By: Dorian Lockhart Wilston Johnston

Slides:

Advertisements

Similar presentations

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

Advertisements

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Chapter 7 Database Auditing Models

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

General Awareness Training

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security considerations for mobile devices in GoRTT

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Protecting Your Business! SBA Ft. Lauderdale November 15, 2006 Gregory Levine, Sr. Director Marketing.

13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

The State of Computer & Data Security in Corporations Independent Survey.

© 2009 WatchGuard Technologies WatchGuard XCS Data Loss Prevention Ensuring Privacy & Security of Outbound Content.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

What’s New Data Loss Prevention 14. Information is Everywhere Brings Productivity, Agility, Convenience ……and Problems Copyright © 2015 Symantec Corporation.

Welcome to the ICT Department Unit 3_5 Security Policies.

INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Introduction to Barracuda IM Firewall

EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY

Understanding DATA LOSS PREVENTION

Chapter 5 Electronic Commerce | Security Threats - Solution

CompTIA Security+ SY0-401 Real Exam Question Answer

Security Standard: “reasonable security”

Real-time protection for web sites and web apps against ATTACKS

Data protection headaches: GDPR, brexit AND perimeter risk

Secure Software Confidentiality Integrity Data Security Authentication

I S P S loss Prevention.

Chapter 5 Electronic Commerce | Security Threats - Solution

Cloud Computing Kelley Raines.

Answer the questions to reveal the blocks and guess the picture.

Chapter 3: IRS and FTC Data Security Rules

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Infrastructure, Data Center & Managed Services

LM 8 Data Administration & Database Administration

Threat Landscape for Data Security

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES

Network and Internet Security and Privacy

NETWORK SECURITY.

How to Mitigate the Consequences What are the Countermeasures?

DATA LOSS PREVENTION Mr. Collins Oduor.

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

IS4680 Security Auditing for Compliance

(With Hybrid Network Support)

4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Technology Convergence

Detection Detect the breach and protect the data. By,

Protect data in core business applications

Data Lost Prevention (DLP) © Copyright 2009 Technica All rights reserved. No part of this presentation in all its property may be used or reproduced in.

Comodo Dome Data Protection

OU BATTLECARD: Oracle Identity Management Training

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

By: Dorian Lockhart Wilston Johnston Data Loss Prevention By: Dorian Lockhart Wilston Johnston

Data Loss Prevention Data Loss Prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.

10 Reasons DLP is Needed in Businesses ⇛ Not sure where the the company’s confidential data is being stored, accessed or sent. ⇛ Your company has a plan for protecting data from external intruders, but does not protect against theft and accidental disclosure of sensitive information by employees and partners. ⇛ You are concerned about the liability, negative exposure, fines and lost revenue associated with data breaches. ⇛You are concerned about your next audit and want to maintain compliance with complex regulations. ⇛You need to protect proprietary information against security threats caused by enhanced employee mobility and new communication channels. http://focus.forsythe.com/articles/19/10-Reasons-Why-Your-Organization-Needs-Data-Loss-Prevention

10 Reasons DLP is Needed in Businesses continued... ⇛ You would like to monitor your organization for inappropriate employee conduct and maintain forensic data of security events as evidence. ⇛ You are uncertain of your organization’s level of protection for confidential data in cloud applications and storage. ⇛ Your organization would like to proactively prevent the misuse of data at endpoints, both on and off the corporate network. ⇛ You would like to automate corporate governance as a means of improving compliance while saving time and resources. ⇛ You would like to gain a competitive advantage, in both brand value and reputation. http://focus.forsythe.com/articles/19/10-Reasons-Why-Your-Organization-Needs-Data-Loss-Prevention

https://www. skyhighnetworks https://www.skyhighnetworks.com/cloud-security-blog/what-are-the-top-data-loss-prevention-tools/ https://www.youtube.com/watch?v=w0mePYhPsk0

https://www.devicelock.com/products/byod-virtual-dlp.html

Review of Symantec DLP https://www.youtube.com/watch?v=KIE1phfjiic Each employee has a username (most likely synced Active Directory) Program/Agents on your company’s computer that scan for keywords Policy updates can be immediately executed. And last (month’s, year’s, quarter’s) policy can also be executed DLP reports can be filed, saved, and sent to the Security Team engineers to analysis Can be used on multiple formats (doc, docx, xlsx, pdf, ost) even in-browser application https://www.youtube.com/watch?v=KIE1phfjiic

DLP Policy Management - Human Side Enact shredding a policy to all sensitive information Create training course to educate employees on what is and not confidential Use tools like Wombat for surprise inspections https://www.wombatsecurity.com/research-and-results/case-studies-proofs-of-concept?ads_cmpid=199645754&ads_adid=12365739194&ads_matchtype=e&ads_network=g&ads_creative=178034337588&utm_term=wombat%20security&ads_targetid=kwd-27688005879&utm_campaign=&utm_source=adwords&utm_medium=ppc&ttv=2&gclid=CJyimu6HtNYCFRtWDQodbWIGyg

Legal The use of DLP system does not contradict any data protection regulations, especially when it comes to insensitive personal data. All work-related communications can also be monitored based on the statement that all employees act on behalf and as a representative of their employer. Employees will need to be aware of the DLP program. Employee who intentionally violate company DLP regulation will need to be dealt with.

Current Events & Attacks - Honda - Arby's - Intercontinental Hotels Group - Saks Fifth Avenue - U.S. Air Force - Over 60 universities and U.S. federal government organizations - Cellebrite - WannaCry Ransomware

Ways to Protect Yourself Standard Measures: Install Firewalls Antivirus, IDS’s. Client Server Architecture plans. Advanced Measures: Machine Learning Temporal Reasoning Algorithms (AI thinks) Designated Systems Exact Data Matching Structured Data Fingerprinting Statistical Methods (Published lexicons and other methods) https://www.youtube.com/watch?v=ljgt044xAM0 https://en.wikipedia.org/wiki/Data_loss_prevention_software https://digitalguardian.com/blog/what-file-fingerprinting

Questions?