BCS ITNow 201403 - Data Loss Prevention
-
Upload
gareth-niblett -
Category
Data & Analytics
-
view
118 -
download
3
Transcript of BCS ITNow 201403 - Data Loss Prevention
DLP is often thought of as a technology that simply stops all unauthorised information flows once it has been installed. In reality, DLP should be part of information life cycle management and focus on ensuring organisations can share the information it needs to, both internally and externally, in a correct, accountable and secure manner. Data loss is then also prevented as a beneficial by-product.
Even well funded and resourced organisations can find this challenging in practice, especially against a motivated
insider, such as in the case of Edward Snowden and the NSA, as although external barriers may be strong, internal ones are often weak. Without all-encompassing policies and procedures, no amount of technology can completely counteract inadvertent or deliberate exposure and exfiltration of information and data.
To enable robust inter-organisational collaboration, we need common policies for identity proofing and verification (IPV) of organisations, people and devices, issuance of credentials, authentication, authorisation so that interoperability can be obtained.
One leading initiative is the non-profit organisation British Business Federation Authority (BBFA) (federatedbusiness.org) that is working towards enabling such federated trust.
BBFA is working with both private and public sector organisations towards standards-based and interoperable IPV, strong authentication and authentication, federation and PKI bridge policies, procedures and mechanisms, as it
INFORMATION SECURITY
recognises that without these no technology can meet the real needs of customers and end users. BBFA is also involved in secure information sharing initiatives, such as the HMG Cyber Information Sharing Partnership (CISP) and Multinational Alliance for Collaborative Cyber Situational Awareness (MACCSA).
www.bcs.org/security
Gareth Niblett, Chairman of the BCS Information Security Specialist Group, says data loss prevention is about sharing information securely.
Information Security Specialist Group (ISSG):www.bcs-issg.org.uk
Information Risk Management and Assurance Specialist Group:www.bcs.org/groups/irma
BCS Security Community of Expertise (SCoE):www.bcs.org/securitycommunity
FURTHER INFORMATION
DATA LOSS PREVENTION
doi:1
0.10
93/i
tnow
/bw
u011
©20
14 T
he B
ritis
h Co
mpu
ter
Soci
ety
Imag
e: P
hoto
disc
/833
9771
1
24 ITNOW March 2014
ITinnovator
There’san
that doesn’t sell anything,make anything,
but protects everything.
Technology with a purpose
Nowhere on the planet does technology like we do.It’s a bold assertion. And one you’ll only ever truly be able to verify by joining us. But believe it when we XEPO�EFSYX�[SVPH�½VWXW��EWXSRMWLMRK�EGLMIZIQIRXW�ERH�QMRH�FPS[MRK��SRGI�MR�E�GEVIIV�STTSVXYRMXMIW��&IGEYWI�TVSXIGXMRK�XLI�REXMSR�MW�ER�IZIV�HIQERHMRK�GLEPPIRKI��That’s why we need Architects who are as excited by XIGLRSPSK]�EW�[I�EVI��MRUYMWMXMZI��MRXIPPMKIRX�TISTPI�[MXL�the courage to innovate and pioneer. We’re breaking RI[�KVSYRH�IZIV]�HE]��XEGOPMRK�TVSNIGXW�XLEX�QYWX�FI�delivered for the sake of national safety. Join us and you could too. Have you got what it takes to be an MI5 architect? Find out at www.mi5.gov.uk/careers
8S�ETTP]�XS�1-��]SY�QYWX�FI�E�FSVR�SV�REXYVEPMWIH�&VMXMWL�GMXM^IR��SZIV����]IEVW�SPH�ERH�RSVQEPP]�LEZI�PMZIH�MR�XLI�9/�JSV�RMRI�SJ�XLI�PEWX�XIR�]IEVW��=SY�WLSYPH�RSX�HMWGYWW�]SYV�ETTPMGEXMSR��SXLIV�XLER�[MXL�]SYV�TEVXRIV�SV�E�GPSWI�JEQMP]�QIQFIV��TVSZMHMRK�XLEX�XLI]�EVI�&VMXMWL��8LI]�WLSYPH�EPWS�FI�QEHI�E[EVI�SJ�XLI�MQTSVXERGI�SJ�HMWGVIXMSR�
Enterprise Architects Solutions Architects Technical Architects