Cisco Cisco Email Security Appliance C160 Guía Del Usuario
15-7
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 15 Data Loss Prevention
DLP Policies for RSA Email DLP
•
Privacy Protection. These templates identify messages and attachments that contain identification
numbers for financial accounts, tax records, or national IDs.
numbers for financial accounts, tax records, or national IDs.
•
Intellectual Property Protection. These templates identify popular publishing and design
document file types that may contain intellectual property that an organization would want to
protect.
document file types that may contain intellectual property that an organization would want to
protect.
•
Company Confidential. These templates identify documents and messages that contain
information about corporate accounting information and upcoming mergers and acquisitions.
information about corporate accounting information and upcoming mergers and acquisitions.
•
Custom Policy. This “template” lets you create your own policy from scratch using either content
matching classifiers developed by RSA or violation identification criteria specified by your
organization. This option is considered advanced and should be used only in the rare cases when the
predefined policy templates do not meet the unique requirements of your network environment.
matching classifiers developed by RSA or violation identification criteria specified by your
organization. This option is considered advanced and should be used only in the rare cases when the
predefined policy templates do not meet the unique requirements of your network environment.
Some of these templates require customization.
Setting Up RSA Email DLP Using a Wizard
The DLP Assessment Wizard helps you configure commonly-used DLP policies and enable them in the
appliance’s default outgoing mail policy.
appliance’s default outgoing mail policy.
Note
By default, DLP policies added using the DLP Assessment Wizard deliver all messages, regardless of
the severity of detected DLP violations. You will need to edit the policies created using the wizard.
the severity of detected DLP violations. You will need to edit the policies created using the wizard.
Before You Begin
•
Remove any existing DLP policies from the appliance. You can only use the DLP Assessment
Wizard if there are no existing DLP policies on the appliance.
Wizard if there are no existing DLP policies on the appliance.
•
If you need to detect messages that include student identification numbers or account numbers other
than credit card numbers, US Social Security numbers, and US Drivers License numbers, create a
regular expression that identifies those numbers. For more information, see
than credit card numbers, US Social Security numbers, and US Drivers License numbers, create a
regular expression that identifies those numbers. For more information, see
.
Procedure
Step 1
Choose Security Services > RSA Email DLP.
Step 2
Click Edit Settings.
Step 3
Select the Enable and configure DLP using the DLP Assessment Wizard check box.
Step 4
Click Submit.
Step 5
Complete the wizard.
Keep the following in mind:
•
Any business that operates in California and owns or licenses computerized personally identifying
information (PII) data for California residents, regardless of their physical location, is required to
comply with California SB-1386. This law is one of the policy choices in the wizard.
information (PII) data for California residents, regardless of their physical location, is required to
comply with California SB-1386. This law is one of the policy choices in the wizard.
•
If you do not enter an email address to receive automatically-generated scheduled DLP Incident
Summary report, the report will not be generated.
Summary report, the report will not be generated.