Oops – How Did That Get on a Public Website?
Despite the fact that billions of dollars are budgeted each year by the Federal Government for Information Technology programs that identify security procedures, data shows that internal data breaches continue to occur an alarming rate (Davis & Waxman, 2006). Even more significant is the revelation that the Federal government, under the current setup, is not fully aware of what data are being stored on Federal computer systems and thereby, unable to determine exactly what data might be at risk (Davis & Waxman, 2006). Organizations used to take, or still currently take a crisis-security policy which is a reactive approach that can prove devastating to the organization. Within the government sector, security and protecting confidential content assets is not an option as the repercussions are too high.
Information Security should lie solely within the Information Technology department of an organization (McConnell, 2002). The high percentage of organizations adopting security technologies suggests that organizations may be relying too much on security technologies without accompanying changes in business processes, which take into account the ‘people’ aspect of the solution. This ‘people’ aspect has proven to be one of the most significant challenges that are responsible for data breaches.
Concept Searching’s approach is to eliminate end user involvement in the process, unless specifically authorized. The solution augments traditional security products and compliance processes within an organization, by discovering where unknown privacy data (PXX) (i.e. any organizationally defined descriptors/content that has been defined as confidential) exists. Fully integrated with all versions of SharePoint, documents containing PXX are automatically identified, and optionally changed to a custom Content Type, routed to a secure server and made available to selected users using Windows Rights Management services for further disposition and analysis.
Fully customizable to identify unique or industry standard PXX descriptors, content is automatically meta-tagged and classified to the appropriate node(s) in the PXX taxonomy based upon the presence of PXX from within the content. Once tagged and classified, the content can be managed in accordance with internal, regulatory, or government guidelines.
Leaving it to end users, just doesn’t work. Especially now, when fines, compliance regulations, are growing by leaps and bounds. It’s not worth the risk.