Chapter 15 - 04 - Discuss Data Loss Prevention Concepts - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82 Data Security Module Flow 01 Understand Data Security and its Importance 7:4. 02 Discuss Various Data ,,,4Security Controls g % 4 03 w Discuss Data Backup, Retention, and Destruction 04 v Copyright © by EC-Coumcll. Discuss Data Loss Prevention Concepts All Rights Reserved. Reproductionis Strictly Prohibited. Discuss Data Loss Prevention Concepts The objective of this section is to explain the importance of data loss prevention (DLP) in data security. Module 15 Page 1912 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security What O is Data Loss Prevention? Data loss prevention (DLP) includes a set of software products and processes that do not allow users to send confidential corporate data outside the organization QO Itis used by organizations to: v' Discover sources of data leaks ¥v" Monitor the sources of data leakage v’ Protect organization assets and resources v Prevent accidental disclosure of sensitive information to unintended parties v" Manage resources with business rules, security policies, and software What D ata L oss P revention is Data Loss Prevention? Data loss prevention (DLP) includes a set of software products and processes that do not allow users to send confidential corporate data outside the organization. These software products help security professionals in controlling what data end users can transfer. DLP rules block the transfer of any confidential information across external networks. They control any unauthorized access to company information and prevent anyone from sending malicious programs to the organization. DLP software are implemented according to the organizational rules set by the management. This prevents accidental/malicious data leaks and losses. If an employee tries to forward or even upload company data on cloud storage or on a blog, the access will be denied by the system. A DLP policy is adopted by the management when internal threats to a company are detected. A DLP policy ensures that none of its employees send sensitive information outside the organization. New emerging DLP tools not only prevent the loss of data but also monitor and control irregular activities from occurring on the system. Different DLP products are available to help security professionals determine what data users can transfer. DLP products are also known as data leak prevention, information loss prevention, or extrusion prevention products. DLP is used by organizations to: = Discover sources of data leaks = Monitor the sources of data leakage = Protect organization assets and resources Module 15 Page 1913 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Data Security Exam 212-82 = Prevent accidental disclosure of sensitive information to unintended parties = Manage resources with business rules, security policies, and software Module 15 Page 1914 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Types of Data Loss Prevention (DLP) Solutions Endpoint DLP A solution that monitors and protects PC-based systems such as tablets, laptops, etc. It is used for preventing data leakage through clipboards, removable devices, and sharing applications Network DLP A solution that monitors, protects, and reports all data in transit It is installed at the “perimeter” of an organization’s network It helps the security professionals in scanning all data moving through the ports and protocols within the organization Storage DLP A solution that monitors and protects data at rest, that is, the data stored in an organization’s data center infrastructure such as file servers, SharePoint, and databases It identifies the location where sensitive information is stored and helps users in determining whether it is stored securely Types of Data Loss Prevention (DLP) Solutions There are various types of DLP solutions that function differently with the same objective, that is, to prevent data leakage. Endpoint DLP: Endpoint DLP is a such as tablets, laptops, etc. It is removable devices, and sharing monitors specific user operations media devices, printing a file, etc. solution that monitors and protects PC-based systems used for preventing data leakage through clipboards, applications. The solution includes an agent that such as sending an email, copying a file to removable Endpoint DLP protects data in use. Network DLP: Network DLP is a solution that monitors, protects, and reports all data in transit. It is installed at the “perimeter” of an organization’s network. It helps the security professional in scanning all data moving through the ports and protocols within the organization. It may analyze email traffic, social media interactions, SSL traffic, instant messaging, etc. The solution maintains reports containing information such what data is used, who is using the data, and where the data is sent. Thus, it helps in controlling the flow of data over the organization's network and meets regulatory compliance. Data collected by a Network DLP is stored in a database for retrieval later. Storage DLP: Storage DLP is a solution that monitors and protects data at rest, that is, the data stored in an organization’s data center infrastructure such as file servers, SharePoint, and databases. It identifies the location where sensitive information is stored and helps users in determining whether it is stored securely. It allows authorized users to view and share sensitive files in the organization’s network. Module 15 Page 1915 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.