Social Network For Security Executives: Network, Learn & Collaborate
Here are some Tips To Evaluate Your Readiness Before Implementing Data Loss Prevention (DLP) Solution:
To draw true value from any DLP deployment an organization must first come up with a Data Loss Prevention specific policy to start with. The policy should clearly talk about the goals and objectives of Data Loss Prevention (DLP) deployment, identify and allocate resources for it and talk about the roles and responsibilities of stakeholders for effective governance of the same
It is very important to know what is to be protected. You have to be very meticulous in defining what constitute sensitive data. You can look at the regulatory requirement that your organization must comply with or/and refer to the various Industry standards to find out.
Once you have defined what is to be protected, next step is to find out who to protect it from? And how to protect it? Risk assessment can help you answer these questions. Identify all the key applications that processes that data, the system on which it resides, the network devices through it passes, the protocols that is uses, the people who uses it etc. Unless this is in place, your Data Loss Prevention (DLP) Solution cannot function properly.
Read More:- 7 Tips For DLP Implementation
Incidence response workflow must be designed to tackle any data breaches. Flow-chart can be developed identifying steps to take to isolate the incident, people to notify immediately, and methods for the preservation of evidence for forensics. The entire process must be tested by conducting drills at regular intervals. A Data Loss Prevention (DLP) solution can only function with proper policy definition and violation test cases.
Clearly, define the roles and responsibility for each employee. Identifying who is the owner of data? Who is the custodian of data? Who is the user of data? The answer to these questions will help you in assigning privileges to users on data. If your Data Loss Prevention (DLP) Solution doesn’t have proper privileges, the wrong access will never raise flags.