Archive - November 2000
Preventing the data breach: A dozen steps to protect against data loss
Losing data can be tremendously devastating to a company. It could compromise security, information, and jobs. Today, we will look at twelve actions that a company can take to mitigate the risks of a data breach. These twelve steps, performing a risk analysis, asset identification and classification, attention to detail, encryption, social networking, compliance, management of personnel, least privilege, solution diversity, tracking mobile devices, data destruction and testing are essential to helping a company’s security program.
Security and Compliance Synergies with DLP and SIEM
Data Loss Prevention (DLP) can greatly help organizations understand and control the data that is used, stored and transmitted and it is seeing increasing use in PCI-DSS compliance. Another technology, Security Information and Event Management (SIEM), collects and analyzes data in real time from multiple sources including server logs, network devices, firewalls and intrusion detection systems. In this article, we will enumerate how the combination of SIEM and DLP can improve the security and compliance of a corporation. Taken together SIEM and DLP can work so that data flow within a corporation is transparent, therefore, affording more control to the corporation and less ability to misuse that information.
Understanding Data Loss Prevention (DLP)
Eric Vanderburg
Data Loss Prevention (DLP) is one of those terms that is often mentioned but less often defined. The term can be as ambiguous as its scope which can be both large and small. So what is DLP and why does it matter?
Data Loss Prevention (DLP) is an effort to reduce the risk of sensitive data being exposed to unauthorized persons. Data is extremely valuable to organizations. Just think of trade secrets, financial information, research data, health information, personal information, source code or credit card numbers and you begin to understand both the value this data holds for the organization and the threat its unauthorized disclosure would have on a company. Data loss prevention focuses on this threat by enacting controls to limit access and distribution of data. DLP still establishes controls to restrict outsiders but it has a major focus on controlling the usage of data within the organization.
