Introduction
About this Guide
System Requirements
Minimum Required Permissions
Required Ports
Performance Calculations
Deploying Classification in Identity Manager
Classification Overview
Required Components
Component Workflow
Activating Classification
Configuring Classification: Taxonomies, Categories, and Rules
Install the Classification Components
Enable Classification in the Designer
Identify the Classification Service Account
Deploy the Classification Server
Deploy Classification Workers
Enable and Disable Automatic Classification on Specific Managed Hosts
Enabling Categorization on Folders (Security Index Roots)
Managing the File Types to be Classified
Starting Initial Classification
Upgrade an Agent for Classification
Re-classify Data
Classification Application Roles
Troubleshooting the Classification Deployment
An Overview of Classification Configuration
Steps Required to Implement Classification
Creating Taxonomies
Working with Categorized Resources
Working with Taxonomies
Implementing Rules for Automated Categorization
Creating a Taxonomy
Importing and Replacing Taxonomies
Editing a Taxonomy
Deleting a Taxonomy
Exporting Taxonomies
Working with Categories
How Rules Affect Categorization
Managing Rules in the Classification System
Classifying Resources
When Do Categorization and Classification Occur?
Managing the Life Cycle of Taxonomies and Categories
Creating a Rule
Editing a Rule
Associating Rules to Categories and Applying Rule Weights
Deleting a Rule
Advanced Rule Applications
Working with Text Extractors
Identifying Text Extractors used within the System
Creating Text Extractors
Validating the Text Extractor
Editing Text Extractors
Removing Text Extractors
Working with Regular Expression Text Extractors
Working with Dictionary Text Extractors
Managing Public Dictionary Text Extractors
Managing Protected Dictionary Text Extractors
Managing Dictionary Text Extractors with PowerShell
Working with Advanced Text Extractors
Testing and Reviewing Automated Classification
Testing a Rule against a Resource
Testing all Rules Against a Resource
Viewing the Text from a Resource
Determining Why Categorizations Were Applied to a Resource
Viewing Categorized Resources
Making a Category Available to the Classification System
Working with the Categorization of Your Resources
Appendix A: PowerShell Commands
What Categories Can You Apply?
Working With Manually Categorized Resources
Working With Automatically Categorized Resources
Categorization Statistics and Views
Adding the PowerShell Snap-ins
Finding a Taxonomy, Category, or Extractor ID using PowerShell
Deploying the Classification Server and the Classification Worker
Troubleshooting Deployment
Managing Taxonomies
Appendix B: Oracle Configuration
Appendix C: Classifying Data with Data Governance Templates
Available Templates
Appendix D: Creating a Taxonomy to Classify Data
Working with the Sample Taxonomy Templates
Contents
Before using the templates ensure that you have all the necessary components in your environment in place. For details see, Steps Required to Implement Classification.
 |
To use the sample templates for classification, the data must be located on a scanned data root that is set for classification on a managed host. For details, see Enabling Categorization on Folders (Security Index Roots). |
| |
The classification assigned by Identity Manager (Public, Internal, Private, or Secret) depends upon the risk calculated from the applied categories. For details see, Classifying Resources. |
Data Governance Sample Taxonomy
The Data Governance Sample taxonomy demonstrates a taxonomy based on basic personal information. This includes credit card and bank account numbers, National Identifiers, phone numbers, addresses, email addresses, and much more.
By default, the taxonomy will import with the following settings:
- Enabled for automatic classification based upon the template’s rules and extractors. If you would like to alter how the categories are applied, you can edit these variables. For details see, Working with Text Extractors.
- Mutually exclusive has not been enabled, so more than one category can be assigned from the taxonomy. If enabled, and more than one category could be applied to a resource based on the associated rules and category threshold, only the category with the highest combined rule score is applied. For details on how this will affect your classifications, see Working with Categories.
- A rule weights of 1.0. For details on how rules affect the categorization, see How Rules Affect Categorization.
Understanding the Taxonomy
If you apply the template with all defaults, which includes the categories, text extractors, and rules your data will be categorized as follows:
| |
A category will be applied, based on the rule specified for the category. This takes into account the weight, strength, and threshold. The classification assigned by Identity Manager (Public, Internal, Private, or Secret) depend upon the risk calculated from the applied categories. For details see, Classifying Resources. |
| Category | data MAtches that Cause Categorization |
| Credit Card Number | Delimited and non-delimited values within 50 characters of the name of a major credit card provider. |
| National Identifier for United States, Great Britain, Canada, France, and Spain | Delimited and non-delimited National Identity Card numbers and card names for Great Britain, Canada, United States, France and Spain. (Social Insurance Number, SIN, Social Security Number, SSN, National Insurance, NI, numéro d'assurance sociale, nas, medicare, or 'INSEE' or the fully spelled out version.) |
| Online Email Address | Email addresses |
| International Bank Account Number (IBAN | Delimited and non-delimited IBAN numbers within 50 characters to an IBAN name. |
| Phone Number for United States, Great Britain, Canada, France, and Spain | Delimited and non-delimited phone numbers for the United States, Great Britain, Canada, France, and Spain within 200 characters of a word giving this number context (such as Tel, Phone, and Telephone). |
| Address | Addresses for United States, Canada, Germany, France, Great Britain, and Spain. |
| Name | Female and male first and last name, salutations, and suffix for United States, Canada, Germany, France, Great Britain, and Spain. |
Data Governance Payment Card Industry (PCI) Taxonomy
The PCI Sample taxonomy includes categories that cover basic payment card information including credit card and bank account numbers. The categories (medium/low) will help you assess the level of sensitivity of your data.
Understanding the PCI Taxonomy
By default, the taxonomy will import with the following settings:
- Enabled for automatic classification based upon the template’s rules and extractors. If you would like to alter how the categories are applied, you can edit these variables. For details see, Working with Text Extractors.
- Mutually exclusive has been enabled, so only one category can be assigned from the taxonomy. For details on how this will affect your classifications, see Working with Categories.
- A rule weights of 1.0. For details on how rules affect the categorization, see How Rules Affect Categorization.
If you apply the template with all defaults, which includes the categories, text extractors, and rules your data will be categorized as follows:
| |
A category will be applied, based on the rule specified for the category. This takes into account the weight, strength, and threshold. The classification assigned by Identity Manager (Public, Internal, Private, or Secret) depend upon the risk calculated from the applied categories. For details see, Classifying Resources. |
| Category | data MAtches that Cause Categorization |
| Medium | One instance (within 1024 characters) of any: Name and Credit Card (Credit card is comprised of number, or number and credit card provider) OR Name and Bank Account (Bank account is comprised of number and type of bank account.) |
| Low | One instance of any Credit Card or Bank Account |
Titus Commercial Taxonomy
| |
To use the Titus commercial taxonomy, you must have previously categorized data with the Titus classification system and the data must be in a scanned data root marked for classification. |
Understanding the Template
When users apply Titus categorizations to their documents, they are mapped to the associated Titus category within the Identity Manager system. The risk level of those categories, ultimately determine how the Titus categorized data will be classified by Identity Manager.
If you select to use the template for automatic classification with the default settings, the data will be classified as follows:
| Category | data MAtches that Cause Categorization |
| Public | "sensitivity-public" |
| Internal | "sensitivity-internal" |
| Confidential | "sensitivity-confidential" |
| Secret | "sensitivity-secret" |
For details on altering the default values, see Rule Example Manipulating Threshold and Rule Weight.