Daa Proeio ad Privay- Tehologies i Fous Rashmi Chadrashekar, Aeure
Sesiive Creai Daa Lifeyle o Busiess sesiive daa proeio is o a sigle eve. Adequae proeio o mus be provided appropriaely hroughou Mai he daa lifeyle. Disri Desr a d Colle How is sesiive i daa olleed or reaed? o Type ose reeived from usomer for olleed daa Who is he daa ower? Reeio period defied? Purpose of sorage defied? Is daa lassified? e a e Who a modify? Where is i sored? Is here a periodial review proess i plae o ideify ew daa asse ha oais sesiive daa? Is here a periodial proess i plae o assess sesiive daa auray Who a read, pri, forward e? Ca I revoke aess afer disribuio? Is aess o privae daa, moiored ad logged? Are here lear poliies? Are hey efored? Is all upsream ad dowsream sesiive daa flow learly doumeed? How a busiess sesiive daa be seured from reaio o desruio? b u i o Ree i ad A r h How log is he i daa aessible? v a Where are he l arhives sored? Is aess o he arhives proeed? u i o Is here a proess i plae o delee expired daa i a safe maer? Is here a proess i plae o safely desru hose medias ha oai sesiive daa? 2
Trasiioal elemes of daa DLP Capabiliies Daa-i-Use Daa-i-Moio (Nework) Daa-a-Res (Disovery) Edpoi Abiliy o preve privae, sesiive ad ofideial iformaio from beig released via email, isa messagig, peer-o-peer eworks, e. Abiliy o passively moior ad aler for aemps o disribue iformaio for he purposes of reaig a audi rail. Abiliy o quikly loae privae, sesiive ad ofideial iformaio aross ework devies. Abiliy o quikly assess urre ompliae wih laws ad regulaios for he safeguardig of sesiive ad ofideial iformaio. Abiliy o quikly ideify ad pah exisig proess flaws. Abiliy o loae sored sai privae, sesiive ad ofideial iformaio aross eerprise sorage ompoes. Abiliy o assess sruured ad/or usruured daa. This iludes iegraio wih doume maageme sysems ad basi edpoi ages wihou rue oe aalysis apabiliies. Abiliy o regulae he use of removable media o a edpoi. Abiliy o query ad loae sored sesiive files. Abiliy o provide real ime moiorig of daa i use by ed users. Implemeaio Cosideraios Number ad omplexiy of ed-pois Regulaory ad ompliae requiremes Real-ime reporig requiremes Complexiy of exisig ifrasruure 3
Effeive Daa Proeio Framework Uilize idusry daa loss preveio sadards, priiples, ad frameworks o develop risk miigaig aiviies ha arges people, proesses, ehologies for osideraio by eerprises seekig o improve sesiive iformaio proeio. Key Corols Aess Corols Daa Corols Maageme Corols Iformaio Proeio Corol Objeives People Proess Tehology Leas privileged aess o sesiive iformaio. Regular user erifiaio for sesiive iformaio aess. Defie legiimae busiess requiremes for aess o sesiive iformaio. Sesiive iformaio aouabiliy ad owership is well defied Esablish ed user iformaio seuriy awareess program. Moior ed user ompliae o he iformaio seuriy poliies ad proedures. Provisioig ad de-provisioig proess for sesiive iformaio aess. Aess o sesiive iformaio i aordae o usomer oifiaio. Iformaio is properly lassified aordig o daa lassifiaio sadard. Esablish iformaio hadlig ad olleio proedures i aordae o daa lassifiaio sadard. Codu regular risk assessme o assess iformaio proeio orols effeiveess. Regularly moiorig regulaory ompliae requiremes. Appliaio aess orols exis o resri aess o sesiive iformaio. Tehology ifrasruure apable o suppor aess orol requiremes. Sesiive iformaio i oproduio evirome should have same produio aess orols. Daa is sored i aordae wih regulaios, ad ompay poliy o eable rerieval whe eeded. Appropriae appliaio ad sysems logs is reaied ad available for foresi researh. Maageme of Appliaio ad ifrasruure mees iformaio proeio requiremes. FTC Daa Seuriy Priiples GAPP CobiT 4.0 ISO 17799:2005 Idusry Frameworks ad Sadards PCI Daa Seuriy Sadard 4
Daa Privay ad Proeio Soluio effeiveess Capabiliy Cosideraios Whe evaluaig he effeiveess of a Daa proeio soluio, osider he apabiliies of five ore Daa proeio ompoes: Poliy Eforeme, Nework, Disovery, Edpoi, ad he Coe Aalysis. 1 Poliy Eforeme Aess Corol Aepable Use Daa Reeio Regulaory Compliae Digial Righs Maageme 2 Nework (Daa-i-Moio) Coe Filerig Por maageme Passive moiorig 3 Disovery (Daa-a-Res) Remoe Saig Age Saig Memory Reside Age Saig Moiorig ad Alerig 4 Edpoi File Sysem Eforeme Updae Maageme Iide Maageme 5 Coe Aalysis Rule-based Expressio Proeio Caegories Daabase Figerpriig File Mahig Doume Mahig Saisial Mahig 5
Daa Proeio Corols Mappig Tehology o Daa Proeio Corols Tehology Soluios Daa Corols Aess Corols Nework, Ifrasruure, Physial ad Sorage Seuriy Audi ad Moiorig Risk Assessme 6