Scribd
Upload
265 views15 pages

Corporate Data Security Essentials

Uploaded by

api-253026402
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
265 views15 pages

Corporate Data Security Essentials

Uploaded by

api-253026402
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
  • Introduction to Data Loss Prevention: Introduces data loss prevention strategies, including key terminologies and the importance of preventing data leaks.
  • Data Loss vs Data Leak: Differentiates between data loss and data leak, providing examples and explaining risks.
  • Business Rules: Discusses how business rules govern data loss prevention software and their role in identifying critical information.
  • Data Retention Policy: Outlines policies and legal requirements for data retention and archival, including economic considerations.
  • Factors Affecting Data Loss Prevention: Examines internal and external factors that influence data loss prevention strategies.
  • Data Protection Solutions: Explores various solutions for data protection, such as replication and backup strategies.
  • Data Loss Prevention Software and Providers: Lists popular data loss prevention software solutions and providers, addressing their functionalities.
  • Personal Systems vs Enterprise Systems: Compares personal and enterprise systems in terms of design, functionality, and usage scenarios.
  • Managerial Concerns in Data Loss Prevention: Discusses the challenges and considerations managers face when deciding on data loss prevention strategies.

Data Loss Prevention

Abheer Chandorkar, Pavel Kirik, Chang Lee

What is data loss prevention?



Strategy used to make sure critical information stays in corporate network

Also used to describe softwares that help control what data is transferred
Backing up is key in DLP

Privacy laws are being driven by insider threats

Data Loss vs Data Leak

Same thing with few subtle differences o Data Loss: Malicious & intentional theft Attacker A steals credit card info Hacker steals Obamas schedule from campaign manager o Data Leak: Accidental leakage due to poor internal controls Employee downloads work files to usb to work on it at home HR manager sends confidential payroll sheet instead of filtered Leakage is easier to prevent

Business Rules

Describes business policy or procedure at the atomic level

Used in DLP softwares to examine and tag critical information


2 Functions: o Identifying & tagging well-defined content o Users cannot disclose information Softwares weakness identifying sensitive data like intellectual property

All management levels need to be involved in creation

Data Retention Policy



Policies of persistent data and record management for legal and business data archival requirements. Legal and privacy compliance Economic concerns o Cost to archive o Business operations

Factors

Factors

Internal o Everyday business operations User credentials Search queries E-mail logs External o Federal and local government o Standards for private certification o Contractual obligations

Solutions

Asynchronous replication Archival storage Data archiving Incremental backup Centralized backup Differential backup Layered security

Asynchronous Replication

Storage and forward approach

Intermediate station verifies integrity


Data written to primary storage THEN replicated to another flash or disk-based storage Less bandwidth intensive Tolerate some degradation in connection o Works well in long distances

Incremental Backup

Data are backed up if the file has been changed or new files were introduced. Most prevalent backup system Minimum amount of storage needed Faster backup and restore Restore can be a headache

Centralized Backup

One location is chosen for storage Data is automatically replicated from remote sites Potentially lowers cost of maintenance HIGH bandwidth usage o Substantially slower backup and restore

Data Loss Prevention & Providers



Data loss prevention software acts as a security feature for networks

Controls the flow of information based on pre set restrictions


Follows business rules based on unique requirements of each network for which this software is used. Most useful when dealing with clearly defined content such as storing of credit card numbers

Providers include CISCO, Trustwave, and HP among others

Personal vs Enterprise

Personal system is designed for a single user, and can be found on a low to medium powered PC platform Personal is created to suit the most common requirements of simple databases, example of personal is Microsoft Access

Enterprise system has the capability to support very large databases, requires a large budget, and is more tailored for an organization
Most famous company to make enterprise systems is Oracle

Managerial Issues

Decisions are difficult

Variety of solutions
Only 1 optimal solution

Decision should be based on multiple factors


Choose best option for company

Managerial Decisions

Factors: o Cost o Time o Productivity o Regulations Examples: o Centralized storage o Incremental storage o Gradual implementation of software o Follow laws

You might also like