Here are some Tips To Evaluate Your Readiness Before Implementing Data Loss Prevention (DLP) Solution:
Your organization have developed appropriate policy to govern the use of Data Loss Prevention (DLP) solution To draw true value from any DLP deployment an organization must first come up with a Data Loss Prevention specific policy to start with. The policy should clearly talk about the goals and objectives of Data Loss Prevention (DLP) deployment, identify and allocate resources for it and talk about the roles and responsibilities of stakeholders for effective governance of the same
You can define the data to be protected in your Data Loss Prevention (DLP) Solution It is very important to know what is to be protected. You have to be very meticulous in defining what constitute sensitive data. You can look at the regulatory requirement that your organization must comply with or/and refer to the various Industry standards to find out.
You have conducted risk assessment to identify the applications, people, processes, systems and protocols that deals with the sensitive data Once you have defined what is to be protected, next step is to find out who to protect it from? And how to protect it? Risk assessment can help you answer these questions. Identify all the key applications that processes that data, the system on which it resides, the network devices through it passes, the protocols that is uses, the people who uses it etc. Unless this is in place, your Data Loss Prevention (DLP) Solution cannot function properly.
You have designed workflow to handle policy violations and data breaches Incidence response workflow must be designed to tackle any data breaches. Flow-chart can be developed identifying steps to take to isolate the incident, people to notify immediately, and methods for the preservation of evidence for forensics. The entire process must be tested by conducting drills at regular intervals. A Data Loss Prevention (DLP) solution can only function with proper policy definition and violation test cases.
Your organization has clearly defined roles and responsibilities for each employee, including privileged users Clearly define the roles and responsibility for each employee. Identifying who is the owner of data? Who is the custodian of data? Who is the user of data? The answer to these questions will help you in assigning privileges to users on data. If your Data Loss Prevention (DLP) Solution doesn't have proper privileges, the wrong access will never raise flags.
(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue
(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue