SlideShare a Scribd company logo

Information Rights Management (IRM)

Network Intelligence India
Network Intelligence India

Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether it resides "in" or "outside" the corporate boundaries. This happens as the permissions embedded inside the file don't allow unauthorized access, modification, copying or printing. This is typically done for protection of financial documents, intellectual property such as patents, design blueprints and executive communications.

Technology
1 of 12
Download to read offline
INFORMATION RIGHTS MANAGEMENT – IMPLEMENTATION AND CHALLENGES From An article on Information Rights Management (IRM) and our methodology for its proper implementation in achieving secure flow of sensitive information within and beyond the organizational boundaries.
Information Rights Management [IRM] Document Tracker Author Version Summary of Changes Manasdeep September 2012 Document Created Confidential  Network Intelligence (India) Pvt. Ltd. Page 2 of 12
Information Rights Management [IRM] NOTICE This document contains information which is the intellectual property of Network Intelligence. This document is received in confidence and its contents cannot be disclosed or copied without the prior written consent of Network Intelligence. Nothing in this document constitutes a guaranty, warranty, or license, expressed or implied. Network Intelligence disclaims all liability for all such guaranties, warranties, and licenses, including but not limited to: Fitness for a particular purpose; merchantability; non infringement of intellectual property or other rights of any third party or of Network Intelligence; indemnity; and all others. The reader is advised that third parties can have intellectual property rights that can be relevant to this document and the technologies discussed herein, and is advised to seek the advice of competent legal counsel, without obligation of Network Intelligence. Network Intelligence retains the right to make changes to this document at any time without notice. Network Intelligence makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. Copyright Copyright. Network Intelligence (India) Pvt. Ltd. All rights reserved. NII Consulting, AuditPro, Firesec, NX27K is a registered trademark of Network Intelligence India Pvt. Ltd. Trademarks Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe. NII CONTACT DETAILS Network Intelligence India Pvt. Ltd. 204 Ecospace, Old Nagardas Road, Near Andheri Subway, Andheri (E), Mumbai 400 069, India Tel: +91-22-2839-2628 +91-22-4005-2628 Fax: +91-22-2837-5454 Email: info@niiconsulting.com Confidential  Network Intelligence (India) Pvt. Ltd. Page 3 of 12
Information Rights Management [IRM] Contents 1. Introduction .............................................................................................................................. 5 2. Why do we need IRM? ............................................................................................................... 5 3. What exactly can be achieved with IRM?[1] ................................................................................ 6 4. What can't be prevented using IRM? ......................................................................................... 6 5. Are Digital Rights Management (DRM) and IRM same things?.................................................... 7 6. Key for IRM’s successful implementation[5] ................................................................................ 8 a. Automating policy assignment ............................................................................................... 8 b. Dynamic policy control ........................................................................................................... 8 c. Discretionary policy application ............................................................................................. 8 d. Audit Trail .............................................................................................................................. 8 7. Steps before implementing IRM[6] .............................................................................................. 9 8. Popular IRM vendor list ............................................................................................................. 9 9. Challenges in IRM implementation .......................................................................................... 10 a. Lack of commitment by senior management........................................................................ 10 b. User Unwillingness to change .............................................................................................. 10 c. Miscellaneous Factors[5] ....................................................................................................... 11 10. References ........................................................................................................................... 12 Confidential  Network Intelligence (India) Pvt. Ltd. Page 4 of 12
Information Rights Management [IRM] 1. I NTRODUCTION Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether it resides "in" or "outside" the corporate boundaries. This happens as the permissions embedded inside the file don't allow unauthorized access, modification, copying or printing. This is typically done for protection of financial documents, intellectual property such as patents, design blueprints and executive communications. IRM[4] broadly speaking addresses the fundamental problem associated with Data Protection Leakage (DLP). DLP heavily relies on protection of sensitive file within the corporate network typically at its end points. It protects the data based on its location (directory, file server/ database) or in data in transit, but doesn't give the protection at a more granular level, i.e. information contained in file itself. IRM currently applies mainly to documents and emails in typical corporate environment setting. While DLP is “transmission control” technology, IRM is “usage control” technology. 2. W HY DO WE NEED IRM? The rationale for using IRM is that the privacy information associated with data must travel along with it. The copying of that data must not lose the associated rights to that information. Rights to modify, update, restrict or even destroy that information must be retained by the individual it pertains to, even when a 3rd party holds that information. In larger context, IRM helps organizations in enforcing corporate policy governing the secure flow of highly sensitive data in the organization. File protections are defined and enforced based on user's identity along with corporate policy on a given class of data. The best way to protect information is to do it directly at the level of the information – and not at the level of many system(s) which might change, transport or store the information. Confidential  Network Intelligence (India) Pvt. Ltd. Page 5 of 12
Information Rights Management [IRM] 3. W HAT EXACTLY CAN BE ACHIEV ED WITH IRM? [1]  Preventing restricted content from unauthorized modification, copying, printing or pasting  Disabling Print Screen feature in Microsoft Windows for taking snapshots of restricted content.  Restricting content exposure wherever it is sent  Support file expiration so that contents in documents are rendered un-viewable (or viewable) automatically after a set time.  Full auditing of both access to documents as well as changes to the rights/policy by business users 4. W HAT CAN ' T BE PREVENTED USING IRM?  Sensitive Content from being erased, stolen, captured or transmitted by malicious programs like Trojans, key loggers etc.  Content from being lost or corrupted due to virus infection  Restricted content from being hand-copied or retyped from a display screen.  Taking digital photograph of the restricted content displayed on a screen by unauthorized person  Snapshots of restricted content are possible using 3rd party screen-capture tools Confidential  Network Intelligence (India) Pvt. Ltd. Page 6 of 12
Information Rights Management [IRM] 5. A RE D IGITAL R IGHTS M ANAGEMENT (DRM) AND IRM SAME THINGS ? Not Really. Digital Rights management (DRM)[2] technologies are typically used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices "after sale". It is specifically targeted to defeat any attempts for rich media piracy like Blu-ray, CD, DVD's, tapes, records. In United States, a legal mandate called Digital Millennium Copyright Act (DMCA) exists which imposes criminal penalties on those who make available technologies whose primary agenda is to bypass content protection technologies. Main focus of DRM is to defeat copyright infringement by putting "digital locks" to rich media eg. records, CD, DVD's etc in business to customer domain, while IRM restricts itself to sensitive information exchange in business to business domain such as merger- acquisition plans, design blueprints, patents, financial statements, strategic business plans etc. Confidential  Network Intelligence (India) Pvt. Ltd. Page 7 of 12
Information Rights Management [IRM] 6. K EY FOR IRM’ S SUCCESSFUL IMPLEMENTATION [5] The strength of IRM is typically reserved for very sensitive information that travels outside organization — to vendors, suppliers, outsourced parties, partners etc. But challenges for proper authentication are quite complex outside the enterprise. Hence, following approaches must be used for effective implantation of IRM enterprise based solutions: a. Automating policy assignment More automated is policy assignment, better is IRM implementation. This happens as automation eliminates human errors resident in manual processes which in turn make it more effective. They can automatically protect documents such as price lists, product specifications, and manufacturing process description. This works effectively because if we let document authors be the sole arbiter of what to protect, it puts an unwelcome burden on them. They may neglect to do it correctly, consistently, or at all. Organizations can automatically assign policies to entire information groups such as anything saved to a certain folder, content of a certain type, or information that has reached a particular stage in a workflow. This saves time, ensures consistency, and is the most efficient way to manage large volumes of sensitive information with IRM. b. Dynamic policy control As business conditions evolve, IRM policies that govern the use of content must evolve as well. Regulatory changes will almost always require modifications to information policies such as patent expirations, litigation settlements, mergers and acquisitions etc. Dynamic policy control enables recipient entitlements to be changed when individual roles or business needs change, regardless of where the content resides—even when its location is unknown. Policies reside on a policy server, not within the content. So they can be changed or revoked at any time. Rights can also be set to automatically expire. c. Discretionary policy application In the enterprise, discretionary use of IRM is an option that should be used in addition to rather instead of automated policy application. d. Audit Trail An audit trail is an unalterable, chronological log of access to a system and a record of additions, changes, and deletions to information that system manages, which lists the person accessing the system, and the time of access, and the action taken. Confidential  Network Intelligence (India) Pvt. Ltd. Page 8 of 12
Information Rights Management [IRM] 7. S TEPS BEFORE IMPLEMENTING IRM [6] So you are all rolled up to implement IRM solution in your company. But before that, answer this quick checklist:  Outline business areas where sensitive information is frequently exchanged?  What needs to be protected (documents, email etc.)  How will security policies be enforced to protect this sensitive information or communication?  Who can use the information (people, group)  What a user can do with that information (read, write, print or forward)  When can the user access the information (time duration and dates)  Where can the information be accessed from (in office, home,)  What would be the consequences to the business if this information ended up in the wrong hands?  Does the organization retain any employee, customer, or member information that could be used in identity theft if it were exposed, either through loss or theft. 8. P OPULAR IRM VENDOR LIST  Seclore FileSecure  Microsoft Integrated Rights Management  Boole Server  SmartCipher  EMC IRM Product Suite Confidential  Network Intelligence (India) Pvt. Ltd. Page 9 of 12
Information Rights Management [IRM] 9. C HALLENGES IN IRM IMPLEMENTATION a. Lack of commitment by senior management The biggest roadblock in IRM successful implementation is the inadequate commitment shown by senior management. Management has to be convinced and made aware the value of information in the business. Consequences of losing sensitive information must be highlighted such as unwanted loss in brand image and reputation, losing client and stakeholder confidence. Unpleasant lawsuits may proceed if the leakage of sensitive information is made public. Common mistake made by senior managers during implementation is that they delegate the entire part of IRM implementation to the IT team and not take much responsibility for it. It is important to note that IRM must be top driven from senior management which only can bring about a cultural change in the organization. Without their support, implementation at the best stays patchy and disorganized. b. User Unwillingness to change IRM’s restrictive nature and perceived usage hassles may at first not easily gel with users. Users must be made to undergo a mandatory training and awareness workshop to help ease through this process. Suggested methodology can be summarized as: Methodology for managers to inducing change in users:  Unfreezing: This step alters the forces on individuals sufficiently such that they are distracted to opt for a change. It reduces the user resistance due to increased peer pressure to induce them to go for a change.  Moving: This step presents direction of the change and the actual practice of learning new attitudes.  Refreezing: The final step forges the changed attitudes and learned skills in users. A good practice will be to train some of the people in the organization and nurture them as champions in usage of IRM. It will be better if at least one person from every department is included as a part of the IRM implementation task force. This task force will work in close cooperation with vendors/security team during implementation process. After the official implementation is over, these champions will provide the first point of reference and support for any issues arising in DLP to new users. Hence, user satisfaction increases and consequently resistance to adopt new technology is lowered down. Confidential  Network Intelligence (India) Pvt. Ltd. Page 10 of 12
Information Rights Management [IRM] c. Miscellaneous Factors [ 5 ]  External User Authentication for partners, vendors, suppliers, outsourced parties, must be strong enough and well formed. Any loose ends will damage the confidentiality of the information.  Most IRM's like Microsoft’s Windows Rights Management Services are great for Windows and Office. But they are mainly for Microsoft apps. For apps like in CAD or blueprints, other solutions are either from small vendors or very limited in scope. Confidential  Network Intelligence (India) Pvt. Ltd. Page 11 of 12
Information Rights Management [IRM] 10. R EFERENCES 1. http://www.iotap.com/Blog/tabid/673/entryid/61/Information-Rights- Management-Sharepoint-2010.aspx 2. http://en.wikipedia.org/wiki/Information_Rights_Management 3. http://blogs.kuppingercole.com/kuppinger/category/information-rights- management/ 4. http://covertix.blogspot.in/ 5. http://www.rcpbuyersguide.com/dload.php?file=whitepapers/SponsorIndex_E MC_Whitepaper11534369.pdf 6. http://www.niiconsulting.com/solutions/information_rights_management.html Confidential  Network Intelligence (India) Pvt. Ltd. Page 12 of 12

Recommended

8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
Hussein Al-Sanabani
 
IT compliance
IT complianceIT compliance
IT compliancePhan Vuong
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
Happiest Minds Technologies
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
Liwei Ren任力偉
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 

Recommended

8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
Hussein Al-Sanabani
 
IT compliance
IT complianceIT compliance
IT compliancePhan Vuong
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
Happiest Minds Technologies
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
Liwei Ren任力偉
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
IT governance and Information System Security
IT governance and Information System SecurityIT governance and Information System Security
IT governance and Information System Security
CSSRL PUNE
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
Iftikhar Ali Iqbal
 
Implementing security
Implementing securityImplementing security
Implementing security
Dhani Ahmad
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftDavid J Rosenthal
 
Operational Security
Operational SecurityOperational Security
Operational Security
Splunk
 
information security
information securityinformation security
information security
university of karachi
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Data security
Data securityData security
Data security
Tapan Khilar
 
DLP
DLPDLP
DLP
saurabh.sood
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
Zyxware Technologies
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights Management
Rahul Neel Mani
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Himani Singh
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
Michael Torres
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
ArianeSpano
 
CyberArk
CyberArkCyberArk
CyberArkJimmy Sze
 
Microsoft Rights Management
Microsoft Rights ManagementMicrosoft Rights Management
Microsoft Rights Management
Peter1020
 
Business Rights Management: A Primer
Business Rights Management: A PrimerBusiness Rights Management: A Primer
Business Rights Management: A Primer
mbrooks01
 

More Related Content

What's hot

IT governance and Information System Security
IT governance and Information System SecurityIT governance and Information System Security
IT governance and Information System Security
CSSRL PUNE
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
Iftikhar Ali Iqbal
 
Implementing security
Implementing securityImplementing security
Implementing security
Dhani Ahmad
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftDavid J Rosenthal
 
Operational Security
Operational SecurityOperational Security
Operational Security
Splunk
 
information security
information securityinformation security
information security
university of karachi
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Data security
Data securityData security
Data security
Tapan Khilar
 
DLP
DLPDLP
DLP
saurabh.sood
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
Zyxware Technologies
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights Management
Rahul Neel Mani
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Himani Singh
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
Michael Torres
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
ArianeSpano
 

What's hot (20)

IT governance and Information System Security
IT governance and Information System SecurityIT governance and Information System Security
IT governance and Information System Security
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
Implementing security
Implementing securityImplementing security
Implementing security
 
Information security
Information securityInformation security
Information security
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoft
 
Operational Security
Operational SecurityOperational Security
Operational Security
 
information security
information securityinformation security
information security
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
Data security
Data securityData security
Data security
 
DLP
DLPDLP
DLP
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights Management
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
Information security
Information securityInformation security
Information security
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
CyberArk
CyberArkCyberArk
CyberArk
 

Viewers also liked

Microsoft Rights Management
Microsoft Rights ManagementMicrosoft Rights Management
Microsoft Rights Management
Peter1020
 
Business Rights Management: A Primer
Business Rights Management: A PrimerBusiness Rights Management: A Primer
Business Rights Management: A Primer
mbrooks01
 
What is Microsoft Active Directory RMS (Rights Management Services)?
What is Microsoft Active Directory RMS (Rights Management Services)?What is Microsoft Active Directory RMS (Rights Management Services)?
What is Microsoft Active Directory RMS (Rights Management Services)?
irminsider
 
What's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesWhat's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management Services
UL Transaction Security
 
​The Identity of Things
​The Identity of Things​The Identity of Things
​The Identity of ThingsSherry Jones
 
B4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingB4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingDr. Wilfred Lin (Ph.D.)
 
CIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
CIS 2015-Rationing Identity in the Internet of Things- Steve WilsonCIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
CIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
CloudIDSummit
 
Paris Identity Tech Talk IoT
Paris Identity Tech Talk IoTParis Identity Tech Talk IoT
Paris Identity Tech Talk IoT
Bertrand Carlier
 
Telefonía móvil en áreas rurales: Oportunidades para la agricultura
Telefonía móvil en áreas rurales: Oportunidades para la agriculturaTelefonía móvil en áreas rurales: Oportunidades para la agricultura
Telefonía móvil en áreas rurales: Oportunidades para la agricultura
RIBDA 2009
 
El Plan Andinia antes de la destrucción de Israel
El Plan Andinia antes de la destrucción de IsraelEl Plan Andinia antes de la destrucción de Israel
El Plan Andinia antes de la destrucción de Israel
Ramón Copa
 
"Sustentabilidad"
"Sustentabilidad""Sustentabilidad"
"Sustentabilidad"
DulceDeyanira
 
Sof&com
Sof&comSof&com
Sof&comosriva
 
Fiona Lim - Why's Your Camera Bag so Heavy?
Fiona Lim - Why's Your Camera Bag so Heavy?Fiona Lim - Why's Your Camera Bag so Heavy?
Fiona Lim - Why's Your Camera Bag so Heavy?
ShootFest
 
Instrumentosdemedicin11 3-140528181407-phpapp01
Instrumentosdemedicin11 3-140528181407-phpapp01Instrumentosdemedicin11 3-140528181407-phpapp01
Instrumentosdemedicin11 3-140528181407-phpapp01
Margy Alejandra Hernandez
 
Actividad3
Actividad3Actividad3
Actividad3
Marcela Hernández Gómez
 
APR Ad
APR Ad APR Ad
APR Ad
aaronvstone
 
Hassan sharaf c.v
Hassan sharaf c.vHassan sharaf c.v
Hassan sharaf c.v
Hassan Samir
 
Memoria 2009 Paideia ONG - Asociación Paideia
Memoria 2009 Paideia ONG - Asociación PaideiaMemoria 2009 Paideia ONG - Asociación Paideia
Memoria 2009 Paideia ONG - Asociación Paideia
Paideia Ong
 
E volve-barcelona 02-13
E volve-barcelona 02-13E volve-barcelona 02-13
E volve-barcelona 02-13fluential
 

Viewers also liked (20)

Microsoft Rights Management
Microsoft Rights ManagementMicrosoft Rights Management
Microsoft Rights Management
 
Business Rights Management: A Primer
Business Rights Management: A PrimerBusiness Rights Management: A Primer
Business Rights Management: A Primer
 
What is Microsoft Active Directory RMS (Rights Management Services)?
What is Microsoft Active Directory RMS (Rights Management Services)?What is Microsoft Active Directory RMS (Rights Management Services)?
What is Microsoft Active Directory RMS (Rights Management Services)?
 
What's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesWhat's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management Services
 
​The Identity of Things
​The Identity of Things​The Identity of Things
​The Identity of Things
 
B4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingB4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everything
 
CIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
CIS 2015-Rationing Identity in the Internet of Things- Steve WilsonCIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
CIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
 
Paris Identity Tech Talk IoT
Paris Identity Tech Talk IoTParis Identity Tech Talk IoT
Paris Identity Tech Talk IoT
 
Telefonía móvil en áreas rurales: Oportunidades para la agricultura
Telefonía móvil en áreas rurales: Oportunidades para la agriculturaTelefonía móvil en áreas rurales: Oportunidades para la agricultura
Telefonía móvil en áreas rurales: Oportunidades para la agricultura
 
El Plan Andinia antes de la destrucción de Israel
El Plan Andinia antes de la destrucción de IsraelEl Plan Andinia antes de la destrucción de Israel
El Plan Andinia antes de la destrucción de Israel
 
"Sustentabilidad"
"Sustentabilidad""Sustentabilidad"
"Sustentabilidad"
 
Swiss Fluid SBV Ball Valve
Swiss Fluid SBV Ball ValveSwiss Fluid SBV Ball Valve
Swiss Fluid SBV Ball Valve
 
Sof&com
Sof&comSof&com
Sof&com
 
Fiona Lim - Why's Your Camera Bag so Heavy?
Fiona Lim - Why's Your Camera Bag so Heavy?Fiona Lim - Why's Your Camera Bag so Heavy?
Fiona Lim - Why's Your Camera Bag so Heavy?
 
Instrumentosdemedicin11 3-140528181407-phpapp01
Instrumentosdemedicin11 3-140528181407-phpapp01Instrumentosdemedicin11 3-140528181407-phpapp01
Instrumentosdemedicin11 3-140528181407-phpapp01
 
Actividad3
Actividad3Actividad3
Actividad3
 
APR Ad
APR Ad APR Ad
APR Ad
 
Hassan sharaf c.v
Hassan sharaf c.vHassan sharaf c.v
Hassan sharaf c.v
 
Memoria 2009 Paideia ONG - Asociación Paideia
Memoria 2009 Paideia ONG - Asociación PaideiaMemoria 2009 Paideia ONG - Asociación Paideia
Memoria 2009 Paideia ONG - Asociación Paideia
 
E volve-barcelona 02-13
E volve-barcelona 02-13E volve-barcelona 02-13
E volve-barcelona 02-13
 

Similar to Information Rights Management (IRM)

Mobile Device Management (MDM)
Mobile Device Management (MDM)Mobile Device Management (MDM)
Mobile Device Management (MDM)
Network Intelligence India
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYOD
Fernando Palma
 
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Software
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidance
Gary Chambers
 
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
Ameva Tech
 
Strategies for Data Leakage Prevention
Strategies for Data Leakage PreventionStrategies for Data Leakage Prevention
Strategies for Data Leakage Prevention
IRJET Journal
 
Brendan Byrne, Security Services Consulting and Systems Integration Leader at...
Brendan Byrne, Security Services Consulting and Systems Integration Leader at...Brendan Byrne, Security Services Consulting and Systems Integration Leader at...
Brendan Byrne, Security Services Consulting and Systems Integration Leader at...
Global Business Events
 
What is IRM? bright talk
What is IRM? bright talkWhat is IRM? bright talk
What is IRM? bright talk
ritupande
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
IBM Sverige
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 
Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...
Editor IJCATR
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness
Dinesh O Bareja
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
Skippedltd
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
Ni
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionGianmarco Ferri
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
IRJET Journal
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
Patty Buckley
 

Similar to Information Rights Management (IRM) (20)

What Is Irm
What Is IrmWhat Is Irm
What Is Irm
 
Mobile Device Management (MDM)
Mobile Device Management (MDM)Mobile Device Management (MDM)
Mobile Device Management (MDM)
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYOD
 
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, Entreda
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidance
 
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
INFORMATION RIGHTS MANAGEMENT SOLUTION ENCYPTS DOCUMENTS FOR IMPOSSING ACCESS...
 
Strategies for Data Leakage Prevention
Strategies for Data Leakage PreventionStrategies for Data Leakage Prevention
Strategies for Data Leakage Prevention
 
Brendan Byrne, Security Services Consulting and Systems Integration Leader at...
Brendan Byrne, Security Services Consulting and Systems Integration Leader at...Brendan Byrne, Security Services Consulting and Systems Integration Leader at...
Brendan Byrne, Security Services Consulting and Systems Integration Leader at...
 
What is IRM? bright talk
What is IRM? bright talkWhat is IRM? bright talk
What is IRM? bright talk
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtection
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 

More from Network Intelligence India

Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
Network Intelligence India
 
Web Application Security Strategy
Web Application Security Strategy Web Application Security Strategy
Web Application Security Strategy
Network Intelligence India
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
Network Intelligence India
 
National Cyber Security Policy 2013
National Cyber Security Policy 2013National Cyber Security Policy 2013
National Cyber Security Policy 2013
Network Intelligence India
 
RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on IT
Network Intelligence India
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
Network Intelligence India
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
Network Intelligence India
 
Cyber Security in Civil Aviation
Cyber Security in Civil AviationCyber Security in Civil Aviation
Cyber Security in Civil Aviation
Network Intelligence India
 
Spear Phishing Methodology
Spear Phishing MethodologySpear Phishing Methodology
Spear Phishing Methodology
Network Intelligence India
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies
Network Intelligence India
 
Distributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyDistributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing Methodology
Network Intelligence India
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
Network Intelligence India
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
Network Intelligence India
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus Scanner
Network Intelligence India
 

More from Network Intelligence India (20)

Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
 
Web Application Security Strategy
Web Application Security Strategy Web Application Security Strategy
Web Application Security Strategy
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
 
National Cyber Security Policy 2013
National Cyber Security Policy 2013National Cyber Security Policy 2013
National Cyber Security Policy 2013
 
RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on IT
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
 
Cyber Security in Civil Aviation
Cyber Security in Civil AviationCyber Security in Civil Aviation
Cyber Security in Civil Aviation
 
Spear Phishing Methodology
Spear Phishing MethodologySpear Phishing Methodology
Spear Phishing Methodology
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies
 
Distributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyDistributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing Methodology
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus Scanner
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
 
Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guards
 
Application security enterprise strategies
Application security enterprise strategiesApplication security enterprise strategies
Application security enterprise strategies
 
Scada assessment case study
Scada assessment case studyScada assessment case study
Scada assessment case study
 

Recently uploaded

Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 

Recently uploaded (20)

Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 

Information Rights Management (IRM)

  • 1. INFORMATION RIGHTS MANAGEMENT – IMPLEMENTATION AND CHALLENGES From An article on Information Rights Management (IRM) and our methodology for its proper implementation in achieving secure flow of sensitive information within and beyond the organizational boundaries.
  • 2. Information Rights Management [IRM] Document Tracker Author Version Summary of Changes Manasdeep September 2012 Document Created Confidential  Network Intelligence (India) Pvt. Ltd. Page 2 of 12
  • 3. Information Rights Management [IRM] NOTICE This document contains information which is the intellectual property of Network Intelligence. This document is received in confidence and its contents cannot be disclosed or copied without the prior written consent of Network Intelligence. Nothing in this document constitutes a guaranty, warranty, or license, expressed or implied. Network Intelligence disclaims all liability for all such guaranties, warranties, and licenses, including but not limited to: Fitness for a particular purpose; merchantability; non infringement of intellectual property or other rights of any third party or of Network Intelligence; indemnity; and all others. The reader is advised that third parties can have intellectual property rights that can be relevant to this document and the technologies discussed herein, and is advised to seek the advice of competent legal counsel, without obligation of Network Intelligence. Network Intelligence retains the right to make changes to this document at any time without notice. Network Intelligence makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. Copyright Copyright. Network Intelligence (India) Pvt. Ltd. All rights reserved. NII Consulting, AuditPro, Firesec, NX27K is a registered trademark of Network Intelligence India Pvt. Ltd. Trademarks Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe. NII CONTACT DETAILS Network Intelligence India Pvt. Ltd. 204 Ecospace, Old Nagardas Road, Near Andheri Subway, Andheri (E), Mumbai 400 069, India Tel: +91-22-2839-2628 +91-22-4005-2628 Fax: +91-22-2837-5454 Email: info@niiconsulting.com Confidential  Network Intelligence (India) Pvt. Ltd. Page 3 of 12
  • 4. Information Rights Management [IRM] Contents 1. Introduction .............................................................................................................................. 5 2. Why do we need IRM? ............................................................................................................... 5 3. What exactly can be achieved with IRM?[1] ................................................................................ 6 4. What can't be prevented using IRM? ......................................................................................... 6 5. Are Digital Rights Management (DRM) and IRM same things?.................................................... 7 6. Key for IRM’s successful implementation[5] ................................................................................ 8 a. Automating policy assignment ............................................................................................... 8 b. Dynamic policy control ........................................................................................................... 8 c. Discretionary policy application ............................................................................................. 8 d. Audit Trail .............................................................................................................................. 8 7. Steps before implementing IRM[6] .............................................................................................. 9 8. Popular IRM vendor list ............................................................................................................. 9 9. Challenges in IRM implementation .......................................................................................... 10 a. Lack of commitment by senior management........................................................................ 10 b. User Unwillingness to change .............................................................................................. 10 c. Miscellaneous Factors[5] ....................................................................................................... 11 10. References ........................................................................................................................... 12 Confidential  Network Intelligence (India) Pvt. Ltd. Page 4 of 12
  • 5. Information Rights Management [IRM] 1. I NTRODUCTION Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether it resides "in" or "outside" the corporate boundaries. This happens as the permissions embedded inside the file don't allow unauthorized access, modification, copying or printing. This is typically done for protection of financial documents, intellectual property such as patents, design blueprints and executive communications. IRM[4] broadly speaking addresses the fundamental problem associated with Data Protection Leakage (DLP). DLP heavily relies on protection of sensitive file within the corporate network typically at its end points. It protects the data based on its location (directory, file server/ database) or in data in transit, but doesn't give the protection at a more granular level, i.e. information contained in file itself. IRM currently applies mainly to documents and emails in typical corporate environment setting. While DLP is “transmission control” technology, IRM is “usage control” technology. 2. W HY DO WE NEED IRM? The rationale for using IRM is that the privacy information associated with data must travel along with it. The copying of that data must not lose the associated rights to that information. Rights to modify, update, restrict or even destroy that information must be retained by the individual it pertains to, even when a 3rd party holds that information. In larger context, IRM helps organizations in enforcing corporate policy governing the secure flow of highly sensitive data in the organization. File protections are defined and enforced based on user's identity along with corporate policy on a given class of data. The best way to protect information is to do it directly at the level of the information – and not at the level of many system(s) which might change, transport or store the information. Confidential  Network Intelligence (India) Pvt. Ltd. Page 5 of 12
  • 6. Information Rights Management [IRM] 3. W HAT EXACTLY CAN BE ACHIEV ED WITH IRM? [1]  Preventing restricted content from unauthorized modification, copying, printing or pasting  Disabling Print Screen feature in Microsoft Windows for taking snapshots of restricted content.  Restricting content exposure wherever it is sent  Support file expiration so that contents in documents are rendered un-viewable (or viewable) automatically after a set time.  Full auditing of both access to documents as well as changes to the rights/policy by business users 4. W HAT CAN ' T BE PREVENTED USING IRM?  Sensitive Content from being erased, stolen, captured or transmitted by malicious programs like Trojans, key loggers etc.  Content from being lost or corrupted due to virus infection  Restricted content from being hand-copied or retyped from a display screen.  Taking digital photograph of the restricted content displayed on a screen by unauthorized person  Snapshots of restricted content are possible using 3rd party screen-capture tools Confidential  Network Intelligence (India) Pvt. Ltd. Page 6 of 12
  • 7. Information Rights Management [IRM] 5. A RE D IGITAL R IGHTS M ANAGEMENT (DRM) AND IRM SAME THINGS ? Not Really. Digital Rights management (DRM)[2] technologies are typically used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices "after sale". It is specifically targeted to defeat any attempts for rich media piracy like Blu-ray, CD, DVD's, tapes, records. In United States, a legal mandate called Digital Millennium Copyright Act (DMCA) exists which imposes criminal penalties on those who make available technologies whose primary agenda is to bypass content protection technologies. Main focus of DRM is to defeat copyright infringement by putting "digital locks" to rich media eg. records, CD, DVD's etc in business to customer domain, while IRM restricts itself to sensitive information exchange in business to business domain such as merger- acquisition plans, design blueprints, patents, financial statements, strategic business plans etc. Confidential  Network Intelligence (India) Pvt. Ltd. Page 7 of 12
  • 8. Information Rights Management [IRM] 6. K EY FOR IRM’ S SUCCESSFUL IMPLEMENTATION [5] The strength of IRM is typically reserved for very sensitive information that travels outside organization — to vendors, suppliers, outsourced parties, partners etc. But challenges for proper authentication are quite complex outside the enterprise. Hence, following approaches must be used for effective implantation of IRM enterprise based solutions: a. Automating policy assignment More automated is policy assignment, better is IRM implementation. This happens as automation eliminates human errors resident in manual processes which in turn make it more effective. They can automatically protect documents such as price lists, product specifications, and manufacturing process description. This works effectively because if we let document authors be the sole arbiter of what to protect, it puts an unwelcome burden on them. They may neglect to do it correctly, consistently, or at all. Organizations can automatically assign policies to entire information groups such as anything saved to a certain folder, content of a certain type, or information that has reached a particular stage in a workflow. This saves time, ensures consistency, and is the most efficient way to manage large volumes of sensitive information with IRM. b. Dynamic policy control As business conditions evolve, IRM policies that govern the use of content must evolve as well. Regulatory changes will almost always require modifications to information policies such as patent expirations, litigation settlements, mergers and acquisitions etc. Dynamic policy control enables recipient entitlements to be changed when individual roles or business needs change, regardless of where the content resides—even when its location is unknown. Policies reside on a policy server, not within the content. So they can be changed or revoked at any time. Rights can also be set to automatically expire. c. Discretionary policy application In the enterprise, discretionary use of IRM is an option that should be used in addition to rather instead of automated policy application. d. Audit Trail An audit trail is an unalterable, chronological log of access to a system and a record of additions, changes, and deletions to information that system manages, which lists the person accessing the system, and the time of access, and the action taken. Confidential  Network Intelligence (India) Pvt. Ltd. Page 8 of 12
  • 9. Information Rights Management [IRM] 7. S TEPS BEFORE IMPLEMENTING IRM [6] So you are all rolled up to implement IRM solution in your company. But before that, answer this quick checklist:  Outline business areas where sensitive information is frequently exchanged?  What needs to be protected (documents, email etc.)  How will security policies be enforced to protect this sensitive information or communication?  Who can use the information (people, group)  What a user can do with that information (read, write, print or forward)  When can the user access the information (time duration and dates)  Where can the information be accessed from (in office, home,)  What would be the consequences to the business if this information ended up in the wrong hands?  Does the organization retain any employee, customer, or member information that could be used in identity theft if it were exposed, either through loss or theft. 8. P OPULAR IRM VENDOR LIST  Seclore FileSecure  Microsoft Integrated Rights Management  Boole Server  SmartCipher  EMC IRM Product Suite Confidential  Network Intelligence (India) Pvt. Ltd. Page 9 of 12
  • 10. Information Rights Management [IRM] 9. C HALLENGES IN IRM IMPLEMENTATION a. Lack of commitment by senior management The biggest roadblock in IRM successful implementation is the inadequate commitment shown by senior management. Management has to be convinced and made aware the value of information in the business. Consequences of losing sensitive information must be highlighted such as unwanted loss in brand image and reputation, losing client and stakeholder confidence. Unpleasant lawsuits may proceed if the leakage of sensitive information is made public. Common mistake made by senior managers during implementation is that they delegate the entire part of IRM implementation to the IT team and not take much responsibility for it. It is important to note that IRM must be top driven from senior management which only can bring about a cultural change in the organization. Without their support, implementation at the best stays patchy and disorganized. b. User Unwillingness to change IRM’s restrictive nature and perceived usage hassles may at first not easily gel with users. Users must be made to undergo a mandatory training and awareness workshop to help ease through this process. Suggested methodology can be summarized as: Methodology for managers to inducing change in users:  Unfreezing: This step alters the forces on individuals sufficiently such that they are distracted to opt for a change. It reduces the user resistance due to increased peer pressure to induce them to go for a change.  Moving: This step presents direction of the change and the actual practice of learning new attitudes.  Refreezing: The final step forges the changed attitudes and learned skills in users. A good practice will be to train some of the people in the organization and nurture them as champions in usage of IRM. It will be better if at least one person from every department is included as a part of the IRM implementation task force. This task force will work in close cooperation with vendors/security team during implementation process. After the official implementation is over, these champions will provide the first point of reference and support for any issues arising in DLP to new users. Hence, user satisfaction increases and consequently resistance to adopt new technology is lowered down. Confidential  Network Intelligence (India) Pvt. Ltd. Page 10 of 12
  • 11. Information Rights Management [IRM] c. Miscellaneous Factors [ 5 ]  External User Authentication for partners, vendors, suppliers, outsourced parties, must be strong enough and well formed. Any loose ends will damage the confidentiality of the information.  Most IRM's like Microsoft’s Windows Rights Management Services are great for Windows and Office. But they are mainly for Microsoft apps. For apps like in CAD or blueprints, other solutions are either from small vendors or very limited in scope. Confidential  Network Intelligence (India) Pvt. Ltd. Page 11 of 12
  • 12. Information Rights Management [IRM] 10. R EFERENCES 1. http://www.iotap.com/Blog/tabid/673/entryid/61/Information-Rights- Management-Sharepoint-2010.aspx 2. http://en.wikipedia.org/wiki/Information_Rights_Management 3. http://blogs.kuppingercole.com/kuppinger/category/information-rights- management/ 4. http://covertix.blogspot.in/ 5. http://www.rcpbuyersguide.com/dload.php?file=whitepapers/SponsorIndex_E MC_Whitepaper11534369.pdf 6. http://www.niiconsulting.com/solutions/information_rights_management.html Confidential  Network Intelligence (India) Pvt. Ltd. Page 12 of 12