1 / 15

DATA LOSS PREVENTION

DATA LOSS PREVENTION. Mr. Collins Oduor. Why this Session?. Enterprise Data Lifecycle. Data can be both an asset and a liability. As organisations grow, the volume and complexity of data required to support the

Download Presentation

DATA LOSS PREVENTION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. DATA LOSS PREVENTION Mr. Collins Oduor

  2. Why this Session?

  3. Enterprise Data Lifecycle Data can be both an asset and a liability. As organisations grow, the volume and complexity of data required to support the business increases. All organisations store sensitive data that their customers, business partners, shareholders and the Board expect them to protect against theft, loss and misuse.

  4. Data Loss Proliferation Data loss can be defined as the movement of an information asset from an intended state to an unintended, inappropriate or unauthorised state, representing a risk or a potentially negative impact to the organisation.

  5. DLP BASICS • WHAT: In short, DLP is a set of technology tools and processes that ensure sensitive data is not stolen or lost. • HOW: accidental (i.e. employee error) or malicious actions (i.e. cyber criminal breach) put your organization's data at risk. • WHO USES DLP: Large enterprises in the Fortune Global 500. Mid-size enterprises are implementing DLP Strategies

  6. Threat to data The type of threat data is exposed to: •Insider: disgruntled employee, ladder climber, petty ID thief, contractors, outsourcers, business partners/vendors, fraudsters • Outsider: spies and industry espionage, gangs, ideologists, cyber terrorists, scammers (e.g. phisher),social engineer, script kiddies

  7. The variables to take into account when calculating the cost of a data loss incident • Brand impact: - Media scrutiny • Loss of customers • Loss of business due to critical intellectual asset loss •Regulatory impact: • Independent audit fees • Regulatory fines • Financial impact: - Notification • Lost business • Response costs • Competitive disadvantage •Operational impact: - Diversion of employees from strategic initiatives to work on damage limitation - Need to implement comprehensive (additional) security solutions

  8. DLP Conceptual Model

  9. Enterprise Data Lifecycle • Data in use (i.e. ‘What is the agent doing with it?’): - Disgruntled employees copying files containing personal or confidential information to portable devices (e.g. flash drives) - Users printing sensitive data to equipment in common areas which can be accessed by others • Data in motion (i.e. ‘Where is the data going?’): - Users sending sensitive data to personal webmail accounts in order to work at home • Data at rest (i.e. ‘Where is sensitive data located?’): - Business users innocently placing personal information in insecure storage locations where access is not administered by IT

  10. Existing solutions - Areas

  11. Proposed Approach This approach integrates people, processes and technology. It allows DLP solutions to be aligned with business drivers and value.

  12. DLP Considerations • ThemostimportantconsiderationbeforeundertakingaDLPprojectistodetermineyourorganization’sprimarydataprotectionobjective. • Traditionally,organizationsadoptDLPtoachieveoneofthreeobjectives:

  13. Below are some key considerations that should be taken into account as a first step towards a successful DLP tool selection and subsequent implementation:

  14. Questions MPESA NUMBER : +254-719-871-954 @Coduor Collins.oduor2012@gmail.com

More Related