Hi All,
As I am working on DLP since long almost more then 4 years which includes different role right from planing, implementation,Administration,incident management and consulting. Below best practices is consolidated from various sources like Symantec etc
Successful DLP program required below 5 attributes
DLP Data Governance Framework
- Below are some of the best practices that should be adopted in order to have a successful pre and post DLP deployment.
- While choosing a DLP product, organizations should check whether the DLP product supports the data formats in which data is stored in their environment.
- After choosing a DLP product, DLP implementation should start with a minimal base to handle false positives and the base should be increasing with more identification of critical or sensitive data.
- DLP operations should be effective in triaging to eliminate false positives and fine tuning of DLP policies.
- A regular updating of risk profiles and a thorough documentation of the DLP incidents.
- A proper DLP Discovery tool will accurately locate unencrypted PCI wherever it resides, DLP processes guide users to automatically encrypt the information, remove the information or other remediation according to the defined policies of the organization
- Continuous DLP Discovery scanning may be applied at desired frequency or on demand to audit security status and maintain awareness of PCI data locations. DLP Endpoint will control the copying of unencrypted PCI on connected devices.
- Identify potential places where PCI information might leak. For most organizations it is recommended to inspect the following channels:
- Email – Consider all out bound email traffic including attachments.
- Web traffic – Gmail, and other web mail providers, Facebook and other social media sites should be monitored
- Other protocols – In particular unencrypted communications should not be crossing the organizational firewall without first identifying the information
- Data storage – Identify and categorize the information on all storage under control of the organization, including file servers, file shares, SAN, SharePoint servers, user home directories, workstations and laptops in order to determine the assets requiring review and inspection.
- USB, DVD – Consider workstations that allow USB m ass storage or DVD burning and any devices that can be physically disconnected and carried away.
- Scan data stores for PCI information. Once assets have been determined, identify any potential regulated or sensitive information on that information asset.
- Apply controls. Repeat these steps until a satisfactory level of understanding is developed in the form of a map to the protected information and appropriate controls are in place and understood by the stakeholders and system users.
- Best practices which can be implemented as per organization culture and policy
- Identify and classify the data
- Provide view only access
- Implement data management life cycle
- Do not allow unauthorized devices in your network
- Do not permit copying for sensitive data onto Removable media
- Improve authorization and access control measure
- Understand the flow of data in your network
- Understand your policies and create awareness
- Audit your own compliance
- Blocking wireless communication
- Making all USB removable storage read-only except authorized devices
- Blocking files containing personal identity information
- Disabling all CD/DVD burners from writing
- If policies matured then start blocking one by one policy