Scribd Logo
Upload

Welcome to Scribd!

  • 1.7 - Classifier - Presentation

    Uploaded by

    Mohannad Dawoud
    23 views16 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views16 pages

    1.7 - Classifier - Presentation

    Uploaded by

    Mohannad Dawoud

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    InfoSphere™ Optim™ & Guardium® Technology Ecosystem

    InfoSphere™ Guardium® Technical Training

    Classifier

    Information Management

    © 2011 IBM Corporation


    Information Management

    Agenda

     What is Classifier?
     How does Classification work?
     Classification Rule
     Classification Policy
     Classification Process
     Classification Reports
     Classification Workflow
     Benefits and Use Cases

    2 © 2011 IBM Corporation


    Information Management

    What is Classifier?

    ■ Sensitive information may be present in multiple locations without the knowledge


    of the current owners of these data, or may simply not have any owner at all:
    – Enhancement projects between disparate systems
    – Mergers and acquisitions
    – Legacy systems that have outlasted their original owners

    ■ Sensitive information may be credit card numbers and transactions, personal


    information, or financial data
    ■ Guardium Classifier feature discovers and classifies sensitive data by efficiently
    crawling databases or unstructured files searching for the specified data pattern,
    and in case of databases, catalog information or permissions

    3 © 2011 IBM Corporation


    Information Management

    How does Classification work?

    Classification Policy: a set of rules designed to discover and tag sensitive data
    elements. Sensitive data are looked for based on the type of discovery and an
    action is performed when sensitive data are found

    Classification Process: a job consisting of a classification policy and one or more


    datasources. The process can be scheduled to run on a periodic basis as a task
    in a compliance workflow automation process

    Classification Audit
    Rules
    Classification Classification Process
    Policy Process
    Rule Type

    Rule Action
    Data Sources

    4 © 2011 IBM Corporation


    Information Management

    Classification Policy and Process Builder

    Accounts with admin role:


    Tools > Config & Control

    Accounts with user role:


    Discover > Classification

    5 © 2011 IBM Corporation


    Information Management

    Classification Rule

    Defines what to search for, how to search, and


    what action(s) to take if an object is found.

     Catalog Search: Search the database catalog


    for table or column name
     Search by Permission: Search for the types of
    access that have been granted to users or roles
     Search for Data: Match specific values or
    patterns in the data
     Search for Unstructured Data: Match specific
    values or patterns in an unstructured data file
    (CSV, Text, HTTP, HTTPS, Samba)

    6 © 2011 IBM Corporation


    Information Management

    Search Expressions
    Regular Expressions

    Catalog (column name, table name) or SQL:


    ■ % = any character (%card will match “credit card” and “payment card”)
    Search Expressions:
    ■ * = any number of characters

    ■ ^ = Match string from the beginning (^find* will match “findthis”)


    ■ $ = Match string at the end (*this$ will match “findthis”)
    ■ [0-9] = match a single digit from 0 through 9
    ■ {n} = match exactly n instances of the preceding character(s)

    Built-in Patterns
     guardium://CREDIT_CARD → Detects two credit card number patterns. It tests for a string
    of 16 digits or for four sets of four digits, with each set separated by a blank
     guardium://SSEC_NUMBER → Detects Social Security Number format: three digits, dash
    (-), two digits, dash (-), four digits
     guardium://PCI_TRACK_DATA → Detects two patterns of magnetic stripe data used in the
    Payment Card Industry
    7 © 2011 IBM Corporation
    Information Management

    Classification Actions
     Add To Group Of Object-Fields: A member
    will be added to the selected Object-Field
    group. Can be used for structure data and
    unstructured data files.
     Add To Group Of Objects: A member will be
    added to the selected Object group
     Create Access Rule: An access rule will be
    inserted into an existing security policy
    definition
     Ignore: Do not log the match, and take no
    additional actions
     Create Privacy Set: The selected privacy set's object-field list will be replaced. A privacy
    set is a collection of elements that merit special monitoring
     Log Policy Violation: A policy violation will be logged. This means that classification
    policy violations will be logged (and can be reported) together with access policy
    violations (and optionally correlation alerts) that may have been produced
     Log Result: Log the match, and take no additional actions
     Send Alert: An alert will be sent to one or more receivers
    8 © 2011 IBM Corporation
    Information Management

    Classification Policy

    ■ Set of classification rules that have a similar discovery and classification objective
    ■ Many rules with multiple actions can be defined
    ■ Number of rules will affect the classification process run time
    ■ Classification policy is data source independent → one policy can be run against
    many data sources

    9 © 2011 IBM Corporation


    Information Management

    Classification Process

    ■ Classification process defines a classification job


    ■ Classification process applies the policy to one or multiple data sources
    ■ Can be run ad-hoc or scheduled as part of a audit process

    10 © 2011 IBM Corporation


    Information Management

    Classification Report

    11 © 2011 IBM Corporation


    Information Management

    Classification Workflow

    ■ The Classification Process can be scheduled using Audit Process


    – Ensures policies are based on up-to-date groups of sensitive objects
    – Important if sensitive information is added or location of sensitive objects are changed
    ■ Results can be automatically sent out for review to verify the discovery and classification

    12 © 2011 IBM Corporation


    Information Management

    Benefits and Use Cases

    ■ Group sensitive objects from multiple data sources

    ■ Apply security policies to groups of objects with similar properties

    ■ Secure information and manage risk when the sensitivity of stored information is
    not known

    ■ Ensure compliance when it isn’t clear which information is subject to the terms of
    particular regulations

    13 © 2011 IBM Corporation


    Information Management

    Questions?

    14 © 2011 IBM Corporation


    Information Management

    Classifier – Lab

    15 © 2011 IBM Corporation


    InfoSphere™ Optim™ & Guardium® Technology Ecosystem

    InfoSphere™ Guardium® Technical Training

    Classifier

    Information Management

    © 2011 IBM Corporation

    You might also like