Cisco Cisco Email Security Appliance C160 Mode D'Emploi
17-10
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 17 Data Loss Prevention
DLP Policies for RSA Email DLP
•
If you selected Create a Classifier, see
•
Otherwise, the selected classifier is added to the table.
c.
(Optional) Add additional classifiers to the policy.
For example, you might be able to eliminate known likely false positive matches by adding another
classifier and selecting NOT.
classifier and selecting NOT.
d.
If you added multiple classifiers: Choose an option in the table heading to specify whether any or
all of the classifiers must match in order to count the instance as a violation.
all of the classifiers must match in order to count the instance as a violation.
Step 7
(Optional) Apply the DLP policy only to messages with specific recipients, senders, attachment types,
or previously-added message tags.
or previously-added message tags.
For more information, see
You can separate multiple entries using a line break or a comma.
Step 8
In the Severity Settings section:
•
Choose an action to take for each level of violation severity.
For more information, see
•
(Optional) Click Edit Scale to adjust the violation severity scale for the policy.
For more information, see
Step 9
Submit and commit your changes.
Related Topics
•
•
About Defining Disallowed Content Using Content Matching Classifiers
Content matching classifiers define the content that cannot be emailed and optionally the context in
which that content must occur in order to be considered a data loss prevention violation.
which that content must occur in order to be considered a data loss prevention violation.
Suppose you want to prevent patient identification numbers from being emailed from your organization.
In order for the appliance to recognize these numbers, you must specify the patterns of the record
numbering system used by your organization, using one or more regular expressions. You can also add
a list of words and phrases that might accompany the record number as supporting information. If the
classifier detects the number pattern in an outgoing message, it searches for the supporting information
to verify that the pattern is an identification number and not a random number string. Including context
matching information results in fewer false positive matches.
numbering system used by your organization, using one or more regular expressions. You can also add
a list of words and phrases that might accompany the record number as supporting information. If the
classifier detects the number pattern in an outgoing message, it searches for the supporting information
to verify that the pattern is an identification number and not a random number string. Including context
matching information results in fewer false positive matches.
For this example, you might create a DLP policy that uses the HIPAA and HITECH template. This
template includes the Patient Identification Numbers content matching classifier, which you can
customize to detect a patient’s identification number. To detect numbers in the pattern of 123-CL456789,
you would enter the regular expression
template includes the Patient Identification Numbers content matching classifier, which you can
customize to detect a patient’s identification number. To detect numbers in the pattern of 123-CL456789,
you would enter the regular expression
[0-9]{3}\-[A-Z]{2}[0-9]{6}
for the classifier. Enter “Patient
ID” for a related phrase. Finish creating the policy and enable it in an outgoing mail policy. Submit and
commit your changes. Now, if the policy detects the number pattern in an outgoing message with the
phrase “Patient ID” in close proximity to the number pattern, the DLP policy returns a DLP violation.
commit your changes. Now, if the policy detects the number pattern in an outgoing message with the
phrase “Patient ID” in close proximity to the number pattern, the DLP policy returns a DLP violation.