Upload File

copyright © 2005 janusnet pty ltd unclassified official information in email – managing the risk...

  • Home
  • Documents
  • Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify
13
Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage Reduce risk via protective markings Simplify email security for end- users Whole of Government approach Neville Jones November 2005

Upload: aubrey-mitchell

Post on 27-Dec-2015

217 views

Category:

Documents


3 download

Report

TRANSCRIPT

Page 1: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

Official information in email – managing the risk of leakage

● Reduce risk via protective markings● Simplify email security for end-users● Whole of Government approach

Neville JonesNovember 2005

Page 2: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

Concept

● PSM rules for email● Keep ICT Security Simple for users● make email system do the hard stuff● get more value out of email system

Page 3: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

In the beginning there was...

Page 4: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

Official email

● Email as channel– big – useful

● Risks for Government

Page 5: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

Email security difficult for users

● Message path hell● Email policy hell● Users are not routing experts!● Users are not security experts!

Page 6: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

Message path hell

ISPPrivate

Individual

(Remote)

Officer

Wireless

(Wireless)

Officer

firewall

YourAgency

Officer

Privatenetwork

PartnerAgency

Officer Officer

Internet

PartnerAgency

CorporateNetwork

Officer

Fax

gateway

PSTN

Page 7: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

Email security can be simpler

● Let email system do the work!● Enforce policy at email components● Use principles of PSM● How to put protective markings in

emails?

Page 8: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

Protective markings for email

RFC2822 MESSAGE

RFC2822 BODY

RFC2822 HEADER

MIME BODY(s)

MIME ATTACHMENT(s)

Message-ID: <[email protected]>Date: Wed, 230 Nov 2005 9:28:09 +1100From: "Jane Doe" <[email protected]>User-Agent: Microsoft OutlookX-Accept-Language: en-us, enX-Protective-Marking: [VER=2005.6, NS=gov.au, SEC=UNCLASSIFIED, [email protected]]MIME-Version: 1.0To: "Smith, John" <[email protected]>Subject: Hello World [SEC=UNCLASSIFIED]Content-Type: text/plain;

charset=ISO-8859-1;format=flowed

Content-Transfer-Encoding: 7bit

Page 9: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

Creating the marking

Page 10: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

Real world problem

Page 11: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

Risk management implementation

● Email client enablement● Encryption invoked by classification

level● End user doesn't have to click

“Encrypt”

Page 12: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

Wide scope of application

● Client side rules● Gateway flow control● Gateway encryption/decryption● Official email register● Archive management● Web headers

Page 13: Copyright © 2005 janusNET Pty Ltd UNCLASSIFIED Official information in email – managing the risk of leakage ● Reduce risk via protective markings ● Simplify

Copyright © 2005 janusNET Pty LtdUNCLASSIFIED

Gateway flow control

● Major area of Government activity● DSD / ACSI33 & AGIMO● Sending ● Receiving● Agency adoption


Hydrogeologic Risk Assessment of Hydraulic Fracturing … fraccing... · Hydrogeologic Risk Assessment of Hydraulic Fracturing for Gas Recovery ... cementing; (2) leakage through

Mitigating the risk of information leakage in a two-level ...users.encs.concordia.ca/~design/reference/JIM_IP.pdf · Mitigating the risk of information leakage in a two-level supply

Quantification of wellbore leakage risk using non-destructive … · 2013-09-30 · individual well leakage to provide basis for risk calculation uncertainty. Project Wells (WY, 2010)

Rehearsal Markings

Risk Assessment on CO2 Leakage at CO2 Storage …Risk Assessment on CO 2 Leakage at CO 2 Storage Sites Katherine Romanak Gulf Coast Carbon Center Bureau of Economic Geology, The University

Earth leakage detection & risk mitigation

Anastomotic Leakage After Gastrointestinal Surgery: Risk ...egyptianjournal.xyz/57_13.pdf · Anastomotic Leakage After Gastrointestinal Surgery: Risk Factors, Presentation And Outcome

Risk analysis of subsea x-mas tree leakage - IASEM€¦ · Risk analysis of subsea x-mas tree leakage . ... inner tree cap, ... module and hydraulic control module work together to

Measuring Leakage Risk · 2016. 5. 18. · Summary and conclusions Measuring Leakage Risk y Meredith Fowlie (UC Berkeley), Mar Reguant (Northwestern), Stephen Ryan (University of

Search Markings

body markings

Tabel Markings

Risk assessment of corrosion leakage of lpg from domestic

The Impact of Knowledge Leakage Management on Innovative … · appropriate solutions to avoid the risk of weaken performance caused by knowledge leakage and to provide more efforts

Potential leakage mechanisms and their relevance … 2-Potential leakage...Potential leakage mechanisms and their relevance to CO 2 storage site risk assessment and safe operations

Apron Markings

Aircraft Markings

Risk Factory: Beyond Data Leakage

PAVEMENT MARKINGS

Flashcards Markings

Pattern Markings

Risk of Anastomotic leakage with non- steroidal anti-inflammatory drugs in colorectal surgery

EzDataMunchTM –A New Way To€¦ · Risk Management & Compliance • Solvency II Compliance • Risk & Exposure Analysis • Travel Expense Fraud • Labor cost leakage Analysis

ROAD MARKINGS - media.brintex.commedia.brintex.com/Occurrence/222/Brochure/6539/brochure.pdf · Fleet Operator Recognition Scheme (FORS) Achilles Building Confidence risk management

BONE MARKINGS

Modeling Carbon Leakage Risk in Poland

Assessing the Risk of CO2 Leakage & Induced Seismicity ... · Assessing the Risk of CO 2 Leakage & Induced Seismicity Across the Illinois Basin Mark Person & Yipeng Zhang; NM Tech

Risk of revenue leakage - · PDF fileRisk of revenue leakage...and ends here Amadeus Financial Suite Streamline financial processes from sales to accounting amadeus.com/financialsuite

University of Groningen Anastomotic leakage Karliczek, Anne · Currently, the intraoperative risk assessment for anastomotic leakage is made by the operating surgeon. If the risk

Mitigating the risk of information leakage in a two-level supply

Data Leakage: Affordable Data Leakage Risk Management · and accomplish data leakage prevention by way of deterrence, detection and defense (Figure - ). Deterrence measures are designed

Surface Markings

Roadway Markings

User Manual metal objects (including coins) to avoid short circuiting, discharging, excessive heat, or possible leakage. Do not attempt to disassemble the markings on the battery compartment

Fastener Markings