|
|
|
|
|
|
Rule
|
|
|---|---|
| Any keyword |
A file must contain at least one keyword
in the keyword list.
|
|
All keywords
|
A file must contain all the keywords in the keyword list. |
|
All keywords within <x> characters
|
A file must contain all the keywords in the keyword list. In addition, the number
of characters
from the beginning of the first keyword to the beginning of the last keyword must
be within <x>
characters.
For example, your 3 keywords
are WEB, DISK, and USB and the number of characters you specified
is 20.
If IMSVA detects all keywords in the order DISK, WEB, and
USB, the number of characters from the "D" (in DISK) to the "U" (in USB) must be 20
characters or
less.
When deciding on the
number of characters, remember that a small number, such as 10,
will usually result in faster scanning time but will only cover
a relatively small area. This may reduce the likelihood of detecting
sensitive data, especially in large files. As the number increases,
the area covered also increases but scanning time might be slower.
|
|
Combined score for keywords exceeds threshold
|
A file must contain one or more keywords
in the keyword list. If only one keyword was detected, its score
must be higher than the threshold. If there are several keywords,
their combined score must be higher than the threshold.
Assign
each keyword a score of 1 to 10. A highly confidential word or phrase,
such as "salary increase" for the Human Resources department, should
have a relatively high score. Words or phrases that, by themselves,
do not carry much weight can have lower scores.
Consider the scores assigned to keywords when configuring the threshold. For example,
if you have
five keywords and three of those keywords are high priority, the threshold can be
equal to or lower
than the combined score of the three high priority keywords. This means that the detection
of these
three keywords is enough to treat the file as sensitive.
|