Data Leakage Prevention - A Position to State-of-the-Art Capabilities and Remaining Risk
Barbara Hauer
2014
Abstract
Organizations from all around the world are facing a continuous increase of information exposure over the past decades. In order to overcome this thread, out of the box data leakage prevention (DLP) solutions are applied which are used to monitor and to control data access and usage on storage systems, on client endpoints, and in networks. In recent years products from market leaders, such as McAfee, Symantec, Verdasys, and Websense, evolved to enterprise content-aware DLP solutions. However, this paper argues that current out of the box solutions are not able to reliably protect information assets. It is only possible to reduce the probability of various incidents if organizational and technical requirements are accomplished before implementing a DLP solution. To be efficient, DLP should be a concept of information security within the information leakage prevention (ILP) pyramid which is presented in this paper. Furthermore, data must not be equalized with information which requires different strategies for protection. Especially in case of misusing privileges by exploiting an unlocked system or by shoulder surfing, the remaining risk must not to be underestimated after all.
References
- Baek, E., Kim, Y., Sung, J., and Lee, S. (2008). The Design of Framework for Detecting an Insiders Leak of Confidential Information. In Proceedings of the 1st International Conference on Forensic Applications and Techniques in Telecommunications, Information, and Multimedia and Workshop (e-Forensics).
- Beaver, J. M., Symons, C. T., and Gillen, R. E. (2013). A Learning System for Discriminating Variants of Malicious Network Traffic. In Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW), Oak Ridge, USA.
- Bertino, E. and Ghinita, G. (2011). Towards Mechanisms for Detection and Prevention of Data Exfiltration by Insiders. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Hong Kong, China.
- BKA, ISB und A-SIT (2012). O sterreichisches Informationssicherheitshandbuch. Bundeskanzleramt O sterreich (BKA), Schweizer Informatikstrategieorgan des Bundes (ISB) und Zentrum für sichere Informationstechnologie - Austria (A-SIT), Wien, Austria.
- Blank, N. (2011). Vertrauenskultur: Voraussetzung für Zukunftsfähigkeit von Unternehmen. Gabler Verlag - Springer Fachmedien, Wiesbaden, Germany.
- BSI (2013). BSI IT-Grundschutz-Kataloge. Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany.
- Corney, M., Mohay, G., and Clark, A. (2011). Detection of anomalies from user profiles generated from system logs. In Proceedings of the Ninth Australasian Information Security Conference (AISC), volume 116, pages 23-32, Darlinghurst, Australia.
- CWE (2013). CWE-200: Information Exposure. Common Weakness Enumeration (CWE) for The MITRE Corporation (MITRE).
- EMC Corporation (2013). RSA Data Loss Prevention (DLP).
- Greenwald, G., MacAskill, E., and Poitras, L. (2013). Edward Snowden: the whistleblower behind the NSA surveillance revelations. The Guardian.
- Hao, M. C., Dayal, U., and Keim, D. (2009). Visual Analytics of Anomaly Detection in Large Data Streams. In Visualization and Data Analysis (VDA), San Jose, USA.
- Jaskolka, J. and Khedri, R. (2011). Exploring Covert Channels. In International Conference on System Sciences (HICSS), Hawaii, USA.
- JTC 1 (1993). ISO/IEC 2382-1:1993 Information technology - Vocabulary - Part 1: Fundamental terms. ISO/IEC Information Technology Task Force (ITTF), Washington D.C., USA.
- JTC 1/SC 27 (2005a). ISO/IEC 27001:2005 Information technology - Security techniques - Information security management systems requirements specification. ISO/IEC Information Technology Task Force (ITTF), Washington D.C., USA.
- JTC 1/SC 27 (2005b). ISO/IEC 27002:2005 Information technology - Security techniques - Code of practice for information security management. ISO/IEC Information Technology Task Force (ITTF), Washington D.C., USA.
- McAfee, Inc. (2013). McAfee Total Protection for Data Loss Prevention (DLP).
- McAfee, Inc. (2013). Data Loss Prevention Endpoint 9.3 Known Issues. Technical Articles ID: KB77168.
- Ouellet, E. (2013). Gartner: Magic Quadrant for ContentAware Data Loss Prevention. Gartner.
- Raschke, T. (2008). The Forrester Wave: Data Leak Prevention, Q2 2008. Forrester Research.
- Shabtai, A., Elovici, Y., and Rokach, L. (2012). A Survey of Data Leakage Detection and Prevention Solutions. SpringerBriefs in Computer Science. Springer US, New York, USA.
- Symantec Corporation (2013). Symantec Data Loss Prevention (DLP).
- Verdasys (2013). DLP 3.0 - Data Loss Prevention. Digital Guardian - The Complete Enterprise Information Protection Platform.
- Wang, Y., Chen, P., Ge, Y., Mao, B., and Xie, L. (2009). Traffic Controller: A Practical Approach to Block Network Covert Timing Channel. In International Conference on Availability, Reliability and Security (ARES), Fukuoka, Japan.
- Websense, Inc (2013). Websense Data Security Suite.
- Yang, B., Sun, J.-T., Wang, T., and Chen, Z. (2009). Effective Multi-Label Active Learning for Text Classification. In Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York, USA.
- Yu, H., Zhai, C., and Han, J. (2003). Text Classification from Positive and Unlabeled Documents. In Proceedings of the Twelfth International Conference on Information and Knowledge Management, New York, USA.
Paper Citation
in Harvard Style
Hauer B. (2014). Data Leakage Prevention - A Position to State-of-the-Art Capabilities and Remaining Risk . In Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-028-4, pages 361-367. DOI: 10.5220/0004951703610367
in Bibtex Style
@conference{iceis14,
author={Barbara Hauer},
title={Data Leakage Prevention - A Position to State-of-the-Art Capabilities and Remaining Risk},
booktitle={Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2014},
pages={361-367},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004951703610367},
isbn={978-989-758-028-4},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - Data Leakage Prevention - A Position to State-of-the-Art Capabilities and Remaining Risk
SN - 978-989-758-028-4
AU - Hauer B.
PY - 2014
SP - 361
EP - 367
DO - 10.5220/0004951703610367