Security Basics mailing list archives
RE: When , where, how?
From: "Mark Brunner" <kohi10 () rogers com>
Date: Thu, 26 May 2011 16:37:55 -0400
Dude, In my opinion, EVERY business needs a DLP strategy and solution. It can be homegrown, it can be freeware, it can be commercial. You are talking about identifying and protecting critical, private and confidential data from being stolen. That is a no-brainer, and is at the very heart of information security. If you are not taking steps to protect that information, you are doomed. The need depends on the connectivity available and the technology used, not location, culture, or even legislation. Survival is the driver, or soon will be. If your company connects to the Internet to share and collect email, you need a DLP solution that manages that connectivity. If your company uses Instant Messaging, you need a DLP solution that handles that. If you provide FTP services, you need to address that. Whatever methods and services the company uses to connect and share information with others needs to be considered and addressed. Addressing them may entail stopping their use, monitoring and reporting their use, restricting their use through policy and monitoring, filtering with technology, or other means. How to implement the solution? Well, to answer that would take a book. Or several, because not every solution is the same, and not every implementation is the same. Best advice that I can offer for implementation would be stage it. Do it in phases. Pilot it first with a medium sized group, and put it into monitoring only mode. This will aid in identifying your baseline, what is "normal", and what is in need of investigation. Like an IDS/IPS solution, this is a disruptive technology that is _initially_ prone to error, both false-positive and false-negative. It will need to be tuned and maintained regularly. Once you understand what is being sent, where, and by whom, you can start modifying the rule-set and tightening up your classifications. Gaining buy-in, identifying data owners, working with other departments, that is what a good consultant does as part of your project. That sort of intell never comes free, and if it does, it is suspect. In this economic climate, you need to support your local businesses, and start bringing in the expertise that you dont have. Make certain that Knowledge Transfer is written into the engagement contract, and DON'T let the PM or Consultant nibble away at the time allotted to this part. It is how you will learn to tweak, adjust and manage the new infrastructure devices that you will be introducing to the environment. Just my 2¢, collect the whole dollar! Mark B Information Security Manager & IT Consultant Greater Toronto Area, Ontario Canada My Blog http://kohi10.wordpress.com/ CONFIDENTIALITY NOTICE: This e-mail and any attached documents may contain confidential or legally privileged information that is intended only for the named recipient(s). Delivery of this message to any person other than the intended recipient(s) is not intended in any way to waive privilege or confidentiality. Unauthorized use, dissemination or copying is prohibited. If you have received this communication in error, please notify the sender and destroy all copies of this e-mail. Thank you for your cooperation. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of a bv Sent: Thursday, May 26, 2011 3:18 AM To: security-basics () securityfocus com Subject: DLP: When , where, how? Hi, I would like to have your opinion about when/which organizations need a DLP solution? How the need depends on organizations work area, country,region or culture ? How to implement the solution and handle the data classification and coorperate with data owners, business departments. Regards ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- DLP: When , where, how? a bv (May 26)
- Re: DLP: When , where, how? Valin, Christian (May 26)
- How do I remove this from my list? Wright, Shawn E. IT3 (May 26)
- Re: How do I remove this from my list? Archangel Amael (May 26)
- Re: How do I remove this from my list? Matthew Caron (May 26)
- How do I remove this from my list? Wright, Shawn E. IT3 (May 26)
- RE: When , where, how? David Gillett (May 26)
- RE: When , where, how? Mark Brunner (May 26)
- RE: When , where, how? Shane Anglin (May 27)
- RE: When , where, how? Omar Salvador Alcalá Ruiz (May 31)
- RE: When , where, how? Shane Anglin (May 27)
- Re: DLP: When , where, how? Valin, Christian (May 26)