News
Information Security Forum Releases Data Leakage Prevention Digest
August 2018 by Information Security Forum
The Information Security Forum (ISF), the trusted
source that senior security professionals and board members turn to for strategic
and practical guidance on information security and risk management, today announced
the release of Data Leakage Prevention, the organizations latest digest written for
individuals looking to implement a successful Data Leakage Prevention (DLP) program.
Based on the experience of ISF members, this paper provides guidance to optimize a
DLP deployment, describes the ten key attributes of a successful program and
emphasizes that focusing on technology alone will likely lead to the relegation of
DLP tools to shelf-ware.
The increasing adoption of collaboration platforms, cloud services and social media,
which are often accessed using personal devices, has introduced a host of new ways
for sensitive data to leak. Well-intentioned and rogue employees alike can now share
data with greater ease. This only serves to magnify the risk of disclosing data to
unauthorized entities. Preventing the leakage of data is a concern that every
organization will continue to cope with, and in today’s era of mobile working and
cloud computing, data is more vulnerable to leaking. The consequences of disclosing
data to unauthorized entities are more striking than ever before - in part due to
more stringent regulatory requirements. By implementing a DLP program, organizations
can significantly reduce the risk of data leakage.
"DLP has gained in popularity as organizations recognize the importance of adopting
a data-centric approach to security," said Steve Durbin, Managing Director of the
Information Security Forum. "To fully realize the benefits that DLP can deliver,
organizations need to take a structured and systematic approach to implementation
that extends beyond simply installing DLP tools and technology. Our latest digest
will help organizations to prepare, implement and maintain a DLP program, which
achieves objectives and demonstrates risk reduction."
As data breaches continue to make headlines with costly consequences, organizations
are realizing the importance of taking a systematic, structured approach to detect
and prevent the leakage of sensitive data. ISF members have reported that they are
now achieving success with DLP technology when it is deployed as part of a dedicated
DLP program. However, DLP tools alone cannot prevent the leakage of all types of
sensitive data across every possible channel.
According to the ISF, the most effective way of implementing DLP is to adopt a
formal program supported by the right blend of people, process and technology. ISF
members have identified ten key attributes of a successful DLP program, and these
attributes can be grouped into three phases of deploying a DLP program: governance,
preparation and implementation.
Governance
* Obtain executive support
* Define DLP program objectives
* Assign roles and responsibilities
Preparation
* Involve business stakeholders
* Prioritize what data to protect
* Select DLP tools
* Integrate DLP tools into existing environment
Implementation
* Improve security awareness of data leakage
* Determine how to respond to policy violations
* Deploy DLP incrementally
"A prerequisite of a successful DLP program is support from executive management and
ongoing collaboration with business representatives," continued Durbin. "By
implementing a comprehensive DLP program that encompasses awareness training, tools,
supporting technologies and other security controls, organizations can compensate
for weaknesses in DLP technology and proactively manage the risk. By deploying DLP
technology, organizations can be more vigilant in protecting data whilst ensuring
that the right people have the right access to the right data at the right time."
Data Leakage Prevention is available now to ISF Member companies
