Data Leakage Prevention
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
10 hours 37 minutes
everyone. Welcome to the S S c P exam Prep Siri's I'm your host, Peter Simple Bloom This is the lesson five in the second domain.
So far in the second domain, we've looked at the code of ethics, which is the recommended behavior often SSC keep practitioner. We've looked at the C I A Triad, which is the main foundation of cybersecurity. We've looked at building security architectures, designing secure frameworks in which we can build different systems
and how to control those security architectures using managerial,
technical and operational controls.
We've looked at system security plans. We've looked at secure development and life's like black positions, which means building code in a very secure and safe manner.
We've looked at assistant of system vulnerabilities and secure development, which is how using secure development can reduce system vulnerabilities.
And we've looked at data. How did manage it, keep its state, how to use it for our purposes and how to dispose of it when we're done with it.
This lesson we will be looking at data weekend prevented prevention specifically what DLP is how do to use it using different strategies
and different types of operational, technical and managerial controls to use within DLP.
Let's get started.
So what the heck is the lt
they link? And prevention is the concept or practice of preventing data from being leaked to the outside world. So being prevented data from
leaking out off the organization, it maintains the integrity of the data.
They're going to kinds of DLP strategies when trying to prevent data leakage. The first is the prevention of data to mobile devices or host based components, and the second is to prevent the leakage of data through the Internet or email, otherwise known as network based.
Both the strategies
look at different functions, which include David Discovery
content detection in monitoring, prevention or blocking,
all effective data leakage. Prevention strategies include
both of these functions.
Let's look at that a little bit more closely.
The first step in any data leakage prevention strategy is the process of day to discovery.
This is where people go through different files and data bases across the network to Loki sensitive data. You can't protect your sense of data if you don't know where it is, so it's important to know exactly where it is. And once you know where it is.
You can design additional safeguards,
such as policies or access control message mechanisms or something of that nature to protect your data.
The second step is to label the sensitive data, give it a tag number or some sort of identify, so you can properly monitor it as a data gets moved from Point A to point B on the network.
Once this is done, it's important to create a policy
which specifies, Have this content monitoring, and the usage of this data can be applied and where this In this policy, you can define rules for copying or transmitting that data.
Typically using a combination of Prue defined labels, keywords and regular expression.
The next step is content detection and monitoring.
This is looking at the data as it travels through the network and out of the network through any animal perimeter gateway device.
So if the date is leaving the network or the host computer to go on a USB or to another network, you wanna take it. Take a serious deep look,
especially all the way down the packet level, to determine
what's going on with this data, and why's it going or coming in.
this is the transfer of data is in violation of the policy, which we created a couple steps above. You definitely want to prevent or block this data from happening.
Once this prevention or blocking occurs, you want to report the violation off the data policy and keep an eye out on in case this is trying again
that you want in the report, you want to show what policy was violated.
The source. I p for this policy and the logging account under which the violation heard
technical controls. We have looked at this before because a quick re fresh remember technical controls our controls that the computer system execute
these controls provide order, be in protection from any unauthorized use or misuse.
Following categories use technical controls, identification and authentication,
logical access controls,
public access controls
and order trends.
Let's look at these a little bit. Mork Loose,
regardless of who accesses, the system is important for the SS IKI practitioner to be aware of the identification and authentication security controls which are used to filter in people who are allowed and two block people who are not allowed
from accessing the system
so authentication control mechanisms and how to control changes should be documented in this section.
If passwords are the authentication message mechanism, then pass for actions need to be defined.
This is things like your having your past would be a certain amount of characters or having your password to be
one uppercase, one lover case, one number or one symbol
or not using any word that is associated with your first or last name.
Basic policy policies on passwords need to be defined in the identification and authentication mechanism.
Policies for bypassing the authentication should be provided.
So if someone needs to get around the authentication mechanism either through a back door or some type of maintenance hook, there should be a standard off steps a person could take and the minute administrator should take in order to get around the system.
There should be a number off invalid access attempts, so
you type in the wrong password three times in a row.
Then you should be locked out for 10 or 15 minutes.
There should be procedures for key management,
really document documentation for the distribution, storage, entry and disposal off different keys and encryption and decryption keys,
and the last part is how biometric and toting controls are to be used and implemented throughout the system.
Logical access controls these controls. Authorize or restrict the activities of users.
A logical access Controls
should include the discussion off hardware and software features that Onley permit authorized access to the system.
Topics and logical access controls. Or the granting off access rights and privileges, which is authorization. What a user can do once they have been authenticated
temporal restrictions only being able to access things
during certain times of the day
for unauthorized people in actions. So this is any kind of technical control in I. D. S. I. D. P s. Things will talk about a little bit later.
Timeout, period. So if you get the wrong password for
so many times in a row, then you get locked out of the system for a time.
E encryption off sensitive files in order to protect the integrity of the data that's in there.
House separation of duties isn't forced. Where two people
cannot do two different parts of the same task
and have often access control lists are reviewed. I think it's important to review access control list
on a regular basis in order to keep them updated and have them to be as effective as possible. The last topic is the regulation of the delegation off access permission.
Who can give access permissions to who they're always must be somebody checking somebody
public access controls.
If the general public has access to the system, there should be different topics which describe or detail what the general public can do and what they can't. These kinds of topics are information classifications. What data is considered to be public knowledge and what data is considered to be
private or confidential or even mint secret.
You should be forms of identification and authentication. If everyone in the public should have
present themselves as somebody to the system, and then that must be proven through one of the authentication mechanisms, which we talked about in domain one.
There should be limitations on read or write privileges,
what a person can read or what they could modify or delete.
There should be a separation, a very distinct separation of public and private systems.
Public system should be for general
access, while private systems should be four
organizations. People of a specific group,
things like that.
Order trails and user confidentiality. There must always be a trail. Everything everybody does,
no matter what. In case they do something they're not supposed to do, The order trail can be followed
and requirements for system and a data availability
will. This is the be up 90% of the time 99% of the time, 100% of the ton. What are the requirements for this
Regardless of who is able to access the system,
the S S C P practitioner should be able to describe any security controls that are used to protect the system's integrity.
Topics for audit trails include things like
on it trail reviews,
how often they are reviewed by whom under what conditions.
This is where audit trails are looked over by people to ensure that
all the systems and the controls and the access control mechanisms are all working
tracing user actions
to the actions of the user. Are they in line with the policies and procedures for any system
safeguards to protect user privacy and personal information
during audit trail reviews. So this is to protect the confidentiality integrity of user data so certain things might be blocked out. War scrubbed such as Social Security numbers, birth places, passwords, that pen thing,
or appropriate information and intrusion
and the separation of duties are those who administer the access control function and those who administer the audit trail. Are they the same person, or are they different people?
operation patrols, as we've talked about before, our controls executed by people and the DLP
topics of operational controls are things such as the change management,
configuration, management and authorization.
These are all different aspects of operational controls, which we will be going over. Another lesson.
These controls focus that on the management of the computer security program and the management off risk through security policy.
What is the security policy? Security Policy is a formal written document
that sets expectations
for how security will be implemented in any organization
example of security policies of things like
email, removed, access
and encryption. Basically, they are a how to guide
to implementing and managing security and procedures.
In today's lecture, we discussed different types off daily good prevention. We've looked at the two types of the two most common types of systems that host based and network based. And we've also won't that technical, operational and managerial controls which enforced beta leakage prevention.
deal P strategies, use host and network components
the following functions except a policy creation.
Be data discovery.
See guidelines or D labeling.
If you pick see, then you are correct. Remember, functions include policy creation. Didn't discovery labeling while guidelines are simply just suggested best practices.
Thanks for watching guys. I really hope you learned a lot and I'll see you next time.