Data Classification And Handling: Trying To Define And Protect The: Fill & Download for Free

Of course, your Non-Disclosure Agreement will be kept on file (somewhere, in triplicate, forever) in an undisclosed location like the Indiana Jones warehouse where the Ark of the Covenant was consigned.The NdA is a contract between you and the U.S. Government that creates a lifetime —- REPEAT LIFETIME —- contractual obligation to protect classified information. The importance of this contract, and your resulting responsibilities to national security, cannot be overstated. The NdA specifically indicates that the failure to properly protect classified information may result in several criminal or administrative sanctions as outlined by various governing documents.Call Out Box: “I have been advised that the unauthorized disclosure, …of classified information by me could cause damage…to the United States. I further understand that I am obligated to comply with laws and regulations…”Call Out Box: “In addition, I have been advised that any unauthorized disclosure of classified information by me may constitute a violation, or violations of…”• 18 United States Code (USC) 793 / 794 / 798 of the Espionage Act• 18 USC 641 (Theft of Government Property)• 50 USC 421 of the Intelligence Identities Protection Act Individuals who have been granted access to classified information must understand their obligations to safeguard classified information.You must also be aware of additional responsibilities, including:• Properly classifying and handling information• Reporting unauthorized disclosures• Obtaining proper authorization prior to communicating with the media• Submitting all material related to your position for pre-publication review prior to public releaseAs a cleared professional, you are required to submit for pre-publication review any information that you create for non-official purposes, if it is based on knowledge gained by your access to classified data. This review ensures that the information you create does not compromise any classified information or activity. The following are some examples of information that may require a review:• Speeches, articles, white papers, etc.• Web pages, blogs, video teleconferences, etc.So, if you may over time either inadvertently, or deliberately, let little nuggets of classified information escape, or even spill your guts in a “tell-all” book or to a foreign espionage agent who says the right things, your sins (and crimes) will be confronted with the cold, hard evidence that you, indeed, signed your NDA (no matter how long ago) acknowledging your duty to “not disclose” what shouldn’t be disclosed.Military personnel are governed by the UCMJ, and even after separation or retirement, either the UCMJ or US Federal law can be used to prosecute for unlawful disclosures.It’s never the individual’s call to “unilaterally declassify” information, especially at the Top Secret level for which “unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to national security.” Only the appropriate declassification authorities can make that call…The Whistleblower Protection Act (WPA) do authorize the disclosure of classified information, but it must be in the proper venue and only to authorized individuals such as an agency Inspector General, specific members of Congress, or other authorized government officials as delineated in these statutes. The media is NOT an authorized recipient of classified information under either of these laws. The intent of the WPA is to protect "whistleblowers" from any adverse actions an agency makes in retaliation for whistleblowing activity such as reporting a violation of a law, rule, or regulation; gross mismanagement; gross waste of funds; an abuse of authority; or a substantial and specific danger to public health or safety. It does not protect “whistleblowers” from adverse actions taken for any other conduct, and it does not protect leakers who make unauthorized disclosures.Executive Order (EO) 13526, signed by President Obama in 2009, is the current policy document codifying the policies and procedures for identifying and safeguarding classified information.EO 13526, Section 6.1 (rr) defines authorized disclosure as:Quote: "A communication or physical transfer of classified information to an unauthorized recipient.” An individual is categorized as an authorized recipient if he or she meets the three criteria identified by EO 13526, Section 4.1 (a).An authorized recipient must:• Obtain a favorable determination of eligibility for access• Execute an approved Non-disclosure Agreement (NdA)• Possess a “need-to-know” for the classified information Anyone that does not meet the three criteria described above is an unauthorized recipient.Unauthorized recipients may include representatives from:• Foreign intelligence services• Media outletsWhile normally I try to stay apolitical, this question just screams out for a “ripped from the headlines” answer:Secretary Clinton signed a TS/SCI NDA, as well as a “regular” NDA, wherein she acknowledged her lifelong duty to protect and not disclose…or allow possible disclosure…of the vast quantities of classified information she was undoubtedly exposed to in the daily course of her duties as Secretary of State.So the results of the FBI’s investigation into the matter of her personal email server, and the many classified emails that were not properly protected or disclosed, revealed: even “extremely careless” handling of TS/SCI and other classified material may expose one to at least hours of questions by a hostile Congressional committee, and lots of questions in the media and from citizens, if not prosecution or indictments.One might think that the many other Americans who have signed NDAs over their lifetimes (since they last for a lifetime), were to do something similar, they might suffer a different outcome.THIS is the risk everyone takes when they swear an Oath to the Support and Defend the US Constitution, are sworn into an “office” as defined in the Constitution, and then find their duties require exposure to classified materials thus requiring the execution of an NDA…and the possible penalties for blowing it somehow.Just ask: Chelsea (formerly Bradley) Manning, Edward Snowden, Bryan Nishimura, retired General Petraeus, and others who were imprisoned, fined, etc. Even Julian Assange (a non-US citizen of course) knows the risks of “extremely careless” handling of classified information because he’s effectively imprisoned in the Ecuadorian Embassy in London…A notably biased source, but probably has the underlying facts: Clinton Signed NDA Laying Out Criminal Penalties for Mishandling of Classified InfoInterestingly, 32 CFR 154.16 provides a list of government officials who do not need security clearances:Members of Congress (although the House requires a public Oath to protect classified information, but not the traditional background checks and NDA).US Supreme Court Justices, all other Federal judges, and State Supreme Court Justices (limited only to classified information required for court cases).State Governors.And of course, the President needs no security clearance and for the most part can see, and disclose, any classified material deemed relevant. After all, the President is the head of the Executive Branch, which is the only branch of Government that has Original Classification Authority to create classified materials…so the President is the “Original” Original Classification Authority.And a final thought: the Vice President is not the President, but he is a constitutional officer per Article II of Section One of the Constitution, and his only constitutional duties are as the President of the Senate, and to preside over the Electoral College. So it would seem that the Vice President is covered by the same exemption to a security clearance that all Senators enjoy.

Companies like to discuss about data analysis, interpretation and visualization, but they are not very much expressive how they are actually exploiting the data they are collecting. Lot is required for optimum utilization of data, appropriate analytical tools for data analysis, proper visualization of data. A report from Pricewaterhouse Coopers (PwC) and Iron Mountain entitled "How organizations can unlock value and insight from the information they hold,", says that companies have a lot of progress to make before they start making better use of the data.The study surveyed 1,800 senior business leaders in North America and Europe at mid-sized companies with more than 250 employees and enterprise-level organizations with over 2,500 employees. And the results were surprising, -- only a small percentage of companies reported effective data management practices."Data is the lifeblood of the digital economy, it can give insight, inform decisions and deepen relationships," according to Richard Petley, director of PwC Risk and Assurance. "It can be bought, sold, shared and even stolen -- all things that suggest that data has value. Yet when we conducted our research very few organizations can attribute a value and, more concerning, many do not yet have the capabilities we would expect to manage, protect and extract that value."The study found that while 75 percent of business leaders from companies of all sizes, locations and sectors feel they're "making the most of their information assets," in reality, only 4 percent are set up for success. Overall, 43 percent of companies surveyed "obtain little tangible benefit from their information," while 23 percent "derive no benefit whatsoever," according to the study.That means three quarters of organizations surveyed lack the skills and technology to use their data to gain an edge on competitors. Even further, three out of four companies haven't employed a data analyst, and out of companies that do, only one quarter are using these employees competently, according to the survey.It's not just a problem for tech companies. This lack of data understanding spans across manufacturing and engineering, pharmaceuticals, financial services, legal services, insurance, energy and healthcare. Using the data, PwC was able to create what it calls an Information Value Index, which measures how well businesses use the information they collect and how much value they derive from data.Derived from a sample of 1,650 businesses that responded to 36 survey questions, the Information Value Index gives businesses a score from 0 to 100, with 100 being the best use of data possible. This index evaluates a company's general awareness and understanding of the importance of data, how aligned the company is with data driven goals, the skills and tools used to gain value from data and overall benefits the company has gained from tapping into data. Mid-market companies earned an average score of 48.8, while enterprise businesses earned an average score of 52.6; combined, the overall score for all companies surveyed came in a just over 50.Petley concludes that "data is so pervasive that it is taken for granted or is seen as a by-product. Often it is only when disaster strikes that this assumption is broken." Alternatively, some companies see data as the responsibility of IT and data architects, rather than an important resource that should be employed across the company. And that's an important shift to make; the idea that data isn't just a problem for IT, but rather a valuable asset that reaches far beyond the technical side of the business.Thus a proper strategy for managing data becomes the biggest resource in today’s technological milieu as one secures a competitive edge against other companies, according to the study. By ignoring data or treating it as unimportant, business leaders do their companies a huge disservice as they need to be proactive when it comes to staying ahead in the productivity and marketing race.Businesses might be investing significant money into capturing of data, but then drop the ball when it comes time to actually use that data. Instead, business leaders need to focus on figuring out how to take the data and boil it down into easily digestible formats for internal use. It's all about "having a strategy for data management," says Sue Trombley, managing director of Thought Leadership at Iron Mountain. The first step, he says, is to identify data sources, then understand the importance of analytics to every department and, finally, create a plan to stay competitive.Nowadays, the data science arena is highly exciting, and it is likely that data analysis and machine learning are going to be two most exciting professions during next two decades with huge demand for data professionals. But companies are often confused about the type of data professional they should have to cater to exact data requirements of their company and even professionals are confused about the proper set of skills they require to meet the expectations of industry at different levels. Proper training for best data analytic skills is also lacking as appropriate skills are not taught as training is confused and diffused among medley of numerous software solutions.Companies have increased their focus on acquiring data science professionals with new set of defined positions and specific roles attributed to them. Sometimes new positions and roles are created to project their changing requirements; other times they are probably created as a creative way to differentiate from their coworkers. Either way, it’s hard to get a general understanding of the different job roles, and it gets even harder when you’re looking to figure out what job role could best fit your personal and professional ambitions. Let us try to understand the different positions being offered in data industry and what skills are expected from a professional:Various Data Science PositionsData science industry offer various positions based on different requirements and roles required by them. They are:· Data Scientist· Data Analyst· Data Architect· Data Engineer· Statistician· Database Administrator· Business Analyst· Data and Analytics ManagerAre these positions clearly defined in watertight compartments? Probably not ! There is not a unambiguous and generally accepted definition of various disciplines of data science and their exact roles. They may merge or reconfigure based on the details of the particular project and type of technologies being used for a particular job.Data Scientist (Rare and surviving unicorn)Have you ever seen a unicorn? Well in mythology, unicorn is said to be a symbol of purity and grace, which could only be captured by a virgin. It is impossible to take this ferocious beast alive; and that all its strength lies in its horn. When it finds itself pursued and in danger of capture, it throws itself from a precipice, and turns so aptly in falling, that it receives all the shock upon the horn, and so escapes safe and sound. That is how data scientist survives amidst Big Data with software and hardware constraints. Data science is an interdisciplinary field about processes and systems to extract knowledge or insights from data in various forms, either structured or unstructured, which is a continuation of some of the data analysis field such as statistics, data mining, and predictive analytics similar to Knowledge Discovery in Databases (KDD).Data science employs techniques and theories drawn from many fields within the broad areas of mathematics, statistics, information science, and computer science, including signal processing, probability models, machine learning, statistical learning, data mining, database, data engineering, pattern recognition and learning, visualization, predictive analysis, uncertainty modeling, data warehousing, data compression, computer programming, artificial intelligence, and high performance computing. Data science is specifically interested in dealing with Big Data and machine learning has significantly helped it in this aspect.Data science differs from traditional statistics in its emphasis on domain-specific knowledge and solutions with the rationale that developed tailored solutions do not scale. Data scientists use their Big Data and analytical ability to find and interpret rich data sources; manage huge amount of data despite hardware, software and bandwidth constraints; merge data sources; ensure consistency of data sets; create visualizations to aid in understanding data; build mathematical models using the data; and present and communicate the data insights/findings. They are expected to produce answers in days rather than months rather than reports/papers as statistician normally do.Data science is used in academic and applied research in many domains, including machine translation, speech recognition, robotics, search engines, digital economy, biological sciences, medical informatics, health care, social sciences, agriculture, marketing optimization, fraud detection, risk management, marketing analytics, public policy, economics, business and finance and the humanities. From the business perspective, data science is an integral part of competitive intelligence, a newly emerging field that encompasses a number of activities like data mining and data analysis.A data scientist is expected to be skilled in various languages like R, SAS, Python, MATLAB, SQL, Hive, Pig and Spark. This list is essential skillset of languages and list will increase on different assignments. As already explained before, Data Scientist should possess the ability to deal with Big Data. He should be a creative, innovative and curious data wizard just like the legendary character of Sherlock Holmes. He should possess skills in distributed computing, predictive modeling, data-interpretation and visualizing, mathematics, statistics and machine learning. The likely companies that can hire him today may be search engines (Google, Microsoft), social networks (Facebook, Twitter, LinkedIn), financial institutions (Bank of America), Amazon, eBay, Apple, health care industries, engineering companies (Boeing, Intel, Oil industry), data science vendors (Pivotal, Teradata, Tableau, SAS, Alpine Labs), Adobe etc.Data Analyst (A seasoned Sherlock Holmes)A data analyst should be like a data detective. He is expected to be an intuitive data junkie with high “figure-it-out” quotient. He collects, processes and performs statistical data analyses. He is expected to be well versed in R, Python, HTML, Javascript, C/C++, SQL and excel. The list is minimum and may be extended. He should be skilled in spreadsheet tools (Excel etc.), databased systems (SQL or NO SQL based), communication and visualization, machine learning, mathematics and statistics.Data analysis is the process of inspecting, cleaning, transforming, deducing and modeling data with the goal of discovering useful information, suggesting conclusions, supporting decision-making. Various techniques of data analysis are used:· Data mining: focuses on modeling and knowledge discovery for predictive rather than descriptive purposes.· Business intelligence: covers data analysis that relies heavily on aggregation, focusing on business information.· Predictive analytics: focuses on application of statistical models for predictive forecasting or classification· Text analytics: applies statistical, linguistic, and structural techniques to extract and classify information from textual sources, a species of unstructured data.Data analysts are employed in companies like IBM, HP, Google, InsightSquared, Paxata, Trifacta, Cloudera, Birst, Sumo Logic, Gainsight, Ayasdi, Visier, DHL etc.Data Architect (Inquiring Ninja with creativity)Have you ever read about a Ninja in a comicbook? He is considered to be expert in stealth, secrecy and waging a covert espionage, sabotage, infiltration, assassination and guerilla warfare by using creativity. Data Architect should be an inquiring ninja with a love for data architecture design patterns. He may also be called as contemporary data modeler. His role consists of creating blueprints for data management systems to integrate, centralize, protect and maintain vital data sources. He is expected to be proficient in SQL, XML, Hive, Pig and Spark environments. He should possess skills of creating data warehousing solutions, thorough knowledge of data architecture, extraction, transformation and load (ETL), spreadsheet and business intelligence (BI) tools, data modeling and systems development.A data architecture should set data standards for all its data systems as a vision or a model of the eventual interactions between those data system. A data architect is typically responsible for defining the target state, aligning during development and then following up to ensure enhancements are done on the spirit of original blueprint.During the definition of the target state, the data architecture breaks a subject down through three traditional architectural processes:· Conceptual – represents all business entities.· Logical – represents the logic of how entities are related.· Physical – the realization of data mechanisms for a specific type of functionality.Database architects will begin by studying the needs of their employer. They will assess the current data infrastructure and have discussions with employees and users to figure out where changes in the database need to be made. The DBA will then prepare and map out how the electronic database should look and function. From there, often working with a team, the DBA will oversee and partake in the creation of the database using the ETL Architecture Standards.Using coding skills and data access, database architects will then write the code to create the database. Once the database is created the DBA will work to troubleshoot any problems and locate and correct oversights. During the creation of the database DBAs will work closely with employees in the company to make sure that the database meets the company's expectations. The type of database created can be anything from a system that handles payroll to one that deals with inventory or customer satisfaction.They are employed in companies like VISA, CocaCola, Logitech, insurance companies and banks etc.Data Engineer (General Software Engineer)Data engineer is an all-purpose everyman who develops, constructs, tests and maintains architectures such as databases and large-scale processing systems. He is expected to be skilled in database systems (SQL and NO SQL based), data modeling and ETL tools, data APIs, Data warehousing solutions. He is expected to know SQL, Hive, Pig, R, MATLAB, SAS, SPSS, Python, Java, Ruby, C++, Perl etc.In many companies, the data engineer is responsible for setting up systems and processes that other data workers -- including in many cases data scientists -- need to use and rely on to be successful to work with data. A lot of the data engineer's work is focused on building out systems, architectures, and platforms.The data engineer will look at [ways] to take insights and operationalize them so that you can have day-to-day impacts on your business. In a lot of organizations, data engineers are oftentimes responsible for finding data that's relevant for analysis... in a way that's meaningful and suitable for that specific task. In addition, they're in charge of integrating data from a variety of sources.Data scientists often have engineering backgrounds, too, but their work is generally geared toward discovering new insights or building models. A data scientist sometimes fills the role of data engineer as well, although that approach may not deliver the best ROI.Data engineering involves an architectural approach to planning, analyzing, designing, and implementing applications. Various companies hiring data engineers are Spotify, Facebook, CISCO etc.Statistician (Historic leader of data)A statistician collects, analyzes and interprets qualitative and quantitative data with statistical theories and methods. He should be logical and enthusiastic statistic genius. He should be aware about statistical theories and methodology, data-mining, machine learning, distributed computing (Hadoop), database systems (SQL and NO SQL) used and cloud tools. He should be proficient in R, SAS, SPSS, MATLAB, Stata, Python, Perl, Hive, Pig, Spark and SQL.Statistics was primarily developed to help people deal with pre-computer data problems like testing the impact of fertilizer in agriculture, or figuring out the accuracy of an estimate from a small sample. Data science emphasizes the data problems of the 21st Century, like accessing information from large databases, writing code to manipulate data, and visualizing data.The arrival of the personal computer revolutionized access to data and our ability to manipulate data. It can be argued that data science is simply a response to this new technology.Several factors prompted these innovations: First, people needed to work with datasets, which we now call big data that are larger than pre-computational statisticians could have imagined. Second, industry focused increasingly on making predictions about markets, customer behavior and more for commercial uses. The inventors of data science borrowed from statistics, machine learning and database management to create a whole new set of tools for those working with data.Statistics, on the other hand, has not changed significantly in response to new technology. The field continues to emphasize theory, and introductory statistics courses focus more on hypothesis testing than statistical computing.Database Administrator (Database Caretaker)Database administrators benefit from a bachelor's degree or master's degree in computer science. They use specialized software to store and organize data. The role may include capacity planning, installation, configuration, design of database, migration, performance monitoring, security, troubleshooting, as well as backup and data recovery.He should be like a fire-fighter, a master of disaster prevention. His role is to ensure that database is available to all relevant users, performs properly and is being kept safe. His responsibilities may be Installing and upgrading the database server and application tools, allocating system storage and planning future storage requirements for the database system, modifying the database structure, as necessary, from information given by application developers, enrolling users and maintaining system security, ensuring compliance with database vendor license agreement, controlling and monitoring user access to the database, monitoring and optimizing the performance of the database, planning for backup and recovery of database information, maintaining archived data, backing up and restoring databases, contacting database vendor for technical support.He should be trained in communication skills, knowledge of database theory, knowledge of database design, knowledge about the RDBMS itself, e.g. Microsoft SQL Server or MySQL, knowledge of structured query language (SQL), e.g. SQL/PSM or Transact-SQL, general understanding of distributed computing architectures, e.g. Client–server model, general understanding of operating system, e.g. Windows or Linux, general understanding of storage technologies and networking, general understanding of routine maintenance, recovery, and handling failover of a database, generating various reports by querying from database as per need.Various companies hiring database administrator are Twitter, Reddit, Oracle etc.Business Analyst (Resilient project change agent or juggler)A business analyst’ role has increased with rapidly changing dynamics of business and rapid growth of startups. The role of a Systems Analyst can also be defined as a bridge between the business problems and the technology solutions. Here, business problems can be anything about business systems, for example the model, process, or method. The technology solutions can be the use of technology architecture, tools, or software application. So System Analysts are required to analyze, transform and ultimately resolve the business problems with the help of technology.A business analyst is someone who analyzes an organization or business domain (real or hypothetical) and documents its business or processes or systems, assessing the business model or its integration with technology.There are at least four types of business analysis:· Strategic planning — to identify the organization's business needs· Business model analysis — to define the organization's policies and market approaches· Process design — to standardize the organization’s workflows· Systems analysis — the interpretation of business rules and requirements for technical systems (generally within IT)He should know SQL, basic tools like MS Office, Data visualization tools like Tableau, Conscious listening and storytelling of case studies, business intelligence understanding and data modeling. They are employed by companies like Uber, Dell, Oracle, JPMorganChase, MorganMcKinley, IBM, Volt, Accenture, MetLife etc.Data and Analytics Manager (Data Science Team Leader)He is the ringmaster of the circus who runs the show. He is the data wizards’ cheerleader. His role is management of a team of analysts and data scientists. He is expected to be proficient in SQL, R, SAS, Python, MATLAB and Java. He should be skilled in database systems (SQL and NO SQL based), leadership and project management, interpersonal communication, data mining and predictive modeling. Companies like Coursera, Slack, Motorola Solutions etc. hire a data and analytics manager.

We still fall short of Artificial Intelligence as a concept. It is extremely difficult to determine when an AI is considered conscious. However, the idea of a self-learning program is certainly possible. In this case, its capabilities would be defined by its rules, routines, constraints, and function.An ideal self-learning AI would be able to tell the difference between a threat and non-threat by its constraints. A constraint can be defined as any parameter which is set by the user. These constraints would be variables in which the AI would look for in order to determine that it does not fall outside a margin. Antiviruses use this format on occasions to verify the integrity of system files.These variables would need to be determined by an algorithm difficult to replicate by normal means. The more complex the better. Now here is where self-learning pops up. It is obvious that not every single program will try to actively contain these values. Also, it is almost completely impossible to create an uncrackable algorithm. Yet it is true that not every program is malicious.It should be noted that an AI should maintain at least three classifications(Yes/No/Maybe). The yes classification would be data that has in the past been confirmed safe(It’s violates neither constraint or rules set). The (No) Classification would be anything that has been confirmed as malicious. These files for whatever reason deliberately change or disrupt the Yes classification. The maybe classification is anything that has yet to be confirmed harmful but not safe. A maybe classification should not be able to interact with a Yes classification outside of certain rules.A perfect but broad example of this is the read vs write function on a storage device. It is possible for a program to be able to read but not write(Or Overwrite) on a partition. The difference between a rule and constraint would be (Rules- Would be limits set on what a program can do.) vs (Constraints- A variable which ideally should be maintained.) In the event that a program disobeys one of these rules, it would be flagged as a (No) classification. That (No) classification would then be Deleted/Quarantined. It would also be recognized if ever encountered again. This would allow the AI to slowly grow its list of accepted/unacceptable programs with minimum input from the user.The AI would ideally be able to query an experienced user for Quarantined items. The user would be able to adjust rules for specific or trusted programs. This would serve two purposes. It would allow developer level users to create their own programs with minimal interference from the AI. It would also allow for sub-classifications to be created over time. The more variables you introduce the more accurate the AI can be.It is routines/subroutines would be the process it follows to achieve its function(s). Such things as how often does it check the (Yes) values and what does it compare it to would be handled likely by a (This is that so this must be that) Format. Additional subroutines can be used to find Branches. Just because it finds one issue caused by a program does not mean it would find another problem caused by that same malicious program.Its functions would be the overall purpose of the program. I would ask myself What is the end result I want to achieve with all these routines? I would obviously use a different process to ensure that I don't accidentally send confidential information to the wrong email address rather than protect myself from a keylogger.Some things also will never change no matter how good your AI is. Humans may be intelligent but we are prone to make very stupid decisions. An AI can't protect you if an accepted user actively tries to fight it. Nor can an AI think creatively like a human mind. An AI without conscious is only capable of thinking in a static manner designed by a human mind. That being it is prone to inflexibility. This can cause many false positives and negatives. Ideally implementing self-learning capability would prevent that but it only does insofar as the rules apply. Which means that anything malicious which does not violate the rules is fair game for the AI.