Introduction
About this Guide
System Requirements
Minimum Required Permissions
Required Ports
Performance Calculations
Deploying Classification in Identity Manager
Classification Overview
Required Components
Component Workflow
Activating Classification
Configuring Classification: Taxonomies, Categories, and Rules
Install the Classification Components
Enable Classification in the Designer
Identify the Classification Service Account
Deploy the Classification Server
Deploy Classification Workers
Enable and Disable Automatic Classification on Specific Managed Hosts
Enabling Categorization on Folders (Security Index Roots)
Managing the File Types to be Classified
Starting Initial Classification
Upgrade an Agent for Classification
Re-classify Data
Classification Application Roles
Troubleshooting the Classification Deployment
An Overview of Classification Configuration
Steps Required to Implement Classification
Creating Taxonomies
Appendix A: PowerShell Commands
Working with Taxonomies
Implementing Rules for Automated Categorization
Creating a Taxonomy
Importing and Replacing Taxonomies
Editing a Taxonomy
Deleting a Taxonomy
Exporting Taxonomies
Working with Categories
How Rules Affect Categorization
Managing Rules in the Classification System
Classifying Resources
When Do Categorization and Classification Occur?
Managing the Life Cycle of Taxonomies and Categories
Creating a Rule
Editing a Rule
Associating Rules to Categories and Applying Rule Weights
Deleting a Rule
Advanced Rule Applications
Working with Text Extractors
Identifying Text Extractors used within the System
Creating Text Extractors
Validating the Text Extractor
Editing Text Extractors
Removing Text Extractors
Working with Regular Expression Text Extractors
Working with Dictionary Text Extractors
Managing Public Dictionary Text Extractors
Managing Protected Dictionary Text Extractors
Managing Dictionary Text Extractors with PowerShell
Working with Advanced Text Extractors
Testing and Reviewing Automated Classification
Testing a Rule against a Resource
Testing all Rules Against a Resource
Viewing the Text from a Resource
Determining Why Categorizations Were Applied to a Resource
Viewing Categorized Resources
Making a Category Available to the Classification System
Adding the PowerShell Snap-ins
Finding a Taxonomy, Category, or Extractor ID using PowerShell
Deploying the Classification Server and the Classification Worker
Troubleshooting Deployment
Managing Taxonomies
Appendix B: Oracle Configuration
Appendix C: Classifying Data with Data Governance Templates
Available Templates
Appendix D: Creating a Taxonomy to Classify Data
Data Governance Payment Card Industry (PCI) Taxonomy
The PCI Sample taxonomy includes categories that cover basic payment card information including credit card and bank account numbers. The categories (medium/low) will help you assess the level of sensitivity of your data.
Understanding the PCI Taxonomy
By default, the taxonomy will import with the following settings:
- Enabled for automatic classification based upon the template’s rules and extractors. If you would like to alter how the categories are applied, you can edit these variables. For details see, Working with Text Extractors.
- Mutually exclusive has been enabled, so only one category can be assigned from the taxonomy. For details on how this will affect your classifications, see Working with Categories.
- A rule weights of 1.0. For details on how rules affect the categorization, see How Rules Affect Categorization.
If you apply the template with all defaults, which includes the categories, text extractors, and rules your data will be categorized as follows:
 |
A category will be applied, based on the rule specified for the category. This takes into account the weight, strength, and threshold. The classification assigned by Identity Manager (Public, Internal, Private, or Secret) depend upon the risk calculated from the applied categories. For details see, Classifying Resources. |
| Category | data MAtches that Cause Categorization |
| Medium | One instance (within 1024 characters) of any: Name and Credit Card (Credit card is comprised of number, or number and credit card provider) OR Name and Bank Account (Bank account is comprised of number and type of bank account.) |
| Low | One instance of any Credit Card or Bank Account |
Titus Commercial Taxonomy
| |
To use the Titus commercial taxonomy, you must have previously categorized data with the Titus classification system and the data must be in a scanned data root marked for classification. |
Understanding the Template
When users apply Titus categorizations to their documents, they are mapped to the associated Titus category within the Identity Manager system. The risk level of those categories, ultimately determine how the Titus categorized data will be classified by Identity Manager.
If you select to use the template for automatic classification with the default settings, the data will be classified as follows:
| Category | data MAtches that Cause Categorization |
| Public | "sensitivity-public" |
| Internal | "sensitivity-internal" |
| Confidential | "sensitivity-confidential" |
| Secret | "sensitivity-secret" |
For details on altering the default values, see Rule Example Manipulating Threshold and Rule Weight.
Sample Advanced Text Extractors Details
Contents
For details on editing the templates to better suit your needs, see Working with Text Extractors.
An advanced text extractor contains the following components:
| Component | Description |
| Extractors | Details the information to be extracted from resource files for analysis by the rules engine. Extractors are refined by grammars. |
| Grammars | A collection of entities that refine the matches made by extractors by either excluding unnecessary patterns, or building new compound patterns. For example, the 'First Name' and 'Last Name' entities provided in the .ecr libraries can be combined within a custom grammar to form the 'Full Names' entity. Note: The grammar name cannot begin with a number. Grammars can be defined by headwords. This is a component that allows an analyst to define their own word libraries to be used in extractors. Rather than using regular expression within a <pattern> tag with zero or more additional parameters, you can create an entity with headwords that you can then reference. This facilitates updating custom lists. You can add or remove headwords from the entity created for them, and any extractor referencing that entity will be automatically updated. |
| Patterns | A grammar defines patterns for matching text in a document. A pattern is a combination of characters and operators. An operator is a sequence of special characters that match text by following the rules associated with the operator. |
Credit Card and Banking
| Name | ID | Use to find... |
| Credit Card Number - Delimited | Extrators.Credit.Card.Delim | Credit card delimited numbers of 13 - 16 digits |
| Credit Card Number - Non | Extrators.Credit.Card.NoDelim | Credit card non- delimited numbers of 13 - 16 digits |
| Credit Card Provider | Extrators.Credit.Card.Providers | Names of major credit card providers |
| Bank Account Number - IBAN | Extractors.Bank.IBAN | International bank account numbers |
| Bank Account Type - IBAN | Extracors.IBAN.Name | “IBAN” or “International Bank Account Number” |
| Name | Use to MAtch Patterns for... |
| number_cc.ecr number_iban.ecr |
Credit card numbers International Bank Account Number |
| Headwords | Major credit card providers, “IBAN” |
Grammar Pattern Match Details
- Credit card numbers
number_cc/cc/delim Pattern Description (?A^number_cc/cc/delim) Any dash-delimited credit card number (?A^number/ccds) Any space-delimited credit card number number_cc/cc/nodelim Pattern Description (?A^number_cc/cc/nodelim) Any non-delimited credit card values -
number_bank/banking/iban Pattern Description (?A^number_bank/banking/ibans) Space-delimited IBAN number (?A^number_bank/banking/iban) Undelimited IBAN number
Bank accountsnumber/bank/IBANName Pattern Description Defined by the following headwords:"iban" and ‘international bank account" Case insensitive use of the acronym and full name for “International bank account” - Credit Card Providers
number_cc/cc/providers Sample Headwords Description Defined by the following: “american express", "visa", "amex", "austrailian bankcard", "diners", "discover", "voyager", "jcb", "enroute", "mastercard", "credit card", "eurocard", "union pay" Case insensitive use of major credit card providers