Your SlideShare is downloading. ×
0
Information Leakage & DLP
Information Leakage & DLP
Information Leakage & DLP
Information Leakage & DLP
Information Leakage & DLP
Information Leakage & DLP
Information Leakage & DLP
Information Leakage & DLP
Information Leakage & DLP
Information Leakage & DLP
Information Leakage & DLP
Information Leakage & DLP
Information Leakage & DLP
Information Leakage & DLP
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Information Leakage & DLP

1,017

Published on

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,017
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Information Leakage & Data Loss Prevention ACC626 Presented by: Carol Qianyun Lu July 23rd, 2013
  • 2. Agenda What is Information Leakage? How and when it occurs? Impact on organizations Frameworks & DLP tools Implications for CA Conclusion
  • 3. What is Information Leakage? Information leakage is an alternate term for information exposure Information exposure is the intentional or unintentional disclosure of information to a party that does not have access to that information (CWE, 2008) Common form of data loss Severity range widely depending on type of information that is revealed
  • 4. How and when it occurs? External hack to organization’s confidential information Occur during outsourcing Acts of consultants who works for different firms concurrently Relevant to CAs who works as consultants and C-Suite Executive Between alliances and collaborating companies Leak from inside by employees
  • 5. Leak from Inside Ways information can be leaked: Flash drives , USB devices, Other “lifestyle” devices iPods Bring-Your-Own-Device Former employees – Internal Control Deficiency Cyberspace Online Storage (e.g. Google – Gmail) Instant messages, emails, blogs
  • 6. Impact on Organizations Financial and reputational loss Small leaks accumulate to big loss Loss of customer and employee private information Loss of competitive position Lawsuits or regulatory consequences
  • 7. Frameworks The Privacy Act of 1974 – U.S. The Payment Card Industry Data Security Standards – U.S. Sarbanes-Oxley Act (SOX) – U.S. Federal Information Security Management Act (FISMA) – U.S.
  • 8. DLP Tools Full DLP suites McAfee Data Loss Prevention - Commercial email security platform Controls for emails Websense TruWeb DLP, CISCO IronPort email and Google – Postini Stand-alone DLP products Code Green Networks, intrusion Inc., Workshare
  • 9. Additional DLP Tools Internal Security Control Digital forensic techniques Network Security Solution E.g. Fidelis Security System’s XPS Deploy DLP tools as part of larger security suite
  • 10. Implication on CA Safe environment for internet accounting information system Relevant to accounting profession Third party specialized auditor to appraise system Effective network security audit
  • 11. Conclusion Extremely important for C-Suite executives to: understand information leakage Realize impact on organizations Utilize DLP tools Continuous effort to protect confidential information Combination of effective DLP implementation and best management practices
  • 12. Work Cited Alawneh, M. & Abbadi I. (2008). “Preventing Information Leakage Between Collaborating Organizations”. Proceedings of the 10th International Conference on Electronic Commerce. No. 38. Pp. 1-10. Retrieved June 1, 2013, from ACM Digital Library: http://dl.acm.org.proxy.lib.uwaterloo.ca/results.cfm?h=1&cfid=221214407&cftoken=69627990 Baek, E. & Kim. Y. & Sung L. & Lee, S. (2008). “The design of framework for detecting an insider’s leak of confidential information”. 1st international conference on forensic applications and techniques in telecommunications, information, and multimedia and workshop. No.14. pp. 1-4. Retrieved June 1, 2013, from ACM Digital Library:http://dl.acm.org.proxy.lib.uwaterloo.ca/citation.cfm?id=1363217.1363236&coll=portal&dl=ACM Chen, A. & Chu, H. (2012). “Against the breaches: data loss prevention for online travelling services”. Information Security and Intelligence Control (ISIC). Pp.282-285. Retrieved June 1, 2013, from IEEE Xplore Digital Library:http://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=6449761&queryText%3DAgai nst+the+breaches%3A+data+loss+prevention+for+online+travelling+services CWE-200. (2008). “Information Leak (Information Disclosure)”. Common Weakness Enumeration. Retrieved June 1, 2013, from CWE: http://cwe.mitre.org/data/definitions/200.html Garretson, C. (2008). “Data-leak Prevention: Pros and Cons”. Network World. 25.1. pp. 1-39, Retrieved June 1, 2013, from ABI/Inform Global Database:http://search.proquest.com.proxy.lib.uwaterloo.ca/docview/215991675/13E68CFFDE85758648A/1?accountid=14906
  • 13. Work Cited He, Q. & Chen, G. (2011). “Research of security audit of enterprise group accounting information system under internet environment”. Second international conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC). Pp. 516-519. Retrieved June 1, 2013, from IEEE Xplore:http://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=6010453&queryText%3DResearch+of+Sec urity+Audit+of+Enterprise+Group+Accounting+Information+System+under+Internet+Environment Hoecht, A. & Trott, P. (2006). “Outsourcing, information leakage and the risk of losing technology-based competencies”. European Business Review, Vol. 18 Iss:5. Pp.395-412. Retrieved June 1, 2013, from Emerald: http://www.emeraldinsight.com/journals.htm?issn=0955- 534X&volume=18&issue=5&articleid=1567303&show=abstract Irwin, K. & Yu, T. & Winsborough, WH. (2008). “Avoiding information leakage in security-policy-aware planning”. 7th ACM workshop on Privacy in the electronic society. Pp. 85-94. Retrieved June 1, 2013, from ACM Digital Library:http://dl.acm.org.proxy.lib.uwaterloo.ca/citation.cfm?id=1456403.1456418&coll=portal&dl=ACM Lawton, G. (2008). “New Technology Prevents Data Leakage”. Computer. Vol. 41 Iss: 9. Pp. 14-17. Retrieved June 1, 2013, from IEEE Xplore Digital Libraryhttp://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=4623215&queryText%3DNew+Technology+ Prevents+Data+Leakage: Lee, H-J. & Won, D. (2011). “Protection profile for data leakage protection system”. Proceedings of the Third international conference on Future Generation Information Technology. Pp. 316-326. Retrieved June 1, 2013, from ACM Digital Library:http://dl.acm.org.proxy.lib.uwaterloo.ca/citation.cfm?id=2183807.2183844&coll=DL&dl=GUIDE&CFID=221237978&CFTOKEN=52641 256 Liu, S. & Kuhn, R. (2010), “Data Loss Prevention”. IT Professionals, Vol. 12 No.2. pp. 10-13. Retrieved June 1, 2013, from IEEE Xplore Digital Library:http://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=5439507&queryText%3Ddata+loss+preven tion
  • 14. Work Cited Murphy, J. (2008). “Data Loss Prevention: An Elixir for Privacy Compliance Headache?”. The EDP Audit, Control and Security Newsletter. Vol. XXXVIII, No. 6. Pp. 1-7. Retrieved June 1, 2013, from Scholars Portal:http://journals1.scholarsportal.info.proxy.lib.uwaterloo.ca/details-sfx.xqy?uri=/07366981/v38i0006/10_dlpaefpch.xml Norman, P. (2004), “Knowledge acquisition, knowledge loss and satisfaction in high technology alliances”, Journal of Business Research, Vol. 57 No. 6, pp. 610-9. Retrieved June 1, 2013, from ABI/Inform Global Database:http://search.proquest.com.proxy.lib.uwaterloo.ca/docview/232104520/fulltext/13E68DCF766941C339/1?accountid=1 4906# Oxley, J. and Sampson, R. (2004), “The scope and governance of international R&D alliances”, Strategic Management Journal, Vol. 25 Nos 8/9, pp. 723-49. Retrieved June 28, 2013, from Deep Blue: http://deepblue.lib.umich.edu/bitstream/handle/2027.42/34617/391_ftp.pdf?sequence=1 S-Koromina,V. et al., (2012). “Insider threats in corporate environments: a case study for data leakage prevention”. Proceedings of the Fifth Balkan Conference in Informatics, pp.271-274. Retrieved June 1, 2013, from ACM Digital Library:http://dl.acm.org.proxy.lib.uwaterloo.ca/citation.cfm?id=2371316.2371374&coll=DL&dl=ACM&CFID=221237978&CFTOK EN=52641256 Wuchner, T. & Pretschner, A. (2012). “Data Loss Prevention based on data-driven Usage Control”. IEEE 23rd International Symposium on Software Reliability Engineering. Pp. 151-160. Retrieved June 1, 2013, from IEEE Xplore Digital Library:http://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=6405363&queryText%3DData +Loss+Prevention+based+on+data-driven+Usage+Control Zinkewicz, P. (2009). “Dealing with Data Leakage”. Rough Notes, 152(4), 82-83. Retrieved June 1,2013, from Proquest: http://search.proquest.com.proxy.lib.uwaterloo.ca/docview/200371198?accountid=14906

×