Security Basics mailing list archives
Re: Data Theft
From: Dennis Li <dennis.li.sh () gmail com>
Date: Wed, 26 May 2010 09:48:14 +0800
Hi, The full solution would be the following steps, you shall consider the management and tool both to mitigate the risk: 1. Identify what information is sensitive to your company and classify them; 2. assign responsiblities to the owner, custodian and user of the information. The example of owner's responsibilities as below: a. define the classification of the information b. define who can access those information by default c. define the application and approval procedure if others want to access infomation d. define the delivery, retention and storage requirement for those classified information. 3. And CEO/CIO shall assign the sercurity officer to be responsible for defining security pollicies, conduct security audit regularly 4. Define the access control policies based on the clause b in section 2 mentioned above. 5. Find a proper DLP tool to deploy. The best commercial tool is Symantec DLP, the best one based Garner magic quadrant (other tool vendor include EMC, Websense, RSA, etc). 6. Define the policies of the DLP tool based on the access control policy and access list generated during step 1 to 4. Please be aware, DLP tool is after-event prevention solution. It means, only somebody is trying to steal your information then DLP tool can identify, log, warn and prevent the action. The tool cannot prevent all leakage channels. The steps 1 - 4 are security policies to mitigate the risk prior to the case really happens by clarifying security responsibilities and access control policies. If you need more detailed information, don't hesitate to contact me. Dennis Li On Fri, May 21, 2010 at 3:17 PM, Sumeet Narula <sumeet.narula () gmail com> wrote:
we are looking for any software/firewall solution. which prevent the user(user is not under domain) from copying the data from PC/laptop to Pen drive/mail the data as an attachment. actually our main concern is to prevent the data theft from our office PCs(suggest if you have some other other solution). we require this for at least 5-10 PCs.--------- ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- A German court now requires you secure our private Wi-Fi network or you can be fined. Michael Painter (May 16)
- Re: A German court now requires you secure our private Wi-Fi network or you can be fined. Lothar Kimmeringer (May 17)
- Data Theft Sumeet Narula (May 25)
- Re: Data Theft Ansgar Wiechers (May 25)
- RE: Data Theft Antti.Laatikainen (May 25)
- RE: Data Theft Alexander Klimov (May 26)
- Re: Data Theft Todd Haverkos (May 25)
- RE: Data Theft Sumeet Narula (May 26)
- Data Theft Sumeet Narula (May 25)
- Re: Data Theft Lal Kumar (May 26)
- Re: Data Theft Adrian J Milanoski (May 26)
- Re: Data Theft Dennis Li (May 26)
- RE: Data Theft Sumeet Narula (May 26)
- Re: Data Theft John Morrison (May 27)
- Re: A German court now requires you secure our private Wi-Fi network or you can be fined. Lothar Kimmeringer (May 17)