3 Replies Latest reply on May 21, 2014 12:27 PM by andyclements

    Trouble establishing threshold for SSN

    amagner

      I've tried searching this forum but have not been successful finding exactly what I'm after...

       

      I work for a healthcare provider and we have a need to force encryption (Secure Mail pull) of emails based on content such as SSN, driver's license, etc. We have utilized some of the canned compliance dictionaries but found we had to create our own for SSN. There seems to be times, or maybe it's paranoia at the top management levels, where someone may include an SSN in an outbound email that is just the numbers; no prepended text like SSN, social security, and no dashes in the number string. So we copied just the number string regex from the canned SSN dictionary and created our own. Problem now is that it's catching webex numbers, purchase order numbers with certain vendors, etc and forcing encryption on those messages. So now management has decided we should put a threshold on that rule so that only emails containing three or more number matches will trigger the rule and thereby force encryption.

       

      So, now I ask, how exactly do I do that? Is it ONLY through scoring and threshold numbers that can be accomplished? I thought would be simple like somewhere in the rule but I'm not finding it simple at all. If it is scoring can someone please provide a better overview than what I've found here and via McAfee's own help? Not only will I need help with the scoring concepts but with what I do with the rule(s) as well.

       

      Thank you.