A Policy-Driven Framework for Document Classification and Enterprise Security

Abstract

In an enterprise, accessing data on the go using several ubiquitous devices is fast becoming the norm. This brings its own set of challenges when dealing with access to sensitive resources. The pervasive nature of these devices makes them ideal candidates for cyber-attacks. The challenge arises in ensuring that devices conform to proper access control requirements. Due to the nature of the cyber-attacks on ubiquitous devices, there is a need to provide dynamic access control to enterprise resources. A system that automatically classifies documents by sensitivity level would be essential to every enterprise. This helps reduce manual document classification that might be prone to errors. To this effect, we propose a framework that automates the security profile detection, access pattern of enterprise resources using text mining, user context, enterprise policies. We also develop a prototype system to elevate the effectiveness of our framework.