Do you have the technologies aligned across your
organization to monitor and prevent the loss of confidential data?
Common challenges & issues:
- An inability to monitor and prevent employees from moving data over their personal hotmail, g-mail, or other web enabled email accounts.
- Prevent employees from copying confidential information to USB drives, CDs or portable hard drives.
- Monitor for insider trading, or the leak or M&A documents.
- Know if employees move information on CRM system to desktops.
- No method of monitoring if your outsourcing provider is moving your confidential data.
- How do I configure, integrate and optimize my DLP solution across my enterprise?
Data Loss Prevention (DLP) refers to information
technology systems that are designed to identify, and may be configured to
prevent, the unauthorized transmission of information from an organization's IT
systems to unauthorized users, usually outside of the company. It is also known
as information leak prevention, and content monitoring and filtering.
Data Loss Prevention vendors' technology products come with preconfigured templates corresponding to policy or regulatory violations. Key words corresponding to data elements, existing templates,or documents are searched for across the enterprise or business unit. The scanning may take place with data in motion, data at rest, or data at endpoint devices, depending on the selected product's capabilities. The result shows confidential data exposed on laptops and desktops, open file shares, servers, and databases, as well as inappropriately leaving the network by email, web mail, file transfers, instant messaging or other protocols selected. The violating user is clearly identified by name and the violating transfer, and depending on the configuration and product, the violating transfer can even be prevented from occurring.
How can we support you:
Milton Alexander reduces risk and uncertainty in DLP technology integrations by ensuring that the DLP technology is efficiently optimized across the enterprise, and meets all defined business requirements. This is accomplished through helping our clients define and capture requirements that solve their privacy and security business issues, yet meet their organizational design. DLP workflow and process development, integration with existing security processes and practices, integration with risk management processes and systems, and ensuring that the privacy and confidential information requirements are accurately mapped to business requirements and reporting. All processes are designed and tested that they meet customer business requirements, operate according to existing security and IT policy requirements, and achieve the required performance targets.
- Identify Data Loss Prevention business requirements.
- Data Loss Prevention and Content Monitoring technology selection.
- Conduct Privacy analysis evaluation for considerations such as the right to monitor, transfer of personal information, and map to controls by jurisdiction.
- Develop Business Processes: DLP Processes, Application Processes, and Integration Processes.
- Create business process mapping, with process control points.
- Technology workflow and user interface configuration to meet your organizations existing business processes.
- Compose/select data loss prevention policies and thresh hold levels.
- Mitigate the risk of data exposure and loss in the outsourcing relationship through the application of DLP technologies.
- Technical & business process testing against previously defined enterprise requirements and control points, including structured walk-throughs.
- Continuously tune DLP policies.
- Determine Key Performance Indicators.
- Establish Reporting Requirements.
- Integration DLP risk and remediation with KPIs and Balanced Scorecard initiatives.
- Integrate and manage technology, implementation and organizational change risks, utilizing the COGs risk management application and methodology.