Cisco Cisco Email Security Appliance C160 Mode D'Emploi
Chapter 11 Data Loss Prevention
11-12
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Step 6
Optionally, you can limit the DLP policy to messages with specific recipients or
senders, attachment types, or message tags. For more information, see
senders, attachment types, or message tags. For more information, see
Step 7
In the Critical Severity Settings section, choose whether to drop, deliver, or
quarantine messages containing critical DLP violations.
quarantine messages containing critical DLP violations.
Step 8
Optionally, you can choose to encrypt the message, modify its header, deliver it
to an alternate host, send a copy (bcc) to another recipient, and send a DLP
notification message.
to an alternate host, send a copy (bcc) to another recipient, and send a DLP
notification message.
For information on DLP notifications, see the “Text Resources” chapter in the
Cisco IronPort AsyncOS for Email Configuration Guide.
Cisco IronPort AsyncOS for Email Configuration Guide.
Step 9
If you want to define different settings for messages that match the high, medium,
or low severity level, uncheck the Inherit settings check box for the appropriate
security level. Edit the overall action for the message and the other settings.
or low severity level, uncheck the Inherit settings check box for the appropriate
security level. Edit the overall action for the message and the other settings.
Step 10
If you want adjust the DLP violation severity scale for the policy, click Edit Scale
and adjust the settings. For more information, see
and adjust the settings. For more information, see
Step 11
Submit and commit your changes.
The policy is added to the DLP Policy Manager.
Customizing Classifiers for DLP Policies
Some of the DLP policy templates require customized classifiers for better
efficacy. These classifiers search for confidential identification numbers in
outgoing messages, such as patient or student identification numbers, but require
one or more regular expressions to define the patterns of your organization’s
record numbering system. You can also add a list of words and phrases that are
associated with the record identification number for supporting information. If the
classifier detects the number pattern in an outgoing message, it searches for the
supporting information to verify that the pattern is an identification number and
not a random number string. This results in less false positives.
efficacy. These classifiers search for confidential identification numbers in
outgoing messages, such as patient or student identification numbers, but require
one or more regular expressions to define the patterns of your organization’s
record numbering system. You can also add a list of words and phrases that are
associated with the record identification number for supporting information. If the
classifier detects the number pattern in an outgoing message, it searches for the
supporting information to verify that the pattern is an identification number and
not a random number string. This results in less false positives.
As an example, use the HIPAA (Health Insurance Portability and Accountability
Act) template to create a policy. This template includes the Patient Identification
Numbers content matching classifier, which you can customize to detect a
patient’s identification number. Enter the regular expression
Act) template to create a policy. This template includes the Patient Identification
Numbers content matching classifier, which you can customize to detect a
patient’s identification number. Enter the regular expression
[0-9]{3}\-[A-Z]{2}[0-9]{6}
for the classifier. This regular expression detects
numbers in the pattern of 123-CL456789. Enter “Patient ID” for a related phrase.