Presentation is loading. Please wait.

Presentation is loading. Please wait.

DATA LOSS PREVENTION Mr. Collins Oduor.

Published byChastity Hubbard Modified over 6 years ago

Similar presentations

Presentation on theme: "DATA LOSS PREVENTION Mr. Collins Oduor."— Presentation transcript:

1 DATA LOSS PREVENTION Mr. Collins Oduor

2 Why this Session? DLP Strategies Understanding DLP
DLP Basics Enterprise Data Lifecycle Data Loss Proliferation DLP Strategies

3 Enterprise Data Lifecycle
Data can be both an asset and a liability. As organisations grow, the volume and complexity of data required to support the business increases. All organisations store sensitive data that their customers, business partners, shareholders and the Board expect them to protect against theft, loss and misuse.

4 Data Loss Proliferation
Data loss can be defined as the movement of an information asset from an intended state to an unintended, inappropriate or unauthorised state, representing a risk or a potentially negative impact to the organisation.

5 DLP BASICS WHAT: In short, DLP is a set of technology tools and processes that ensure sensitive data is not stolen or lost. HOW: accidental (i.e. employee error) or malicious actions (i.e. cyber criminal breach) put your organization's data at risk. WHO USES DLP: Large enterprises in the Fortune Global Mid-size enterprises are implementing DLP Strategies

6 Threat to data The type of threat data is exposed to: •Insider: disgruntled employee, ladder climber, petty ID thief, contractors, outsourcers, business partners/vendors, fraudsters • Outsider: spies and industry espionage, gangs, ideologists, cyber terrorists, scammers (e.g. phisher),social engineer, script kiddies

7 The variables to take into account when calculating the cost of a data loss incident
• Brand impact: - Media scrutiny Loss of customers Loss of business due to critical intellectual asset loss •Regulatory impact: Independent audit fees Regulatory fines • Financial impact: - Notification Lost business Response costs Competitive disadvantage •Operational impact: - Diversion of employees from strategic initiatives to work on damage limitation - Need to implement comprehensive (additional) security solutions

8 DLP Conceptual Model

9 Enterprise Data Lifecycle
Data in use (i.e. ‘What is the agent doing with it?’): - Disgruntled employees copying files containing personal or confidential information to portable devices (e.g. flash drives) - Users printing sensitive data to equipment in common areas which can be accessed by others Data in motion (i.e. ‘Where is the data going?’): - Users sending sensitive data to personal webmail accounts in order to work at home Data at rest (i.e. ‘Where is sensitive data located?’): - Business users innocently placing personal information in insecure storage locations where access is not administered by IT

10 Existing solutions - Areas

11 Proposed Approach This approach integrates people, processes and technology. It allows DLP solutions to be aligned with business drivers and value.

12

13 DLP Considerations The most important consideration before undertaking a DLP project is to determine your organization’s primary data protection objective. Traditionally, organizations adopt DLP to achieve one of three objectives:

14 Below are some key considerations that should be taken into account as a first step towards a successful DLP tool selection and subsequent implementation:

15 Questions MPESA NUMBER : +254-719-871-954 @Coduor

Download ppt "DATA LOSS PREVENTION Mr. Collins Oduor."

Similar presentations

Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.

THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
Security Controls – What Works

Security Controls – What Works
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.

© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.
INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.

INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.
BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.

BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
DEVELOPING A RISK ANALYSIS. What is a risk analysis? A Risk analysis is concerned with identifying the risks that an organisation is exposed to, identifying.

DEVELOPING A RISK ANALYSIS. What is a risk analysis? A Risk analysis is concerned with identifying the risks that an organisation is exposed to, identifying.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
AUGUST 25, 2015 Cyber Insurance:

AUGUST 25, 2015 Cyber Insurance:
ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.

ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Similar presentations

Ads by Google