A comprehensive approach to implementing an information leak prevention system should include
Posted: Tue Feb 11, 2025 7:09 am
Information Security Officer - a role assigned to a specialist from the information security department who will configure and update data flow control rules, as well as conduct incident analysis.
Each of these roles can be represented by several specialists - it all depends on your human resources. It is also possible to combine roles, with the exception of the administrator - from the point of view of building a mature information security system, this role should always be allocated as an independent unit and all actions from under the super-user account should be subject to independent logging.
After determining the group of employees to whom these roles will be assigned, this decision must be recorded in a company order, indicating their duties and rights in the accompanying instructions.
Regardless of who is implementing DLP - the company itself or a counterparty - this group should be present on the project from its first day: it is the full immersion in the work that will eliminate many hong kong whatsapp data in support in the future.
identification of existing information flows;
identification of information types;
description of business processes indicating scenarios (channels) for leakage of such information, as well as creation of a model of the intruder;
creation and implementation of DLP policies for protecting confidential information depending on its type, presentation, owner, action and other parameters.
If the support group was formed at the last stage, when the contractor transferred the configured “turnkey” DLP into industrial operation, for further effective functioning of the system, the group’s specialists need to undergo training in working with DLP - both in terms of technical support and in fine-tuning and updating the rules.
Thus, at the start of maintenance of the leak prevention system, the group should have on hand:
a register of processes indicating those responsible for the process and a description of the life cycle of the information being protected;
register of protected objects;
register of subjects with access rights to objects - access matrix;
register of DLP configuration rules for each process or protected object.
As a rule, if the implementation is carried out by an external organization, then the rules in the DLP are configured for a limited number of processes for processing confidential information, which means that the support team will have to independently apply a comprehensive approach to the implementation and, having created rule cards for the remaining processes, fine-tune the DLP.
Each of these roles can be represented by several specialists - it all depends on your human resources. It is also possible to combine roles, with the exception of the administrator - from the point of view of building a mature information security system, this role should always be allocated as an independent unit and all actions from under the super-user account should be subject to independent logging.
After determining the group of employees to whom these roles will be assigned, this decision must be recorded in a company order, indicating their duties and rights in the accompanying instructions.
Regardless of who is implementing DLP - the company itself or a counterparty - this group should be present on the project from its first day: it is the full immersion in the work that will eliminate many hong kong whatsapp data in support in the future.
identification of existing information flows;
identification of information types;
description of business processes indicating scenarios (channels) for leakage of such information, as well as creation of a model of the intruder;
creation and implementation of DLP policies for protecting confidential information depending on its type, presentation, owner, action and other parameters.
If the support group was formed at the last stage, when the contractor transferred the configured “turnkey” DLP into industrial operation, for further effective functioning of the system, the group’s specialists need to undergo training in working with DLP - both in terms of technical support and in fine-tuning and updating the rules.
Thus, at the start of maintenance of the leak prevention system, the group should have on hand:
a register of processes indicating those responsible for the process and a description of the life cycle of the information being protected;
register of protected objects;
register of subjects with access rights to objects - access matrix;
register of DLP configuration rules for each process or protected object.
As a rule, if the implementation is carried out by an external organization, then the rules in the DLP are configured for a limited number of processes for processing confidential information, which means that the support team will have to independently apply a comprehensive approach to the implementation and, having created rule cards for the remaining processes, fine-tune the DLP.