Hackfest 2024 - 16-bit Edition

Your locale preferences have been saved. We like to think that we have excellent support for English in pretalx, but if you encounter issues or errors, please contact us!

Adventures in data labelling - From Concepts to Implementation in MS Purview
10-11, 16:00–16:50 (America/New_York), Track 3 (205c)
Language: English

This is a journey from the concepts of data classification and labelling through to implementation in Microsoft Purview based on deployment in enterprise organizations. We will discuss challenges and successes and most importantly, tie all of this together as implemented in Microsoft 365 with Asset Discovery, Sensitivity Labels, Retention Labels, and Data Loss Prevention tooling.

As with many things in defensive security, the most impactful things take clear communication, education, diligence, and most importantly, time and support.

This could be considered for Defensive or Security 101.

  • Introduction / Agenda / whomi 2 mins
  • Overview - what is data labelling, why is it important
  • Data Asset Inventory
    • Know your data
    • Tie to requirements - controls, disclosure, IR, contractual, legal
  • Common labelling taxonomies, modern methods
    • Things that work well and those that don’t
    • Too many/too few - impacts
    • Who do you need to engage to succeed
  • Foundations
    • Executive support
    • Policy
    • Education materials
    • Communication plan
  • Tying it to technology
    • M365 and Purview
    • Sensitivity labels vs Retention labels
    • Controls tied to Sensitivity
      • Encryption, access controls, etc.
      • Audit logs
    • Controls tied to Retention
    • Limitations and frustrations
    • Information Asset Protection scanning; data asset inventory by tech - find all the things
    • Trainable classifiers
    • Auto labelling
    • DLP
      • A few DLP rule options in Purview
      • Some pains
      • Tying DLP back to sensitivity.
  • References
  • Questions (5 mins)
Are you releasing a tool? – no
Don Mallory

Don Mallory has over 30 years of experience in enterprise IT, primarily in critical infrastructure, specializing in operations, data storage, disaster recovery, and security for critical infrastructure. Professionally, Don is a Senior Security Analyst in the healthcare sector. He has been involved in various volunteer activities including C3X, Hak4Kidz Toronto, and the Latow Photographer's Guild at the Art Gallery of Burlington, where he teaches traditional wet darkroom photography.