ISSA DLP Presentation - Oxford Consulting Group
-
Upload
aengelbert -
Category
Documents
-
view
1.851 -
download
1
description
Transcript of ISSA DLP Presentation - Oxford Consulting Group
![Page 1: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/1.jpg)
Data Loss Prevention Eliminate the Hype and Enable Your Business
Andrew Engelbert, CISSP, CISMIT Risk ManagementDelivery Services Manager
![Page 2: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/2.jpg)
Corporate Profile
Speaker Bio• Andrew Engelbert – Delivery Manager, IT Risk Management,
CISSP, CISM
• 12 years IT experience (7 years in Risk Management). Held various positions at health care, insurance, financial services and IT consulting organizations.
• Extensive knowledge and experience with both traditional and non-traditional programmatic and assessment methodologies, organizational and IT-based policies and procedures, security controls and current industry standards (ISO, PCI, HIPAA, GLBA, FACTA).
![Page 3: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/3.jpg)
Corporate Profile
Agenda
• Business Drivers
• DLP Problem Space
• Common Challenges
• People, Process and Policy
• Technology Solutions
• Fear, Uncertainty and Doubt
• Enable Your Business
![Page 4: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/4.jpg)
Business Drivers
![Page 5: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/5.jpg)
Corporate Profile
Business Drivers
• Regulatory, Customer or Business Partner requirement
• Proactive risk management initiative
– Increased data visibility
• Cost of doing business in today’s world
• Reaction to ‘potential’ data breach (Hopefully not!)
![Page 6: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/6.jpg)
DLP Problem Space
![Page 7: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/7.jpg)
Corporate Profile
DLP Problem Space
(int+ext)
Webmail,
blogs, etc.
IM/chat File sharing
Printouts
Risk areas
USB sticks CDs/DVDs iPods External
hard drives
Encrypted
content
Desktops Databases /
repositories
Mail archives File shares Document
management
systems
IN MOTION
(DIM)
AT REST
(DAR)
IN USE
(DIU)
DATA
Data types DLP approach
Network
Endpoint
Discovery
![Page 8: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/8.jpg)
Common Challenges
![Page 9: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/9.jpg)
Corporate Profile
Common Challenges
• Obtaining executive support
• Identifying what are data you trying to protect?
– Data at rest
– Data in transit
– Data in motion
• Understanding your threat landscape
– Business impact analysis
– Existing control points (prevent, detect, respond)
– Establish loss implications
![Page 10: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/10.jpg)
Corporate Profile
Common Challenges
• Data collection and analysis
– Volume of data to review can be overwhelming
– False positive research and analysis
• Employee education and awareness
• Undocumented policies and procedures
• Clearly defined roles and responsibilities
![Page 11: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/11.jpg)
People, Process and Policy
![Page 12: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/12.jpg)
Corporate Profile
People, Process and Policy
• Get the right people involved
– HR, Legal, InfoSec, LOB leadership, General Council
• Understand the scope of your solution
– Consider a phased approach (Monitor, Discover, Detect, Prevent)
• Open and honest communication
– Clear, concise, consistent, useful
![Page 13: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/13.jpg)
Corporate Profile
People, Process and Policy
• Education and awareness campaign
– Explain requirements and expectations from regulators, customers and business partners
– Cost of doing business in today’s world
– Identify a single point of contact for questions
![Page 14: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/14.jpg)
Corporate Profile
People, Process and Policy
• Business Interviews
– Identify stakeholders within each business unit
– Identify incident owners and points of contact for specific data classifications
– Capture and distribute specific regulatory requirements to impacted areas
![Page 15: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/15.jpg)
Corporate Profile
People, Process and Policy
• Collect and Review Data
– Target key data entry and exit points based on scope
– Minimum of 60 to 90 days
• Data Validation
– Elimination of False Positives
– Exact Data Matching & Indexing Capabilities
![Page 16: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/16.jpg)
Corporate Profile
People, Process and Policy
• Data Classification
– Identify classification criteria
– Identify data owners
– Review compliance requirements
• Incident Management
– Escalation criteria & processes
– Automation of incident responses
– Enable compliance triggers
![Page 17: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/17.jpg)
Corporate Profile
People, Process and Policy
• Data Use
• General Acceptable Use
• Business Partner Contracts
![Page 18: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/18.jpg)
Technology Solutions
![Page 19: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/19.jpg)
Corporate Profile
Technology Solutions
• The threat of a data breach can be significantly mitigated through the use of today’s DLP technology
• Data loss prevention solutions can provide a clear return on investment (ROI) and a manageable total cost of ownership (TCO).
![Page 20: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/20.jpg)
Corporate Profile
Technology Solutions
Technology Solutions
• Choose your approach
• Understand your needs before reviewing vendor products.
• Leverage risk modeling solutions and expertise from resources you trust.
• Find the product that addresses your particular needs.
• Don’t use band aids
![Page 22: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/22.jpg)
Corporate Profile
Technology Solutions
Vendor Areas of Focus:
• Endpoint (laptops/desktops)
• Data at Rest (file servers, archives, mail boxes)
• Data in Motion (email, web, IM, P2P)
• Encryption (whole disk encryption, or targeted data encryption)
• Content Filtering
• Monitor vs Blocking
![Page 23: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/23.jpg)
Fear, Uncertainty and Doubt
![Page 24: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/24.jpg)
Corporate Profile
Fear, Uncertainty and Doubt
• Data Loss Prevention technology is not the silver bullet.
• The “Whole” solution may not be required.
• Technology alone is not the answer.
• Multiple vendor solutions may be required.
![Page 25: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/25.jpg)
Enable Your Business
![Page 26: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/26.jpg)
Corporate Profile
Enable Your Business
• Leverage executive support
• Establish DLP strategies and objectives
• Educate and communicate
• Highlight relevant data loss examples and explain the potential impact
![Page 27: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/27.jpg)
Corporate Profile
Enable Your Business
• Proactive versus reactive incident management
• Increase your data visibility
• Implement a structured and repeatable DLP policy development and management process
• Prioritize findings and take action
![Page 28: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/28.jpg)
Corporate Profile
Enable Your Business
• Automated the incident response workflow process
• Clearly define roles and responsibilities
• Share results with executive management
![Page 29: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/29.jpg)
Corporate Profile
Summary
• Prepare, plan and execute your DLP strategy
• Leverage executive management support
• Communicate, communicate, communicate
• People, Process and Policy approach
• Align DLP technology with your goals and objectives
![Page 30: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.fdocuments.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/30.jpg)
Questions?
Thank You!