SlideShare una empresa de Scribd logo

Data Loss Prevention: Challenges, Impacts & Effective Strategies

Seccuris Inc.
Seccuris Inc.

The document discusses data loss prevention challenges and strategies. It notes that data loss incidents have increased significantly in recent years and now cost organizations millions on average. Many data losses are caused by employees and insiders. The document outlines various types of employee, application, and process exposures that can lead to data loss and recommends assessing current controls and focusing on technical controls, access management, and process controls to better mitigate risks.

TecnologíaEducación
1 de 45
Data Loss Prevention Challenges, Impacts & Effective Strategies
Data Loss will impact your organization this year… …in an new, unexpected and uncontrollable manner. Copyright 2008 – Seccuris Inc.
Data Loss is an Escalating Problem Number of Reported 1700% increase in incidents Data Loss Incidents2 since 20041 350 – 1 in 2 identities already at 300 – risk2 250 – $4.8M3 Avg cost/leak: 200 – ~70% of organizations 150 – experienced loss caused by “insiders”4 100 – 33% believe a serious data 50 – breach can put them out of 0- business5 2002 2003 2004 2005 2006 Source: McAffeeDLP Overview 1Source: Attrition.org 3Source: Privacy Rights Clearinghouse 3Source: Ponemon Institute “2006 Cost of Data Breach Study” 4Source: 2006 CSI/FBI Computer Crime and Security Survey 5Source: Datagate report by McAfee/Datamonitor Copyright 2008 – Seccuris Inc.
Market Value of Data is increasing $147 $980-$4,900 Birth certificate Trojan to steal account information $98 $490 Social Security card Credit Card Number with PIN $6-$24 $78-$294 Credit card number Billing data $6 $147 PayPal account Driver's license logon and password Source: McAffeeDLP Overview 1Source: www.informationweek.com Copyright 2008 – Seccuris Inc.
Data Loss is a Serious Everyday issue Copying customer Emailing confidential record files to a document to a USB Drive competitor Sending internal Printing financial documents via documents Hotmail Emailing confidential Sending email via data via guest laptop Blackberry on corporate net Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
Technical threats are maturing Movement of the technical threat • Network & System Based • Database & Application Based • Second Tier Attacks • Social Network Site Attacks • Banking Site Trojans Copyright 2008 – Seccuris Inc.
Business challenges are growing Accidental and malicious means Anywhere All parts of the network & business No visibility and control Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
Key Business Motivators are emerging Breach of Corporate Governance Loss of Customer PCI DSS PIPEDA Loss of & Confidential Data Intellectual Property Provincial FOI Acts Health Acts Basel II Credit Card Records Patents SOX/CSOX ACSI33 Accounts & Source Code Passwords GLBA Methods & Social Insurance #s Process Financials Trade Secrets Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
Expectations for protection have mutated Data Loss Prevention is your organizations’ responsibility… Expectations from: • Government • Industry • Clients & Constituents What, How, For what length of time? WHY? Copyright 2008 – Seccuris Inc.
Understanding the DLP priorities that exist in your organization and preparing effective mitigating strategies is foundational to any successful information security program today Copyright 2008 – Seccuris Inc.
Data Loss Priorities Employee Exposures – Access mistaken for ownership Application Exposures – Impact from missing controls Process Exposures – Enhance Information Management Copyright 2008 – Seccuris Inc.
Data Loss - Scope Printer USB On the Road Copy & At Work Paste Ph iro En ee y s nm v oy ic e n At Home pl al t Em m e DATA HTTPS at k & ` ns Pr lic or io oc pp w Creation A Net es Identify & Classify s IM Peer to Peer Distribution Hello, how Wi-Fi are you? Incident Handling email Use Recycle Maintain FTP Source: McAffeeDLP Overview Archive Destroy Copyright 2008 – Seccuris Inc.
Employee Data Loss Employee cuts out sensitive data from working document and uses hotmail to send a copy to his home account. Data is cut & copied losing any labeling or DRM from the original file Sensitivity & Classification removed Copyright 2008 – Seccuris Inc.
Employee Data Loss Employee copies sensitive data from database to USB for “safekeeping”. Copied data removed undetected on removable media No control from further duplication Copyright 2008 – Seccuris Inc.
Employee Data Loss Printer Employee prints sensitive document for review on the road. Printed documents removed from the office without version control, described context, etc. Retention & Destruction uncontrolled Copyright 2008 – Seccuris Inc.
16 Employee Data Loss Channels Data Loss Channels Email IM HTTP Copy and Paste Local/Screen capture External (USB) Web Mail Agent-less Devices 1/12/2009 Blackberry Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
Application Data Loss HTTPS Application encryption requirements assessed after initial prototype or UAT builds. Application encryption consists of end user transport encryption only. Database and inter-application issues not addressed. Copyright 2008 – Seccuris Inc.
Application Data Loss Wireless functionality added to environment as an “enhancing” afterthought. Wireless encryption requirements did not consider “timeliness” of data transmitted. Encryption was broken while data still considered sensitive. Copyright 2008 – Seccuris Inc.
Application Data Loss Employee roles for application functions not specified by business, user roles allow for moderate access throughout the system and datasets Employee roles poorly defined or limited in application. Inappropriate Use not limited, fraud potential not reviewed Copyright 2008 – Seccuris Inc.
20 Application Data Loss Channels Data Loss Channels Client Presentation Server-side Presentation Server-side Business Logic Server-side Data Logic Server-side Data Storage Remote Data Storage Server-side Platform Network Client-side Platform 1/12/2009 Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
Process Data Loss Large office move requires transport of hundreds of hard drives, tapes, CDs and paper records Records unaccounted for after substantial office move Unknown data loss Copyright 2008 – Seccuris Inc.
Process Data Loss Outsourced contract requires use of sensitive data for service delivery Outsourcer can not provide inventory of current data / information sets in possession or controls protecting data Protection of data unknown Copyright 2008 – Seccuris Inc.
Process Data Loss Previous archival methods must be refreshed to ensure long term storage of sensitive data Technology migration requires restoration of original data to a temporary location for transition Exposure to loss increased during transition Copyright 2008 – Seccuris Inc.
24 Process Data Loss Channels Data Loss Channels Creation Distribution Use & Processing Maintenance Archival Destruction Recycling 1/12/2009 Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
Current Control Strategies Protecting Data vs. Protecting Information Copyright 2008 – Seccuris Inc.
Current Control Strategies Technical Control vs. Mitigating Process Copyright 2008 – Seccuris Inc.
Current Control Strategies Client vs. Organizational Responsibility Accountability Copyright 2008 – Seccuris Inc.
Control Strategies Best Practice Data Loss Best Practice: 1. Discover and protect confidential data wherever is it stored or used 2. Monitor data usage and prevent confidential data from leaving the security domain (organization) 3. Assure control solutions balance accuracy & efficiency Copyright 2008 – Seccuris Inc.
Control Strategies Best Practice Data Loss Best Practice: 4. Automate policy enforcement where possible 5. Maintain visibility & control over encrypted data 6. Set and Maintain Employee trust in the privacy of their information 7. Plan long-term strategy for technical controls Copyright 2008 – Seccuris Inc.
Current Control Challenges • Weak support and definition of Data Loss scope & priority at executive level • Inconsistent participation of involved corporate roles (Business, App Dev, IT, Privacy, Security & Audit) Copyright 2008 – Seccuris Inc.
Current Control Strategies What controls exist to mitigate Data Loss in the discussed scenarios? Employee Exposures – Access mistaken for ownership Application Exposures – Impact from missing controls Process Exposures – Enhance Information Management Copyright 2008 – Seccuris Inc.
32 Employee Data Loss Channels Data Loss Controls to consider and review: Channels Email •Policy (Define Access & Ownership) •Access to data does not give permission to IM transport, copy & distribute HTTP •Procedures (Effective use & storage) Copy and Paste •Alerting (Suspicious & Inappropriate Use) Local/Screen capture External (USB) Web Mail Agent-less Devices 1/12/2009 Blackberry Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
33 Employee Data Loss Channels Data Loss Controls to consider and review: Channels Email •Technical controls (Host, Network & Gateway) •Specific Implementations IM •Regular Expressions •Dictionaries HTTP •Fingerprinting •Heuristics Copy and Paste •Proximity Matching Local/Screen •Technical control management capture •Scalability & Visibility External (USB) Web Mail Agent-less Devices 1/12/2009 Blackberry Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
34 Host Gateway Corporate Public Data Loss Corporate Public Disconnected Disconnected Network Internet Network Internet Channels Email IM HTTP Copy and Paste Local/Screen capture External (USB) Web Mail Agent-less Devices 1/12/2009 Blackberry Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
35 Application Data Loss Channels Data Loss Controls to consider and review: Channels Client Presentation •Role Based Access Controls & Definitions Server-side Presentation •Role & Access Overrides Server-side Business Logic •Logging (Audit & Maintenance) Server-side Data Logic •Alerting (Suspicious & Inappropriate Use) Server-side Data Storage Remote Data Storage Server-side Platform Network 1/12/2009 Client-side Platform Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
36 Application Data Loss Channels Data Loss Controls to consider and review: Channels Client Presentation •Encryption Server-side Presentation •Data Segmentation Server-side Business Logic •Coding & Implementation Errors Server-side Data Logic •Data retention & destruction methods Server-side Data Storage Remote Data Storage Server-side Platform Network 1/12/2009 Client-side Platform Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
37 Process Data Loss Channels Data Loss Controls to consider and review: Channels Creation •Data Creation & Collection practices Distribution •Identification & Labeling Use & Processing •Classification & Re-classification Maintenance •Privacy & Business Impact Assessments Archival Destruction Recycling 1/12/2009 Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
38 Process Data Loss Channels Data Loss Channels Controls to consider and review: Creation •Minimum data protection requirements Distribution •Incident Handling & Public Relations Use & Processing •Service Levels & Required Reporting Maintenance •Awareness & Training for Data Protection Archival Destruction Recycling 1/12/2009 Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
Control Strategies to Assess Assess current environment controls: • Current control inventory • Control usage • Reporting processes • Maturity of supporting process Copyright 2008 – Seccuris Inc.
Control Strategies to Assess Focus on Process Controls • Data review should be considered for all sensitive applications (BIA, PIA, TRA) • Enhanced Response & Mitigation processes should be created. (Incident Handling, Public Relations) • Detailed contracts should set expectations for Data Loss Prevention (SLAs, OLAs) Copyright 2008 – Seccuris Inc.
Control Strategies to Assess Focus on Technical Controls • Limit collection, use and retention of data • Identify & Classify what exists today • Enterprise Rights Management, IRM / DRM Copyright 2008 – Seccuris Inc.
Moving Forward • Increase awareness of business risks • Enhance & justify your DLP strategy • Prepare for maturing expectations regarding DLP Copyright 2008 – Seccuris Inc.
Focus on your Data Loss Exposures Employee Exposures – Reset and management employee expectations & implement technical control suites Application Exposures – Promote architected systems that can prevent and mitigate unforeseen DLP scenarios Process Exposures – Enhance traditional records management strategies to prevent, detect, mitigate and respond to data loss issues. Copyright 2008 – Seccuris Inc.
Understanding the DLP priorities that exist in your organization and preparing effective mitigating strategies is foundational to any successful information security program today Copyright 2008 – Seccuris Inc.
Thanks Michael Legary, CSA, CISSP, CISM, CISA, CCSA, CPP, GCIH, PCI-QSA Founder & CIO Seccuris Inc. Email: Michael.Legary@seccuris.com Direct: 204-255-4490 Main: 204-255-4136 Fax: 204-942-6705 Copyright 2008 – Seccuris Inc.

Recomendados

Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Symantec
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWSylvain Martinez
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive OverviewKim Jensen
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak preventionAriel Evans
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 

Recomendados

Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Symantec
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWSylvain Martinez
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive OverviewKim Jensen
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak preventionAriel Evans
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and MitigationsApril Mardock CISSP
 
DLP
DLPDLP
DLPsaurabh.sood
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Ariel Martin Beliera
 
Implementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxImplementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxdamilolasunmola
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Dlp notes
Dlp notesDlp notes
Dlp notesanuepcet
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security ExplainedHappiest Minds Technologies
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelIntel - API Security & Tokenization
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 

Más contenido relacionado

La actualidad más candente

Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and MitigationsApril Mardock CISSP
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
Implementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxImplementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxdamilolasunmola
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 

La actualidad más candente (20)

Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
 
DLP
DLPDLP
DLP
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9
 
Implementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxImplementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptx
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Dlp notes
Dlp notesDlp notes
Dlp notes
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 

Destacado

The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
 
15 Most Outrageous Data Loss Incidents
15 Most Outrageous Data Loss Incidents15 Most Outrageous Data Loss Incidents
15 Most Outrageous Data Loss IncidentsDatto
 
What Does a Data Breach Cost?
What Does a Data Breach Cost?What Does a Data Breach Cost?
What Does a Data Breach Cost?CBT Nuggets
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Priyanka Aash
 
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPAREDDATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPAREDPriyanka Aash
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage PresentationMike Spaulding
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data BreachDavid Hunt
 
Dealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response PlanDealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response Planbenefitexpress
 
The 2017 data center: Clouds, containers and IoT data
The 2017 data center: Clouds, containers and IoT dataThe 2017 data center: Clouds, containers and IoT data
The 2017 data center: Clouds, containers and IoT dataClearSky Data
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 

Destacado (15)

Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
 
15 Most Outrageous Data Loss Incidents
15 Most Outrageous Data Loss Incidents15 Most Outrageous Data Loss Incidents
15 Most Outrageous Data Loss Incidents
 
What Does a Data Breach Cost?
What Does a Data Breach Cost?What Does a Data Breach Cost?
What Does a Data Breach Cost?
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution
 
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPAREDDATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage Presentation
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data Breach
 
The value of our data
The value of our dataThe value of our data
The value of our data
 
CHIOMA
CHIOMACHIOMA
CHIOMA
 
Dealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response PlanDealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response Plan
 
The 2017 data center: Clouds, containers and IoT data
The 2017 data center: Clouds, containers and IoT dataThe 2017 data center: Clouds, containers and IoT data
The 2017 data center: Clouds, containers and IoT data
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 

Similar a Data Loss Prevention: Challenges, Impacts & Effective Strategies

Why do THEY want your digital devices?
Why do THEY want your digital devices?Why do THEY want your digital devices?
Why do THEY want your digital devices?ESET
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out The Lorenzi Group
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtRoopa Nadkarni
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOCRoberto Sponchioni
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
 
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!Identive
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Why Have A Digital Investigative Infrastructure
Why Have A Digital Investigative InfrastructureWhy Have A Digital Investigative Infrastructure
Why Have A Digital Investigative InfrastructureKevin Wharram
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowAct-On Software
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyDonny Shimamoto
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
 

Similar a Data Loss Prevention: Challenges, Impacts & Effective Strategies (20)

Why do THEY want your digital devices?
Why do THEY want your digital devices?Why do THEY want your digital devices?
Why do THEY want your digital devices?
 
Mcafee dyntek
Mcafee dyntekMcafee dyntek
Mcafee dyntek
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 
Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holt
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOC
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyoug
 
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your business
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Why Have A Digital Investigative Infrastructure
Why Have A Digital Investigative InfrastructureWhy Have A Digital Investigative Infrastructure
Why Have A Digital Investigative Infrastructure
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
 
Cloud Privacy
Cloud PrivacyCloud Privacy
Cloud Privacy
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & Privacy
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
 
Sw keynote
Sw keynoteSw keynote
Sw keynote
 

Más de Seccuris Inc.

Building an enterprise forensics response service
Building an enterprise forensics response serviceBuilding an enterprise forensics response service
Building an enterprise forensics response serviceSeccuris Inc.
 
Digital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesDigital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesSeccuris Inc.
 
Compliance in Virtualized Environments
Compliance in Virtualized EnvironmentsCompliance in Virtualized Environments
Compliance in Virtualized EnvironmentsSeccuris Inc.
 
Outsourcing: A Security Perspective
Outsourcing: A Security PerspectiveOutsourcing: A Security Perspective
Outsourcing: A Security PerspectiveSeccuris Inc.
 
Security Information Management: An introduction
Security Information Management: An introductionSecurity Information Management: An introduction
Security Information Management: An introductionSeccuris Inc.
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionSeccuris Inc.
 
Building Critical Infrastructure For Business Recovery
Building Critical Infrastructure For Business RecoveryBuilding Critical Infrastructure For Business Recovery
Building Critical Infrastructure For Business RecoverySeccuris Inc.
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationSeccuris Inc.
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security ProgramSeccuris Inc.
 

Más de Seccuris Inc. (11)

Building an enterprise forensics response service
Building an enterprise forensics response serviceBuilding an enterprise forensics response service
Building an enterprise forensics response service
 
Digital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesDigital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniques
 
Compliance in Virtualized Environments
Compliance in Virtualized EnvironmentsCompliance in Virtualized Environments
Compliance in Virtualized Environments
 
Outsourcing: A Security Perspective
Outsourcing: A Security PerspectiveOutsourcing: A Security Perspective
Outsourcing: A Security Perspective
 
Security Information Management: An introduction
Security Information Management: An introductionSecurity Information Management: An introduction
Security Information Management: An introduction
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and prevention
 
Building Critical Infrastructure For Business Recovery
Building Critical Infrastructure For Business RecoveryBuilding Critical Infrastructure For Business Recovery
Building Critical Infrastructure For Business Recovery
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualization
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security Program
 

Último

Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Último (20)

Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Data Loss Prevention: Challenges, Impacts & Effective Strategies

  • 1. Data Loss Prevention Challenges, Impacts & Effective Strategies
  • 2. Data Loss will impact your organization this year… …in an new, unexpected and uncontrollable manner. Copyright 2008 – Seccuris Inc.
  • 3. Data Loss is an Escalating Problem Number of Reported 1700% increase in incidents Data Loss Incidents2 since 20041 350 – 1 in 2 identities already at 300 – risk2 250 – $4.8M3 Avg cost/leak: 200 – ~70% of organizations 150 – experienced loss caused by “insiders”4 100 – 33% believe a serious data 50 – breach can put them out of 0- business5 2002 2003 2004 2005 2006 Source: McAffeeDLP Overview 1Source: Attrition.org 3Source: Privacy Rights Clearinghouse 3Source: Ponemon Institute “2006 Cost of Data Breach Study” 4Source: 2006 CSI/FBI Computer Crime and Security Survey 5Source: Datagate report by McAfee/Datamonitor Copyright 2008 – Seccuris Inc.
  • 4. Market Value of Data is increasing $147 $980-$4,900 Birth certificate Trojan to steal account information $98 $490 Social Security card Credit Card Number with PIN $6-$24 $78-$294 Credit card number Billing data $6 $147 PayPal account Driver's license logon and password Source: McAffeeDLP Overview 1Source: www.informationweek.com Copyright 2008 – Seccuris Inc.
  • 5. Data Loss is a Serious Everyday issue Copying customer Emailing confidential record files to a document to a USB Drive competitor Sending internal Printing financial documents via documents Hotmail Emailing confidential Sending email via data via guest laptop Blackberry on corporate net Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 6. Technical threats are maturing Movement of the technical threat • Network & System Based • Database & Application Based • Second Tier Attacks • Social Network Site Attacks • Banking Site Trojans Copyright 2008 – Seccuris Inc.
  • 7. Business challenges are growing Accidental and malicious means Anywhere All parts of the network & business No visibility and control Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 8. Key Business Motivators are emerging Breach of Corporate Governance Loss of Customer PCI DSS PIPEDA Loss of & Confidential Data Intellectual Property Provincial FOI Acts Health Acts Basel II Credit Card Records Patents SOX/CSOX ACSI33 Accounts & Source Code Passwords GLBA Methods & Social Insurance #s Process Financials Trade Secrets Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 9. Expectations for protection have mutated Data Loss Prevention is your organizations’ responsibility… Expectations from: • Government • Industry • Clients & Constituents What, How, For what length of time? WHY? Copyright 2008 – Seccuris Inc.
  • 10. Understanding the DLP priorities that exist in your organization and preparing effective mitigating strategies is foundational to any successful information security program today Copyright 2008 – Seccuris Inc.
  • 11. Data Loss Priorities Employee Exposures – Access mistaken for ownership Application Exposures – Impact from missing controls Process Exposures – Enhance Information Management Copyright 2008 – Seccuris Inc.
  • 12. Data Loss - Scope Printer USB On the Road Copy & At Work Paste Ph iro En ee y s nm v oy ic e n At Home pl al t Em m e DATA HTTPS at k & ` ns Pr lic or io oc pp w Creation A Net es Identify & Classify s IM Peer to Peer Distribution Hello, how Wi-Fi are you? Incident Handling email Use Recycle Maintain FTP Source: McAffeeDLP Overview Archive Destroy Copyright 2008 – Seccuris Inc.
  • 13. Employee Data Loss Employee cuts out sensitive data from working document and uses hotmail to send a copy to his home account. Data is cut & copied losing any labeling or DRM from the original file Sensitivity & Classification removed Copyright 2008 – Seccuris Inc.
  • 14. Employee Data Loss Employee copies sensitive data from database to USB for “safekeeping”. Copied data removed undetected on removable media No control from further duplication Copyright 2008 – Seccuris Inc.
  • 15. Employee Data Loss Printer Employee prints sensitive document for review on the road. Printed documents removed from the office without version control, described context, etc. Retention & Destruction uncontrolled Copyright 2008 – Seccuris Inc.
  • 16. 16 Employee Data Loss Channels Data Loss Channels Email IM HTTP Copy and Paste Local/Screen capture External (USB) Web Mail Agent-less Devices 1/12/2009 Blackberry Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 17. Application Data Loss HTTPS Application encryption requirements assessed after initial prototype or UAT builds. Application encryption consists of end user transport encryption only. Database and inter-application issues not addressed. Copyright 2008 – Seccuris Inc.
  • 18. Application Data Loss Wireless functionality added to environment as an “enhancing” afterthought. Wireless encryption requirements did not consider “timeliness” of data transmitted. Encryption was broken while data still considered sensitive. Copyright 2008 – Seccuris Inc.
  • 19. Application Data Loss Employee roles for application functions not specified by business, user roles allow for moderate access throughout the system and datasets Employee roles poorly defined or limited in application. Inappropriate Use not limited, fraud potential not reviewed Copyright 2008 – Seccuris Inc.
  • 20. 20 Application Data Loss Channels Data Loss Channels Client Presentation Server-side Presentation Server-side Business Logic Server-side Data Logic Server-side Data Storage Remote Data Storage Server-side Platform Network Client-side Platform 1/12/2009 Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 21. Process Data Loss Large office move requires transport of hundreds of hard drives, tapes, CDs and paper records Records unaccounted for after substantial office move Unknown data loss Copyright 2008 – Seccuris Inc.
  • 22. Process Data Loss Outsourced contract requires use of sensitive data for service delivery Outsourcer can not provide inventory of current data / information sets in possession or controls protecting data Protection of data unknown Copyright 2008 – Seccuris Inc.
  • 23. Process Data Loss Previous archival methods must be refreshed to ensure long term storage of sensitive data Technology migration requires restoration of original data to a temporary location for transition Exposure to loss increased during transition Copyright 2008 – Seccuris Inc.
  • 24. 24 Process Data Loss Channels Data Loss Channels Creation Distribution Use & Processing Maintenance Archival Destruction Recycling 1/12/2009 Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 25. Current Control Strategies Protecting Data vs. Protecting Information Copyright 2008 – Seccuris Inc.
  • 26. Current Control Strategies Technical Control vs. Mitigating Process Copyright 2008 – Seccuris Inc.
  • 27. Current Control Strategies Client vs. Organizational Responsibility Accountability Copyright 2008 – Seccuris Inc.
  • 28. Control Strategies Best Practice Data Loss Best Practice: 1. Discover and protect confidential data wherever is it stored or used 2. Monitor data usage and prevent confidential data from leaving the security domain (organization) 3. Assure control solutions balance accuracy & efficiency Copyright 2008 – Seccuris Inc.
  • 29. Control Strategies Best Practice Data Loss Best Practice: 4. Automate policy enforcement where possible 5. Maintain visibility & control over encrypted data 6. Set and Maintain Employee trust in the privacy of their information 7. Plan long-term strategy for technical controls Copyright 2008 – Seccuris Inc.
  • 30. Current Control Challenges • Weak support and definition of Data Loss scope & priority at executive level • Inconsistent participation of involved corporate roles (Business, App Dev, IT, Privacy, Security & Audit) Copyright 2008 – Seccuris Inc.
  • 31. Current Control Strategies What controls exist to mitigate Data Loss in the discussed scenarios? Employee Exposures – Access mistaken for ownership Application Exposures – Impact from missing controls Process Exposures – Enhance Information Management Copyright 2008 – Seccuris Inc.
  • 32. 32 Employee Data Loss Channels Data Loss Controls to consider and review: Channels Email •Policy (Define Access & Ownership) •Access to data does not give permission to IM transport, copy & distribute HTTP •Procedures (Effective use & storage) Copy and Paste •Alerting (Suspicious & Inappropriate Use) Local/Screen capture External (USB) Web Mail Agent-less Devices 1/12/2009 Blackberry Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 33. 33 Employee Data Loss Channels Data Loss Controls to consider and review: Channels Email •Technical controls (Host, Network & Gateway) •Specific Implementations IM •Regular Expressions •Dictionaries HTTP •Fingerprinting •Heuristics Copy and Paste •Proximity Matching Local/Screen •Technical control management capture •Scalability & Visibility External (USB) Web Mail Agent-less Devices 1/12/2009 Blackberry Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 34. 34 Host Gateway Corporate Public Data Loss Corporate Public Disconnected Disconnected Network Internet Network Internet Channels Email IM HTTP Copy and Paste Local/Screen capture External (USB) Web Mail Agent-less Devices 1/12/2009 Blackberry Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 35. 35 Application Data Loss Channels Data Loss Controls to consider and review: Channels Client Presentation •Role Based Access Controls & Definitions Server-side Presentation •Role & Access Overrides Server-side Business Logic •Logging (Audit & Maintenance) Server-side Data Logic •Alerting (Suspicious & Inappropriate Use) Server-side Data Storage Remote Data Storage Server-side Platform Network 1/12/2009 Client-side Platform Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 36. 36 Application Data Loss Channels Data Loss Controls to consider and review: Channels Client Presentation •Encryption Server-side Presentation •Data Segmentation Server-side Business Logic •Coding & Implementation Errors Server-side Data Logic •Data retention & destruction methods Server-side Data Storage Remote Data Storage Server-side Platform Network 1/12/2009 Client-side Platform Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 37. 37 Process Data Loss Channels Data Loss Controls to consider and review: Channels Creation •Data Creation & Collection practices Distribution •Identification & Labeling Use & Processing •Classification & Re-classification Maintenance •Privacy & Business Impact Assessments Archival Destruction Recycling 1/12/2009 Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 38. 38 Process Data Loss Channels Data Loss Channels Controls to consider and review: Creation •Minimum data protection requirements Distribution •Incident Handling & Public Relations Use & Processing •Service Levels & Required Reporting Maintenance •Awareness & Training for Data Protection Archival Destruction Recycling 1/12/2009 Source: McAffeeDLP Overview Copyright 2008 – Seccuris Inc.
  • 39. Control Strategies to Assess Assess current environment controls: • Current control inventory • Control usage • Reporting processes • Maturity of supporting process Copyright 2008 – Seccuris Inc.
  • 40. Control Strategies to Assess Focus on Process Controls • Data review should be considered for all sensitive applications (BIA, PIA, TRA) • Enhanced Response & Mitigation processes should be created. (Incident Handling, Public Relations) • Detailed contracts should set expectations for Data Loss Prevention (SLAs, OLAs) Copyright 2008 – Seccuris Inc.
  • 41. Control Strategies to Assess Focus on Technical Controls • Limit collection, use and retention of data • Identify & Classify what exists today • Enterprise Rights Management, IRM / DRM Copyright 2008 – Seccuris Inc.
  • 42. Moving Forward • Increase awareness of business risks • Enhance & justify your DLP strategy • Prepare for maturing expectations regarding DLP Copyright 2008 – Seccuris Inc.
  • 43. Focus on your Data Loss Exposures Employee Exposures – Reset and management employee expectations & implement technical control suites Application Exposures – Promote architected systems that can prevent and mitigate unforeseen DLP scenarios Process Exposures – Enhance traditional records management strategies to prevent, detect, mitigate and respond to data loss issues. Copyright 2008 – Seccuris Inc.
  • 44. Understanding the DLP priorities that exist in your organization and preparing effective mitigating strategies is foundational to any successful information security program today Copyright 2008 – Seccuris Inc.
  • 45. Thanks Michael Legary, CSA, CISSP, CISM, CISA, CCSA, CPP, GCIH, PCI-QSA Founder & CIO Seccuris Inc. Email: Michael.Legary@seccuris.com Direct: 204-255-4490 Main: 204-255-4136 Fax: 204-942-6705 Copyright 2008 – Seccuris Inc.