Presentation is loading. Please wait.

Presentation is loading. Please wait.

By: Dorian Lockhart Wilston Johnston

Published byRüdiger Hausler Modified over 5 years ago

Similar presentations

Presentation on theme: "By: Dorian Lockhart Wilston Johnston"— Presentation transcript:

1 By: Dorian Lockhart Wilston Johnston
Data Loss Prevention By: Dorian Lockhart Wilston Johnston

2 Data Loss Prevention Data Loss Prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.

3 10 Reasons DLP is Needed in Businesses
⇛ Not sure where the the company’s confidential data is being stored, accessed or sent. ⇛ Your company has a plan for protecting data from external intruders, but does not protect against theft and accidental disclosure of sensitive information by employees and partners. ⇛ You are concerned about the liability, negative exposure, fines and lost revenue associated with data breaches. ⇛You are concerned about your next audit and want to maintain compliance with complex regulations. ⇛You need to protect proprietary information against security threats caused by enhanced employee mobility and new communication channels.

4 10 Reasons DLP is Needed in Businesses continued...
⇛ You would like to monitor your organization for inappropriate employee conduct and maintain forensic data of security events as evidence. ⇛ You are uncertain of your organization’s level of protection for confidential data in cloud applications and storage. ⇛ Your organization would like to proactively prevent the misuse of data at endpoints, both on and off the corporate network. ⇛ You would like to automate corporate governance as a means of improving compliance while saving time and resources. ⇛ You would like to gain a competitive advantage, in both brand value and reputation.

5 https://www. skyhighnetworks

6

7 Review of Symantec DLP https://www.youtube.com/watch?v=KIE1phfjiic
Each employee has a username (most likely synced Active Directory) Program/Agents on your company’s computer that scan for keywords Policy updates can be immediately executed. And last (month’s, year’s, quarter’s) policy can also be executed DLP reports can be filed, saved, and sent to the Security Team engineers to analysis Can be used on multiple formats (doc, docx, xlsx, pdf, ost) even in-browser application

8 DLP Policy Management - Human Side
Enact shredding a policy to all sensitive information Create training course to educate employees on what is and not confidential Use tools like Wombat for surprise inspections

9 Legal The use of DLP system does not contradict any data protection regulations, especially when it comes to insensitive personal data. All work-related communications can also be monitored based on the statement that all employees act on behalf and as a representative of their employer. Employees will need to be aware of the DLP program. Employee who intentionally violate company DLP regulation will need to be dealt with.

10 Current Events & Attacks
- Honda - Arby's - Intercontinental Hotels Group - Saks Fifth Avenue - U.S. Air Force - Over 60 universities and U.S. federal government organizations - Cellebrite - WannaCry Ransomware

11 Ways to Protect Yourself
Standard Measures: Install Firewalls Antivirus, IDS’s. Client Server Architecture plans. Advanced Measures: Machine Learning Temporal Reasoning Algorithms (AI thinks) Designated Systems Exact Data Matching Structured Data Fingerprinting Statistical Methods (Published lexicons and other methods)

12 Questions?

Download ppt "By: Dorian Lockhart Wilston Johnston"

Similar presentations

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
General Awareness Training

General Awareness Training
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Security considerations for mobile devices in GoRTT

Security considerations for mobile devices in GoRTT
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Similar presentations

Ads by Google