Professional Documents
Culture Documents
1.7 - Classifier - Presentation
1.7 - Classifier - Presentation
1.7 - Classifier - Presentation
Classifier
Information Management
Agenda
What is Classifier?
How does Classification work?
Classification Rule
Classification Policy
Classification Process
Classification Reports
Classification Workflow
Benefits and Use Cases
What is Classifier?
Classification Policy: a set of rules designed to discover and tag sensitive data
elements. Sensitive data are looked for based on the type of discovery and an
action is performed when sensitive data are found
Classification Audit
Rules
Classification Classification Process
Policy Process
Rule Type
Rule Action
Data Sources
Classification Rule
Search Expressions
Regular Expressions
Built-in Patterns
guardium://CREDIT_CARD → Detects two credit card number patterns. It tests for a string
of 16 digits or for four sets of four digits, with each set separated by a blank
guardium://SSEC_NUMBER → Detects Social Security Number format: three digits, dash
(-), two digits, dash (-), four digits
guardium://PCI_TRACK_DATA → Detects two patterns of magnetic stripe data used in the
Payment Card Industry
7 © 2011 IBM Corporation
Information Management
Classification Actions
Add To Group Of Object-Fields: A member
will be added to the selected Object-Field
group. Can be used for structure data and
unstructured data files.
Add To Group Of Objects: A member will be
added to the selected Object group
Create Access Rule: An access rule will be
inserted into an existing security policy
definition
Ignore: Do not log the match, and take no
additional actions
Create Privacy Set: The selected privacy set's object-field list will be replaced. A privacy
set is a collection of elements that merit special monitoring
Log Policy Violation: A policy violation will be logged. This means that classification
policy violations will be logged (and can be reported) together with access policy
violations (and optionally correlation alerts) that may have been produced
Log Result: Log the match, and take no additional actions
Send Alert: An alert will be sent to one or more receivers
8 © 2011 IBM Corporation
Information Management
Classification Policy
■ Set of classification rules that have a similar discovery and classification objective
■ Many rules with multiple actions can be defined
■ Number of rules will affect the classification process run time
■ Classification policy is data source independent → one policy can be run against
many data sources
Classification Process
Classification Report
Classification Workflow
■ Secure information and manage risk when the sensitivity of stored information is
not known
■ Ensure compliance when it isn’t clear which information is subject to the terms of
particular regulations
Questions?
Classifier – Lab
Classifier
Information Management