Automated Big Text Security Classification

In recent years, traditional cybersecurity safeguards have proven ineffective against insider threats. Famous cases of sensitive information leaks caused by insiders, including the WikiLeaks release of diplomatic cables and the Edward Snowden incident, have greatly harmed the U.S. government's relationship with other governments and with its own citizens. Data Leak Prevention (DLP) is a solution for detecting and preventing information leaks from within an organization's network. However, state-of-art DLP detection models are only able to detect very limited types of sensitive information, and research in the field has been hindered due to the lack of available sensitive texts. Many researchers have focused on document-based detection with artificially labeled "confidential documents" for which security labels are assigned to the entire document, when in reality only a portion of the document is sensitive. This type of whole-document based security labeling increases the chances of preventing authorized users from accessing non-sensitive information within sensitive documents. In this paper, we introduce Automated Classification Enabled by Security Similarity (ACESS), a new and innovative detection model that penetrates the complexity of big text security classification/detection. To analyze the ACESS system, we constructed a novel dataset, containing formerly classified paragraphs from diplomatic cables made public by the WikiLeaks organization. To our knowledge this paper is the first to analyze a dataset that contains actual formerly sensitive information annotated at paragraph granularity.Comment: Pre-print of Best Paper Award IEEE Intelligence and Security Informatics (ISI) 2016 Manuscrip

Devil in the details: Assessing automated confidentiality classifiers in context of NATO documents

Abstract Automating security classification of documents has a great potential to increase the efficiency of information management and security in IT systems used by governmental, military and international organizations. In particular, automated security classification can be used in support of cross-domain information exchange solutions, such as the NATO Information Clearing House. These solutions often require a manual review of documents flowing between different security domains and thus introduce a performance bottleneck. In this paper, we describe an automated confidentiality classification process that could offer an important support for the manual review of documents. It consists of providing an automated pre-labeling of documents, accompanied by an assessment of confidence levels concerning the identified labels. This would allow responsible personnel to focus on low-confidence cases and review other documents only to the extent required to provide an appropriate audit and security control. We evaluate performance of some of the freely available classification algorithms in the context of confidentiality classification of NATO documents and conclude that although these systems are not accurate enough to warrant a complete autonomous operations, they are effective enough to provide an important support for human operators

Personal Property as Collateral in Japan and the United States

It is our purpose to compare Japanese and United States law and practice in the area of personal property security. Since it is not possible to find a precise common terminology for different types of security transactions, it seems desirable to arrange the discussion in terms of possessory and non-possessory security, and to use as subheads in the latter category the names of the American security devices. Security transfers of intangibles, chattel paper, and title documents are discussed under the possessory-security classification. An appendix includes English translations of cited Japanese statutes and pertinent Civil and Commercial Code as well as forms typical of those currently used in Japan

Classification of confidential documents by using adaptive neurofuzzy inference systems

AbstractDetecting the security level of a confidential document is a vital task for organizations to protect the confidential information encapsulated in. Diverse classification rules and techniques are being applied by human experts. Increasing number of confidential information in organizations are making difficult to classify all the documents carefully with human effort. A hybrid approach involving support vector classifier and adaptive neuro-fuzzy classifier is proposed in this study. Also states preprocessing tasks required for document classification with natural language processing. To represent term-document relations a recommended metric TF-IDF was chosen to construct a weight matrix. Agglutinative nature of Turkish documents is handled by Turkish stemming algorithms. At the end of the article some experimental results and success metrics are projected with accuracy rates

Identifying security-related requirements in regulatory documents based on cross-project classification

Security is getting substantial focus in many industries, especially safety-critical ones. When new regulations and standards which can run to hundreds of pages are introduced, it is necessary to identify the requirements in those documents which have an impact on security. Additionally, it is necessary to revisit the requirements of existing systems and identify the security related ones. We investigate the feasibility of using a classifier for security-related requirements trained on requirement specifications available online. We base our investigation on 15 requirement documents, randomly selected and partially pre-labelled, with a total of 3,880 requirements. To validate the model, we run a cross-project prediction on the data where each specification constitutes a group. We also test the model on three different United Nations (UN) regulations from the automotive domain with different magnitudes of security relevance. Our results indicate the feasibility of training a model from a heterogeneous data set including specifications from multiple domains and in different styles. Additionally, we show the ability of such a classifier to identify security requirements in real-life regulations and discuss scenarios in which such a classification becomes useful to practitioners

Basic Documents on Security Classification of Information for National Security Purposes

This report provides materials which set out the basic guidelines for classification of government documents into public, secret, top-secret, etc. for the purposes of national security

Handling of classified documents in cloud computing services

This recommendation of the Information Management Board on the handling of classified documents in cloud computing services supplements the previous recommendation on the handling of documents that are subject to security classification (Ministry of Finance 2021:5). These two recommendations offer guidance on how to meet the requirements of section 18 of the Act on Information Management in Public Administration (906/2019) and the Government Decree on Security Classification of Documents in Central Government (1101/2019). It is recommended that information management units select a cloud computing service based on use cases and on the information management and information security requirements specified for the classified information materials handled in the service. To manage the risks associated with cloud computing services, it is recommended that information management units use services or providers that have undergone facility security clearances under the Security Clearance Act or that have been granted a certificate of conformity with security requirements referred to in the provisions regarding information security assessment. The Information Management Board approved the recommendation on 13 December 2021