Abstract
Enterprise networks are comprised of thousands of
interconnected computer hosts, each of which is capable of
creating, removing, and exchanging data according to the needs
of their users. Thus, the distribution of high-value, sensitive, and
proprietary information across enterprise networks is poorly
managed and understood. A significant technology gap in
information security is the inability to automatically quantify the
value of the information contained on each host in a network.
Such insight would allow an enterprise to scale its defenses, react
intelligently to an intrusion, manage its configuration audits, and
understand the leak potential in the event that a host is
compromised. This paper outlines a novel approach to the
automated determination of the value of the information
contained on a host computer. It involves the classification of
each text document on the host machine using the frequency of
the document’s terms and phrases. A host information value is
computed using an enterprise-defined weighting schema and
applying it to a host’s document distribution. The method is
adaptable to specific organizational information needs, requires
manual intervention only during schema creation, and is
repeatable and consistent regardless of changes in information on
the host machines.
