issa dlp presentation - oxford consulting group
DESCRIPTION
For many organizations, there is an unsettling reality that they do not have the adequate visibility over critical data assets within their environment. This is one of many factors that are driving companies to consider Data Loss Prevention (DLP) technologies. In this session, we’ll remove the typical fear, uncertainty and doubt spin surrounding this technology and focus on a holistic solution that leverages this technology to enable your business.TRANSCRIPT
![Page 1: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/1.jpg)
Data Loss Prevention Eliminate the Hype and Enable Your Business
Andrew Engelbert, CISSP, CISMIT Risk ManagementDelivery Services Manager
![Page 2: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/2.jpg)
Corporate Profile
Speaker Bio• Andrew Engelbert – Delivery Manager, IT Risk Management,
CISSP, CISM
• 12 years IT experience (7 years in Risk Management). Held various positions at health care, insurance, financial services and IT consulting organizations.
• Extensive knowledge and experience with both traditional and non-traditional programmatic and assessment methodologies, organizational and IT-based policies and procedures, security controls and current industry standards (ISO, PCI, HIPAA, GLBA, FACTA).
![Page 3: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/3.jpg)
Corporate Profile
Agenda
• Business Drivers
• DLP Problem Space
• Common Challenges
• People, Process and Policy
• Technology Solutions
• Fear, Uncertainty and Doubt
• Enable Your Business
![Page 4: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/4.jpg)
Business Drivers
![Page 5: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/5.jpg)
Corporate Profile
Business Drivers
• Regulatory, Customer or Business Partner requirement
• Proactive risk management initiative
– Increased data visibility
• Cost of doing business in today’s world
• Reaction to ‘potential’ data breach (Hopefully not!)
![Page 6: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/6.jpg)
DLP Problem Space
![Page 7: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/7.jpg)
Corporate Profile
DLP Problem Space
(int+ext)
Webmail,
blogs, etc.
IM/chat File sharing
Printouts
Risk areas
USB sticks CDs/DVDs iPods External
hard drives
Encrypted
content
Desktops Databases /
repositories
Mail archives File shares Document
management
systems
IN MOTION
(DIM)
AT REST
(DAR)
IN USE
(DIU)
DATA
Data types DLP approach
Network
Endpoint
Discovery
![Page 8: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/8.jpg)
Common Challenges
![Page 9: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/9.jpg)
Corporate Profile
Common Challenges
• Obtaining executive support
• Identifying what are data you trying to protect?
– Data at rest
– Data in transit
– Data in motion
• Understanding your threat landscape
– Business impact analysis
– Existing control points (prevent, detect, respond)
– Establish loss implications
![Page 10: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/10.jpg)
Corporate Profile
Common Challenges
• Data collection and analysis
– Volume of data to review can be overwhelming
– False positive research and analysis
• Employee education and awareness
• Undocumented policies and procedures
• Clearly defined roles and responsibilities
![Page 11: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/11.jpg)
People, Process and Policy
![Page 12: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/12.jpg)
Corporate Profile
People, Process and Policy
• Get the right people involved
– HR, Legal, InfoSec, LOB leadership, General Council
• Understand the scope of your solution
– Consider a phased approach (Monitor, Discover, Detect, Prevent)
• Open and honest communication
– Clear, concise, consistent, useful
![Page 13: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/13.jpg)
Corporate Profile
People, Process and Policy
• Education and awareness campaign
– Explain requirements and expectations from regulators, customers and business partners
– Cost of doing business in today’s world
– Identify a single point of contact for questions
![Page 14: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/14.jpg)
Corporate Profile
People, Process and Policy
• Business Interviews
– Identify stakeholders within each business unit
– Identify incident owners and points of contact for specific data classifications
– Capture and distribute specific regulatory requirements to impacted areas
![Page 15: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/15.jpg)
Corporate Profile
People, Process and Policy
• Collect and Review Data
– Target key data entry and exit points based on scope
– Minimum of 60 to 90 days
• Data Validation
– Elimination of False Positives
– Exact Data Matching & Indexing Capabilities
![Page 16: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/16.jpg)
Corporate Profile
People, Process and Policy
• Data Classification
– Identify classification criteria
– Identify data owners
– Review compliance requirements
• Incident Management
– Escalation criteria & processes
– Automation of incident responses
– Enable compliance triggers
![Page 17: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/17.jpg)
Corporate Profile
People, Process and Policy
• Data Use
• General Acceptable Use
• Business Partner Contracts
![Page 18: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/18.jpg)
Technology Solutions
![Page 19: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/19.jpg)
Corporate Profile
Technology Solutions
• The threat of a data breach can be significantly mitigated through the use of today’s DLP technology
• Data loss prevention solutions can provide a clear return on investment (ROI) and a manageable total cost of ownership (TCO).
![Page 20: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/20.jpg)
Corporate Profile
Technology Solutions
Technology Solutions
• Choose your approach
• Understand your needs before reviewing vendor products.
• Leverage risk modeling solutions and expertise from resources you trust.
• Find the product that addresses your particular needs.
• Don’t use band aids
![Page 22: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/22.jpg)
Corporate Profile
Technology Solutions
Vendor Areas of Focus:
• Endpoint (laptops/desktops)
• Data at Rest (file servers, archives, mail boxes)
• Data in Motion (email, web, IM, P2P)
• Encryption (whole disk encryption, or targeted data encryption)
• Content Filtering
• Monitor vs Blocking
![Page 23: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/23.jpg)
Fear, Uncertainty and Doubt
![Page 24: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/24.jpg)
Corporate Profile
Fear, Uncertainty and Doubt
• Data Loss Prevention technology is not the silver bullet.
• The “Whole” solution may not be required.
• Technology alone is not the answer.
• Multiple vendor solutions may be required.
![Page 25: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/25.jpg)
Enable Your Business
![Page 26: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/26.jpg)
Corporate Profile
Enable Your Business
• Leverage executive support
• Establish DLP strategies and objectives
• Educate and communicate
• Highlight relevant data loss examples and explain the potential impact
![Page 27: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/27.jpg)
Corporate Profile
Enable Your Business
• Proactive versus reactive incident management
• Increase your data visibility
• Implement a structured and repeatable DLP policy development and management process
• Prioritize findings and take action
![Page 28: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/28.jpg)
Corporate Profile
Enable Your Business
• Automated the incident response workflow process
• Clearly define roles and responsibilities
• Share results with executive management
![Page 29: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/29.jpg)
Corporate Profile
Summary
• Prepare, plan and execute your DLP strategy
• Leverage executive management support
• Communicate, communicate, communicate
• People, Process and Policy approach
• Align DLP technology with your goals and objectives
![Page 30: ISSA DLP Presentation - Oxford Consulting Group](https://reader033.vdocument.in/reader033/viewer/2022042614/5589134bd8b42a0b258b4733/html5/thumbnails/30.jpg)
Questions?
Thank You!