HOME

TheInfoList



Click Here for Items Related To - Adaptive Redaction
OR:
Adaptive Redaction on:   [Wikipedia]   [Google]   [Amazon]

Adaptive Redaction is an alternate version of
redaction Redaction is a form of editing in which multiple sources of texts are combined and altered slightly to make a single document. Often this is a method of collecting a series of writings on a similar theme and creating a definitive and coherent wo ...
whereby sensitive parts of a document are automatically removed based on
policy Policy is a deliberate system of guidelines to guide decisions and achieve rational outcomes. A policy is a statement of intent and is implemented as a procedure or protocol. Policies are generally adopted by a governance body within an orga ...
. It is primarily used in next generation
Data Loss Prevention Data loss prevention (DLP) software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while ''in use'' (endpoint actions), ''in motion'' (network traffic), and ' ...
(DLP) solutions.


Content and Context

The policy is a set of rules based on content and on context. Context can include: * Who is sending (or uploading) the information. * Who is receiving the information (including a web site if uploading or downloading). * The communication channel (e.g. email, web, copy to removable media). The content can be 'visible' information, such as that you see on the screen. It can also be 'invisible' information such as that in document properties and revision history, and it can also be 'active' content which has been embedded in an electronic document, such as a macro.


Purpose

Adaptive Redaction is designed to alleviate "False Positive" events created with Data loss prevention software (DLP) security solutions. False positives occur when a DLP policy triggers and prevents legitimate outgoing communication. In the majority of cases this is caused through oversight by the sender.


Examples

Sending unprotected
credit card A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant for goods and services based on the cardholder's accrued debt (i.e., promise to the card issuer to pay them for the amounts plus the o ...
information outside an organisation breaches the
Payment Card Industry Data Security Standard The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard used to handle credit cards from major card brands. The standard is administered by the Payment Card Industry Security Standards Council and its use ...
(PCI DSS regulations). Many organisations accept credit card information through
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...
, however a reply to an email containing such information would send out the prohibited information. That would cause a breach of policy. Adaptive Redaction can be used to remove just the credit card number but allow the email to be sent. 'Invisible' information can be found in documents and has created embarrassment for several governments. How the Conservatives orchestrated the letter from business leaders - and got it wrong
/ref>


See also

* Data masking *
Redaction Redaction is a form of editing in which multiple sources of texts are combined and altered slightly to make a single document. Often this is a method of collecting a series of writings on a similar theme and creating a definitive and coherent wo ...
*
Tokenization (data security) Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no intrinsic or exploitable meaning or value. The token is a reference (i.e. ...


References

{{DEFAULTSORT:Adaptive Redaction Cryptography Data security Information technology