Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/20/2018
04:35 PM
Dark Reading
Dark Reading
Products and Releases
100%
0%

Information Security Forum Releases Data Leakage Prevention Digest

The Information Security Forum (ISF), the trusted source that senior security professionals and board members turn to for strategic and practical guidance on information security and risk management, today announced the release of Data Leakage Prevention, the organizations latest digest written for individuals looking to implement a successful Data Leakage Prevention (DLP) program. Based on the experience of ISF members, this paper provides guidance to optimize a DLP deployment, describes the ten key attributes of a successful program and emphasizes that focusing on technology alone will likely lead to the relegation of DLP tools to shelf-ware.

The increasing adoption of collaboration platforms, cloud services and social media, which are often accessed using personal devices, has introduced a host of new ways for sensitive data to leak. Well-intentioned and rogue employees alike can now share data with greater ease. This only serves to magnify the risk of disclosing data to unauthorized entities. Preventing the leakage of data is a concern that every organization will continue to cope with, and in today’s era of mobile working and cloud computing, data is more vulnerable to leaking. The consequences of disclosing data to unauthorized entities are more striking than ever before – in part due to more stringent regulatory requirements. By implementing a DLP program, organizations can significantly reduce the risk of data leakage.

“DLP has gained in popularity as organizations recognize the importance of adopting a data-centric approach to security,” said Steve Durbin, Managing Director of the Information Security Forum. “To fully realize the benefits that DLP can deliver, organizations need to take a structured and systematic approach to implementation that extends beyond simply installing DLP tools and technology. Our latest digest will help organizations to prepare, implement and maintain a DLP program, which achieves objectives and demonstrates risk reduction.”

As data breaches continue to make headlines with costly consequences, organizations are realizing the importance of taking a systematic, structured approach to detect and prevent the leakage of sensitive data. ISF members have reported that they are now achieving success with DLP technology when it is deployed as part of a dedicated DLP program. However, DLP tools alone cannot prevent the leakage of all types of sensitive data across every possible channel.

According to the ISF, the most effective way of implementing DLP is to adopt a formal program supported by the right blend of people, process and technology. ISF members have identified ten key attributes of a successful DLP program, and these attributes can be grouped into three phases of deploying a DLP program: governance, preparation and implementation.

Governance

  • Obtain executive support
  • Define DLP program objectives
  • Assign roles and responsibilities

Preparation

  • Involve business stakeholders
  • Prioritize what data to protect
  • Select DLP tools
  • Integrate DLP tools into existing environment

Implementation

  • Improve security awareness of data leakage
  • Determine how to respond to policy violations
  • Deploy DLP incrementally

“A prerequisite of a successful DLP program is support from executive management and ongoing collaboration with business representatives,” continued Durbin. “By implementing a comprehensive DLP program that encompasses awareness training, tools, supporting technologies and other security controls, organizations can compensate for weaknesses in DLP technology and proactively manage the risk. By deploying DLP technology, organizations can be more vigilant in protecting data whilst ensuring that the right people have the right access to the right data at the right time.”

Data Leakage Prevention is available now to ISF Member companies via the ISF website.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
RDP Bug Takes New Approach to Host Compromise
Kelly Sheridan, Staff Editor, Dark Reading,  7/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14248
PUBLISHED: 2019-07-24
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
CVE-2019-14249
PUBLISHED: 2019-07-24
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.
CVE-2019-14250
PUBLISHED: 2019-07-24
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2019-14247
PUBLISHED: 2019-07-24
The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file.
CVE-2019-2873
PUBLISHED: 2019-07-23
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...