Data Loss Prevention (DLP) Strategies for ISMS


Image :Somansa


A data loss is considered a major disaster against cyber security risk management, where organisations require implementing controls to  detect and prevent data breaches, exfiltration, or destruction of sensitive data.

A data loss can occur at your server, network, cloud, end points, mobiles as well as manual forms, hence require physical, technical and administrative controls.

Data Loss Prevention (DLP) aims to enable mitigation measures to protect and secure your data complying to data protection regulations. 

The DLP refers to prevention of data losses and data leakages which may be caused by  ransomware, insider or other application, database or network attacks. The aim of DLP is to prevent unauthorized dara transfers outside organization.

DLP help organisations to protect 
  • Personally Identifiable Information (PII) 
  • Intellectual Property 
  • Achieve data visibility
  • Secure mobile workforce and enforce BYOD security
  • Cloud systems

Data leaks can happen due to following causes. 
Malicious insider threats :
An insider  compromising a privileged user account, abuses the  permissions to transfer sensitive data outside the organization.

Extrusion by attackers : 
An attacker penetrating the security perimeter uses  phishing, malware or code injection etc to gain access to sensitive data.

Unintentional data exposure :
An act of negligence by an employee cases public access to  sensitive data. 

Data Leakage Prevention can use security tools such as Intrusion Detection System (IDS), which alerts security team on attempts to access sensitive data. Antivirus software help protect against ransomware. Firewalls help blocking of external access to sensitive systems.

Security Operations Centers (SOCs) use Security Information and Event (SIEM) system to detect potential data leaks.

DLP strategies 
  • Data classification to determine sensitivity and applying rules of access.
  • Securing data at rest with access control, encryption and data retention policies
  • Securing data in motion by analyzing traffic to detect sensitive data transfers.
  • Securing endpoints to control data transfer between users and groups.
  • Securing data in use by monitoring and flagging unauthorized activities 
  • Data leak detection using tools like IDS, IPS, and SIEM
  • DLP and File Security Solutions to monitor access to all sensitive files 
  • Alerting and automatically blocking of actions that violate DLP policies.
  • Detecting abnormal or suspicious user behavior using machine learning
  • Detecting and Mitigating Ransomware attacksby blocking file access patterns.
  • Data access and file operations auditing and investigation for compliance 


Comments

Popular posts from this blog

The 7 Layers of Cyber Security : Attacks on OSI model

Best Practices for secure Software Development

ISO 27001 ISMS in a Nutshell