Chapter 15 - 04 - Discuss Data Loss Prevention Concepts - 01_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Data Security

Module Flow

01 4 03
Understand Data Security 5'44.
7:4. w7" Discuss Data Backup,
and its Importance Retention, and
Destruction

02
02 g./%%
0404
Discuss Various Data ,,,4-
,,,4. v Discuss Data Loss
Security Controls Prevention Concepts

Copyright ©© by EC-C
Copyright EC-Coumcll. cll. Al
All Rights
Rights Reserved.
Reserved. Reproduction
Reproductionis Strictly Prohibited
Prohibited.

Discuss Data Loss Prevention Concepts
The objective of this section is to explain the importance of data loss prevention (DLP) in data
security.

Module 15 Page 1912 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

What is Data Loss Prevention?

O Data loss prevention (DLP) includes a set of software products and
processes that do not allow users to send confidential corporate
data outside the organization

D ata
L oss
QO Itis used by organizations to:

v' Discover sources of data leaks

¥v" Monitor the sources of data leakage
P revention
v’ Protect organization assets and resources

v Prevent accidental disclosure of sensitive
information to unintended parties

v" Manage resources with business rules,
security policies, and software

What is Data Loss Prevention?

Data loss prevention (DLP) includes a set of software products and processes that do not allow
users to send confidential corporate data outside the organization. These software products
help security professionals in controlling what data end users can transfer. DLP rules block the
transfer of any confidential information across external networks. They control any
unauthorized access to company information and prevent anyone from sending malicious
programs to the organization.

DLP software are implemented according to the organizational rules set by the management.
This prevents accidental/malicious data leaks and losses. If an employee tries to forward or
even upload company data on cloud storage or on a blog, the access will be denied by the
system.

A DLP policy is adopted by the management when internal threats to a company are detected.
A DLP policy ensures that none of its employees send sensitive information outside the
organization. New emerging DLP tools not only prevent the loss of data but also monitor and
control irregular activities from occurring on the system.
Different DLP products are available to help security professionals determine what data users
can transfer. DLP products are also known as data leak prevention, information loss prevention,
or extrusion prevention products.
DLP is used by organizations to:

= Discover sources of data leaks
= Monitor the sources of data leakage

= Protect organization assets and resources

Module 15 Page 1913 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

= Prevent accidental disclosure of sensitive information to unintended parties
= Manage resources with business rules, security policies, and software

Module 15 Page 1914 EG-Council
Certified Cybersecurity Technician Copyright © by EG-Gounell
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

Types of Data Loss Prevention (DLP) Solutions
Endpoint DLP
A solution that monitors and protects PC-based systems such as tablets, laptops, etc.

It is used for preventing data leakage through clipboards, removable devices, and sharing applications

Network DLP
A solution that monitors, protects, and reports all data in transit

It is installed at the “perimeter” of an organization’s network

It helps the security professionals in scanning all data moving through the ports and protocols within the organization

Storage DLP
A solution that monitors and protects data at rest, that is, the data stored in an organization’s data center infrastructure
such as file servers, SharePoint, and databases

It identifies the location where sensitive information is stored and helps users in determining whether it is stored securely

Types of Data Loss Prevention (DLP) Solutions
There are various types of DLP solutions that function differently with the same objective, that
is, to prevent data leakage.
Endpoint DLP: Endpoint DLP is a solution that monitors and protects PC-based systems
such as tablets, laptops, etc. It is used for preventing data leakage through clipboards,
removable devices, and sharing applications. The solution includes an agent that
monitors specific user operations such as sending an email, copying a file to removable
media devices, printing a file, etc. Endpoint DLP protects data in use.

Network DLP: Network DLP is a solution that monitors, protects, and reports all data in
transit. It is installed at the “perimeter” of an organization’s network. It helps the
security professional in scanning all data moving through the ports and protocols within
the organization. It may analyze email traffic, social media interactions, SSL traffic,
instant messaging, etc. The solution maintains reports containing information such what
data is used, who is using the data, and where the data is sent. Thus, it helps in
controlling the flow of data over the organization's network and meets regulatory
compliance. Data collected by a Network DLP is stored in a database for retrieval later.

Storage DLP: Storage DLP is a solution that monitors and protects data at rest, that is,
the data stored in an organization’s data center infrastructure such as file servers,
SharePoint, and databases. It identifies the location where sensitive information is
stored and helps users in determining whether it is stored securely. It allows authorized
users to view and share sensitive files in the organization’s network.

Module 15 Page 1915 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.