When

Policy Guide › What Is Policy? › Who-When-What › When

When

When defines the circumstances that cause CA DLP to intervene when it analyzes user activity. Remember, CA DLP is designed to be as unobtrusive as possible, only intervening when necessary.

After identifying the user involved, CA DLP checks that user’s policy to determine whether to intervene.

For example, if CA DLP detects Spencer Rimmel sending an email that contains sensitive information, or sending it to a prohibited address, you can configure his policy to block or quarantine that email.

There are many, many factors that can cause CA DLP to intervene, but they broadly divide into two areas:

Context: By context we mean the wider circumstances surrounding an event. For example, if the user is trying to send an email, who are they sending it to? Did they forget to send a copy to their manager? What impact will it have on network traffic? If they are trying to print a file, which printer are they using? If they are copying a document to a USB device, which device is it? And what is its filename?
Content: By content we specifically mean the text content. For example, is the email lacking a corporate disclaimer? Does it use unacceptable language? Does a file or attachment contain confidential information? Has CA DLP been able to classify a document (that is, does it match a predefined type or theme, such as a complaint or solicitation)? And if so, do documents matching that classification require special handing?

To define when CA DLP intervenes, you must edit the control triggers in your user policies.

email analysis

Example policy analysis: CA DLP triggers analyze an email, checking the addressees (1), any attachments (2), its text content (3). It can also check specific information about the user (4), such as their CA DLP account attributes or Address Book properties.

More information:

What Is in a User Policy?