administration of data loss prevention services in higher education (166265853)

7/29/2019 Administration of Data Loss Prevention Services in Higher Education (166265853)

http://slidepdf.com/reader/full/administration-of-data-loss-prevention-services-in-higher-education-166265853 1/34

Mike ThompsonSystems and Network Security Analyst

The Pennsylvania State University

mot1@psu.edu

Kyle Crain Systems and Network Security Analyst

The Pennsylvania State University

kdc12@psu.edu

OV E RV I E

GeneralInformation

• Glossary

• PSU Overview

Planning Your Deployment

• Governance and Compliance

• Who's Responsible

• Training and Documentation

CompromiseInformation

• After A Compromise

• How DLP Comes Into Play

• DLP Effect on Compromised Machines

Summary

• Lessons Learned

• Key Points

• Historical Information

• Where we Started

• Balancing The Needs

• Define Your Scans

• Dealing With Difficult Areas

GENERAL INFORMATION

DO YOU CURRENTLY HAVE A DATA LOSS PREVENTI ON SOLUTION IN PLACE?

Yes, we are actively scanning/implementing a DLP solution

No, but we plan on implementing one

No, and we have no plans to implement

GL O S S A RY • Software that is installed on a computer;

either the client for Windows or MacClient

• A computer on which the DLP client hasbeen installed

Endpoint

• A collection of settings that defines theway scanning is performed

Policy

• Used generically to mean a campus,college, administrative area, department,or work unit

P S UDE

P L OY ME NT DE

T A I L S

Item Total

Penn State ~23,000

Commonwealth Campuses 24 (Includes a Hospital and Law School)

DLP Unit Contacts 300+

Administrative Roles 131

Registered Endpoints 21,000+

Centrally Managed Installations 1

Independent Installations 5

Highly Skilled Individuals Responsible

for Running Project2 (0, and 2 Imposters?)

DE P L OY ME NT A ND S U

P P ORT

Security Operations andServices

Unit IT Staff

End User

• Manage Project

• Maintain Infrastructure

• Train & Support Unit IT Staff • Maintain Policy Settings

• Create Documentation

• Generate Install Packages

• Train End Users

• Deploy Client Software

• Review Results• Define Scan Schedules

• Remediation of Data

HI S T ORI C A L

Why the Initial Product was Replaced

IT Staff Requested Reports; Parsed Data; Then Sent to End User

For Remediation

No Ability to Track Progress of Remediation

No Mac Client

Cumbersome to Define Exclusion Areas for False Positives

IT Staff Wanted Control in the Process

Initial DLPProductRollout

Late 2008

CurrentProductLicensed

January2010

Chose not toRenew

Late 2009

InitialProductDiscontinued

June 2010

CurrentProduct

Deployed

April 2010

NE E D S A S S E S S ME NT

Delegate Control of Process to Units

Mac Client

Direct remediation to Fall to the Data Owner

• Centrally Hosted Web Based Application• Scheduled Scan Frequency

• Sizable Subset of Computers that Were Not

Being Scanned

• Provides Visibility to Remediation Actions Taken (If Any)

Picture an

Apple logo sowe don’t get

PLANNING YOUR DEPLOYMENT

IF YOU HAVE DLP DEPLOYED, IS IT PART OF AN OFFICIAL POLICY?

G OV E RN

A N C E A ND C O

MP L I A N C E

College or Unit Level If Top Level is Not Feasible

DLP Policy Model Awareness Balance Training Resistance

Lives At Top Level of Organization

Integrated AndRespects Existing

Policies

Defines How to Scanand What To Scan Per

State and Federal

Outlines RemediationProcess and

Consequences for

Inaction

CentralDLP Policy

DE F I NE A M ODE L

Central

Campus A

Campus

CampusC

Campus A

CampusB

CampusC

Central Model

Distributed Model

Level of Involvement

Central vs. Distributed

Support Model

Infrastructure

DE F I NE A M ODE L

Auditing and Review

Reporting Structure

Who is Responsible For Remediation

End User IT Staff Other

DE F I NE A M ODE L

Week 1

• UnitContacts

Week 2

• EnterpriseSecurityManager

• CISO

Week 3

• VP – IT• Risk

Management

• Unit FO

Week 4

• Dean,Chancellor or

Administrator

• Internal Audit

Week 5

• CFO• Provost

PSU Reporting Structure

IN YOUR ENVIRONMENT, WHO IS BEST SUITED TO PERFORM PII REMEDIATI ON?

End User

IT Staff

Other (Privacy Group, etc.)

DE F I NE A M ODE L

What Do You Want to Scan?

End User

Machines

File Servers

E-Mail

CommonAreas of

Filesystem

ScanDomain

Controllers

Machines

Without

Profiles

LabEquipment

System FileAreas Within

Don’tScan

GE NE RA T E A WA RE NE S

Outreach and Awareness

Make the Project Known…

Personally IdentifiableNumber Chart

Document Shredder Program What’s the Virus On MyComputer

B A L A N C E

T HE NE E D S

Due Diligence

A Routine, Not a Burden

B A L A N C E

T HE NE E D S

Everyone's Responsibility

Executives

Faculty

T RA I NI N G

A NDD O C UM

E NT A T I ON

Articles

• PSU SpecificProcesses

• Technical Articles

End User

Training

Videos

• Mac Client

• Win Client

Unit IT

Training

• 3 Hour Basic

• 3 Hour Advanced

• Web Based Q&A

Provided

Support

Resources

DO YOU PLAN ON HAVING STRUCTURED USER TRAINING?

IT staff only

End users only

IT staff and end users

U S E RP R

I V A C Y C ON C E

Dealing with Pushback

Isolated Pockets of Acceptance vs. Resistance

Category Count

Total Downloads 350

Unique Downloads (Users) 205

Users on Latest Version 18

Number of Completed Registrations 6

Self Assessment Program: Data

DO YOU FORESEE OR HAVE EXPERIENCED POCKETS OF RES ISTANCE?

Yes, we anticipate from a few areas

Yes, widespread

No, our users will comply

COMPROMISE INFORMATION

C OMP R O

MI S E D C OMP U

T E RP R O C E S S

30 Day Rule

Carrot v Stick

Preserve

Data &Rebuild

ReportFindings

Scan Host

For PII

(30 DayRule)

Compromise

Detected

piedtype.com

DO YOU SCAN AS PART OF YOUR COMPROMISED COMPUTER PROCESS?

No, LOL

No, but that is a good idea

N OT I F I C A

T I ON C O S T S

Costs Associated with Each Compromise

Staff Resources To Perform

Notifications

“Damage To Reputation” Loss of Funding

Third Party Costs

C OMP R O

MI S E D C OMP U

T E R S T A T I S T I C S

Previous Tool

17% 16%

20%25%

45%50%

2009 2010 2011 2012

Percentage of Compromised Computers with PII by Year

SUMMARY

L E S S ON S

L E A RNE D

Assess Your Needs and Find the Right Product

Know Your Environment

Policies Need to be In Place Prior to Production

Hard to “Force” (proper) Remediation

Generate Awareness for Project

Otherwise, People Have No Idea What's Running

L E S S ON S

L E A RNE D

Define A Model

Support

Remediation

Support for IT Staff Is Ongoing

Takes Up 2 FTE’s Time and Then Some

Training and Documentation Are Not a Replacement

Need to Strike a Balance Between Business Needs and

Usability

If it’s a Hassle, Users Wont Comply

L E S S ON S

L E A RNE D

Plan For Resistance

Separate Process Should Be Last Resort

Integrate DLP Into Compromised Computer Process

THANK YOU!

QUESTIONS?

administration of data loss prevention services in higher education (166265853)

Documents

loss prevention - scannabar

loss prevention slides.pdf

administration of data loss prevention 15 study guide

agency of administration office of the chief performance ......

why loss prevention

loss prevention paradoxes loss prevention

active loss prevention initiative ian lloyd director of the...

directors and officers liability loss prevention - · pdf...

loss prevention for the college bookstore. presenter : chet...

loss prevention and reduction

pregnancy loss prevention

wheel loss prevention

data loss prevention 32883

data loss prevention

loss prevention services

loss prevention - events.nrf.com

dataloss data prevention loss -...

safety & loss prevention

loss prevention pdf

loss prevention manual - nau · 4 1.0 introduction 2.0 loss...