important: The guidance provided in this document is for example purposes and every
organization is unique. In the following sections, please be aware that your company’s HBI, MBI,
and LBI information and data could require more or less restrictive classification levels.
Classification of some common information types
Below is table of guidelines that might be helpful in determining a type of data's
classification level.
Table 2. Guidelines to help determine data classification level
Data includes the following info: HBI MBI LBI
Email Address
X
Social Security Number
X
Documents regarding process or procedure
X
Private cryptographic keys
X
Username and Passwords
X
Publicly accessible information X
Company trade secrets
X
Financial information related to revenue
generation
X
List of Phone Numbers
X
Employee Zip Codes X
Numeric ID sequences / PINs
X
3. 3 | Classifying and Protecting Your Business Information
Tips:
Use the more restrictive classification if data falls into more than one classification level
or if you are unsure of its classification.
Treat information as HBI if it does not have a classification, but is marked “confidential.”
Important Notes:
It is your responsibility to understand the business value of your information and to apply
the correct classification and protection.
Remove HBI or MBI information from your computer before retiring it or sending it offsite
for repairs.
Remember to check your company policies as their classification levels may vary from the
examples provided in the table above.
Protecting your information
Now that you know how to classify your information, you will learn what tools are available
to ensure that your data is protected when it is sent, shared, stored, backed up, or deleted.
This guide provides an overview of four technologies that can be used to help protect
information.
Information Rights Management. An Office feature of Rights Management Services
(RMS), IRM enables you to apply specific access permissions to documents, workbooks,
and presentations to prevent unauthorized forwarding, printing, or copying; and to set
expiration dates after which files no longer are available. More information about IRM is
available at http://technet.microsoft.com/en-us/library/cc179103.aspx.
Secure/Multipurpose Internet Mail Extensions (S/MIME). With S/MIME you can
encrypt and/or digitally sign your email messages. Encrypting your messages converts
data with a cipher text so that only people who you specify can read it. Digitally signing
an email message helps ensure that no tampering occurs while your message and its
attachments are in transit. More information about S/MIME is included in the Message
Encryption and Filtering topic at http://technet.microsoft.com/en-
us/library/jj891023.aspx.
BitLocker Drive Encryption. BitLocker Drive Encryption is a data protection feature
available in Windows Vista, Windows 7, and Windows 8. BitLocker encrypts the hard
drives on your computer to provide enhanced protection against data theft or exposure
on computers and removable drives that are lost, stolen, or decommissioned. More
information about BitLocker is available at http://technet.microsoft.com/en-
us/library/hh831713.aspx. BitLocker To Go provides drive encryption to prevent
unauthorized access on your portable storage drives. This includes the encryption of
USB flash drives, SD cards, external hard disk drives, and other removable drives
formatted by using the NTFS, FAT, or exFAT file systems.
4. 4 | Classifying and Protecting Your Business Information
Encrypted File System (EFS). If your computer is not BitLocker compatible, you can
use Encrypted File System (EFS) to encrypt specific files and folders by using a
certificate. EFS requires that users with whom you share information enter the
appropriate decryption key before they can access the encrypted content. More
information about EFS is available at http://windows.microsoft.com/en-
us/windows/what-is-encrypting-file-system#1TC=windows-7.
The following table provide some guidelines about which technology you should use to
protect the HBI or MBI information that you transmit, share, or store on your computer:
Table 3. Preferred technology used to transmit, share, and store business information
IRM S/MIME EFS BitLocker
Transmit with internal
email
Preferred Acceptable N/A N/A
Transmit with external
email
Works only with
other federated
RMS
organizations
Preferred N/A N/A
Share using SharePoint
Online
Preferred N/A N/A N/A
Storing on computer
Acceptable with
BitLocker
N/A Acceptable with
BitLocker
Required
Storing on removable
media
Acceptable N/A Acceptable Preferred
Notes:
Information about applying Information Rights Management to a list or library is available at
http://office.microsoft.com/en-us/sharepoint-server-help/apply-information-rights-
management-to-a-list-or-library-HA010154148.aspx
More information about Information Rights Management is available in “What’s New with
Information Rights Management in SharePoint and SharePoint Online?” at
http://blogs.office.com/2012/11/09/whats-new-with-information-rights-management-in-
sharepoint-and-sharepoint-online/
5. 5 | Classifying and Protecting Your Business Information
Classification and data dissemination
guidelines
The following table provides some classification-level guidelines for sending, sharing,
storing, backing up, and disposing of business information.
Table 4. Guidelines for sending, sharing, storing, backing up, and disposing of business information
Action HBI MBI LBI
Send data (via file
transfer or email)
Requires asset owner
approval to forward,
export, or copy.
Requires encryption for
internal and external
delivery.
Requires encryption with
S/MIME or IRM for email.
Requires encryption for
transfer outside of
organization.
Requires encryption with
S/MIME for email sent
outside the corporate
network.
No special
requirements.
Share
(via O365 SharePoint
Online)
Use IRM to restrict
forwarding, copying, and
printing.
Restrict permissions to
those identified by asset
owner.
Requires formal
agreement, which legal
approves, for third
parties, such as business
partners.
Restricts permissions to
those with legitimate
business needs only.
Requires formal
agreement, which legal
approves, for third
parties, such as business
partners.
No special
requirements.
Store
(server, PC, CD, USB)
Requires encryption
(BitLocker).
Allows storage on
handheld devices only if
device supports strong
encryption and
authentication security
controls.
May require encryption
(as determined by the
asset owner).
No special
requirements.
Back up
Performed only by
authorized personnel and
stored only at a location
approved by IT Security.
Encrypt storage media.
Store in a physically
secure location in which
backups are logged and
access is controlled and
monitored.
No special
requirements.
Dispose of
Cross-shred or incinerate
paper documents.
Destroy tapes and other
magnetic media. Request
that hard disk drives be
destroyed.
Follow your organization
policies for the
appropriate disposal of
retired hardware and
media.
Cross-shred or
incinerate paper
documents.
Destroy tapes and other
magnetic media.
Remove data on hard
disks that you plan to
reuse or retire.
Destroy inoperable hard
disk drives.
No special
requirements.
6. 6 | Classifying and Protecting Your Business Information
Recommended security practices
Use the Microsoft Office System Document Inspector
If you plan to share an electronic copy of a Microsoft Office Word document with clients or
colleagues, it is a good idea to review the document for hidden data or personal
information that might be stored in the document itself or in the document properties
(metadata). Document Inspector is a built-in tool that can be used to scan your data before
sharing it with others.
For more information on how to use Document Inspector, see Remove hidden data and
personal information by inspecting documents at http://office.microsoft.com/en-us/word-
help/remove-hidden-data-and-personal-information-by-inspecting-documents-
HA010354329.aspx.
Guard confidential information
Do not discuss confidential information in public places.
Beware of multiple network connections
Never concurrently connect your computer to your corporate network and the Internet, or
any other network that your company does not manage. This compromises your company's
network security.
Review list of group recipients
Think globally before posting any content. Before you send or reply to email, post to
Yammer, One Drive, or any another social website, or post data to SharePoint, make sure
that the information is appropriate for disclosure to everyone who has access to the email
or website.
Use Outlook Web Access
Use Outlook Web Access (OWA) to check your email from your home computer. Be careful
if you access corporate resources by using kiosks and other public locations, even though
OWA, as key strokes may be monitored if the public network does not have the correct
configuration.
Do not leave documents or presentations unattended
Remove all documents after meetings, and erase whiteboards.
Beware of posting on walls or bulletin boards
If your document is HBI, do not post it in hallways or on bulletin boards.