Tanvir Hashmi, profile picture
Uploaded byTanvir Hashmi
PPTX, PDF342 views

Comprehensive Data Leak Prevention

The document discusses trends in enterprise data leak prevention, highlighting that insider threats pose a greater risk than external hackers. It emphasizes the importance of an information classification policy and ancillary functions to effectively manage sensitive data and mitigate leaks. The text also outlines best practices for developing a comprehensive data leak prevention strategy, including obtaining management buy-in and integrating mobile device management.

Embed presentation

Downloaded 10 times
1 Enterprise Information Leak Prevention Recent trends shows Insider’s threat is bigger then the Hacker’s.
2 Knowing ‘what’ is sensitive is a business problem that Technology alone can not solve. (The Policy) Technology need to know the data, to know ‘How’ and ‘Where’ to manage it. ( Process & Federation) Ancillary functions are required in order to increase further functionalities. Each DLP program is unique and ancillary functions changes from deployment to deployment. What is Information or Data Leak Prevention ? Information / Data Leak Prevention (DLP) is a strategy for making sure that sensitive information doesn’t reach to wrong hands either inside or outside of the enterprise network. The term is also used to describe technology products that help a network administrator to control the data that end-users transfer. Terms Information-Data, Leak-Loss and Prevention-Protection are used interchangeably.
3 Quiz - Ahead of Apple much anticipated new product launch. On iCloud, a celebrity picture leak incident caused its share prize to fall by 4.2%. If Apple have total 5.99 Billion shares then Kindly put a price tag on this leak ? a) $ 6 Million b) $15 Million c) $15 Billion d) $25 Billion Financial Implication of a Single Information Leak; An example
4 “According to Kaspersky Labs Accidental Data sharing leads to loss of more data than software flaws.27% of organizations have lost sensitive business data due to internal threats in last 12 months…” Industry Trend Vulnerabilities in Existing software Accidental Leaks / Sharing od data by staff Loss / Theft of mobile device by staff Intentional Leaks / Sharing of data by staff Information leaked / inappropriately shared on mobile device Security failure by third part supplier Fraud by employess 7% 7% 7% 9% 5% 4% 5% 13% 14% 12% 9% 10% 7% 7% 16% 7% 7% 3% 6% 5% 4% Data Loss Threats Yes- Of Sensitive Business Data Yes- Of Non Sensitive Data No
5 Obtain top management buy-in, Have a policy and Have a high-level vision of enterprise network to establish the primary boundary and identifying primary gateways Speak to Corporate Governance, Data Governance, Control Minded Cousin Speak to IT and understand various Information types and its handling Speak to sample staff at all levels to understand the culture around information life cycle Survey to business function to understand specific Business Process and develop data flow diagrams Develop a road map with all the above details Finding the Starting Point Policy Leak Control at Mail Gateway (@xyz.co.kw) Leak Control at Automation (USB,CD, etc.) Leak Control at Internet Gateway (Gmail, SkyDrive, etc.)
6 Data Classification Policy Framework Rights Management Gateway Tech Integration Encryption Mobile Support While developing a roadmap, identify the ‘What’, ‘How’ and ‘Where’, and ancillary functionality as per organization priorities. The Roadmap ‘What’ shall constitute the Information Classification as per the Policy, to achieve the primary building block of the program ‘Where’ shall form the base and extended boundaries thus constituting the Federation ‘Who’ shall constitute the Rights Management ‘How’ shall constitute related Business Processes, flow diagrams and also the deployment of gateway technology (Mostly referred as the DLP Products) Ancillary functions are further added to bring in the functionality for Encryption and Mobility
7 Public Information which is to be shared outside the enterprise Internal Use Information accessible to staff on need-to- know basis or need-to-have basis. Business Partners Information accessible to Vendors, Partners or consultant (i.e. outside KFH Domain) . Confidential Information accessible to staff only on need- to-know or need-to-have basis perform assigned jobs responsibilities within organization only. Secret Information accessible to highly restricted authorized employees within org with absolute need to know or need to have requirement to perform assigned job. Information Classification Scheme InformationSensitivity Information Classification is the fundamental requirement of identifying sensitive data. In its absence, no amount of technology deployment can be an alternative Information Classification Policy 1 Public Internal use Business Partners Confidential Secret
8 The term ‘Leak’ refers to the breach of boundaries by respective classification Boundaries also constitutes the constituency of each classification Similar to Social media framework allows end user to classify his / her information accordingly. KSA 3rd party Oman UAE Qatar Bahrain KSA Kuwait Examples of LinkedIn, Google, FB : Its fundamental requirement to establish logical enterprise boundaries as per base organization. Federation Framework
9 Print Rights Management along with validation features manages the restriction and access control mechanism of program Rights to change the classification are managed to avoid unauthorized business partner classification in order to send the information Outside RM mechanism deployed to restrict the printing of ‘Confidential’ and ‘Secret’ information. RM manages the authorization of Public information. Its required to establish ‘Who’ can do ‘what’ as per job authorization. Rights Management Right Management Mechanism
10 Identified sensitive information shall be auto encrypted and do not require interference from average end user Encryption mechanism get auto evoked based on classification without end user intervention. Organization do not need to apply cumbersome encryption across the organization. Special public announcement that needs to be treated as confidential till released are managed with special process. Encryption and Digital Certificates 50% 10% 20% 5% 15% Sensitivity Trends Internal Use Business Partners Confidential Secret Public
11 Extend the program on Mobile Devices as per organization appetite, similar to PC. Integrate Mobile Device Management with solution Including device identity parameters For large organization facility can be rolled out with limited staff only to keep license cost down SMB may consider integration with MS Office360 / Google Docs Deploy Black and white (MAC Address) list at the enterprise gateway Mobility Corporate Network Manageme nt Server ProxyData Stora ge Exchange + Policy + Policy DMZ CA Server Forrester Research 2013
12 General Benefits # Benefits 1 Gaining Competitive advantage, in both brand value and reputation 2 Data leakage prevention comprehensively covers all information types, that Management do not wish to get leaked 3 Once information is classified, no user interference is required, further security is managed in the background 4 Increases the staff awareness about value and sensitivity of the data adherence to corporate governance and information security policies 5 Confidential information printing is restricted 6 Secure work environment, Archive Data Governance, Intellectual Property protection, Privacy and Regulations, Culture Change 7 Securing Proprietary information against security threats caused by enhanced employee mobility and new communication channels 8 Preventing the misuse of information, both on and off the enterprise network
13 Regulatory / Compliance Benefits # Regulation Benefits 1 Payment Card Industry - Data Security Standards V3.0 PCI requirement 4.2: Never send unprotected PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat, etc.). PCI requirement 9.6.1: Classify media so the sensitivity of the data can be determined. PCI requirement 12.2 Implement a risk-assessment process that is performed at least annually and upon significant changes to the environment (for example, acquisition, merger, relocation, etc.), Identifies critical assets, threats, and vulnerabilities, and Results in a formal risk assessment. (KRIs) 2 Central Bank of Kuwait Information Security Instruction ( 2012 /2013) and Corporate Governance Instruction (20112):Banking confidentiality is considered one of the key principles of banking business due to the trust and reassurance it gives to all parties dealing with banks 3 IS027001-2013 Information Security Management A.8.2.1 Classification of Information A.8.2.2 Labelling of Information A.8.2.3 Handling of Assets 4 Intellectual Property Protection All public information are intrinsically protected for Trademarking, © protection and ® 5 Data Governance Primary requirement of any Data Governance program
14 https://kw.linkedin.com/in/tanvirh Tanvir is an Information Security professional specializing in managing large scale programs that requires unique blend of expertise in strategy, process re-engineering and technological action planning. Prior to his role at Kuwait Finance House (KFH), He has been associated with leading companies including National Commercial Bank (NCB), Emirates NBD, Riyad Bank and HSBC. Tanvir has MS in Electronics & Communications and CISSP, CISA, AMBCI Certifications. Speaker Profile

More Related Content

PPTX
Data Loss Prevention
byReza Kopaee
 
PDF
Proactive Measures to Mitigate Insider Threat
byPriyanka Aash
 
PDF
DLP Data leak prevention
byAriel Evans
 
PDF
Dlp notes
byanuepcet
 
PPT
apsec 7 Golden Rules Data Leakage Prevention / DLP
byandreasschuster
 
PPTX
Data Loss Prevention from Symantec
byArrow ECS UK
 
PPT
DLP
bysaurabh.sood
 
PPTX
Information Leakage & DLP
byYun Lu
 
Data Loss Prevention
byReza Kopaee
 
Proactive Measures to Mitigate Insider Threat
byPriyanka Aash
 
DLP Data leak prevention
byAriel Evans
 
Dlp notes
byanuepcet
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
byandreasschuster
 
Data Loss Prevention from Symantec
byArrow ECS UK
 
DLP
bysaurabh.sood
 
Information Leakage & DLP
byYun Lu
 

What's hot

PPTX
Shadow Data Exposed
byElastica Inc.
 
PPTX
Data Leakage Prevention
byDhananjay Aloorkar
 
PDF
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la información
bySymantec LATAM
 
PPT
Shariyaz abdeen data leakage prevention presentation
byShariyaz Abdeen
 
PPTX
Reasoning About Enterprise Application Security in a Cloudy World
byElastica Inc.
 
PPT
Data Leakage Presentation
byMike Spaulding
 
PPTX
Data Security: Why You Need Data Loss Prevention & How to Justify It
byMarc Crudgington, MBA
 
PDF
Proactive Measures to Defeat Insider Threat
byAndrew Case
 
PPTX
The CISO’s Guide to Data Loss Prevention
byDigital Guardian
 
PDF
McAfee Total Protection for Data Loss Prevention (DLP)
byTrustmarque
 
PPTX
Enabling Dropbox for Business
byElastica Inc.
 
PDF
Data Leakage Prevention - K. K. Mookhey
byNetwork Intelligence India
 
PPT
How Network Data Loss Prevention is Implemented
byJerry Paul Acosta
 
PPT
5 Myths About Data Loss Prevention
byGary Bahadur
 
PPTX
Data Loss Prevention
bydj1arry
 
PDF
The Definitive Guide to Data Loss Prevention
byDigital Guardian
 
PDF
Data Leakage Prevention (DLP)
byNetwork Intelligence India
 
PPTX
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
bycentralohioissa
 
PPTX
Protecting your Data in Google Apps
byElastica Inc.
 
PDF
DLP Executive Overview
byKim Jensen
 
Shadow Data Exposed
byElastica Inc.
 
Data Leakage Prevention
byDhananjay Aloorkar
 
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la información
bySymantec LATAM
 
Shariyaz abdeen data leakage prevention presentation
byShariyaz Abdeen
 
Reasoning About Enterprise Application Security in a Cloudy World
byElastica Inc.
 
Data Leakage Presentation
byMike Spaulding
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
byMarc Crudgington, MBA
 
Proactive Measures to Defeat Insider Threat
byAndrew Case
 
The CISO’s Guide to Data Loss Prevention
byDigital Guardian
 
McAfee Total Protection for Data Loss Prevention (DLP)
byTrustmarque
 
Enabling Dropbox for Business
byElastica Inc.
 
Data Leakage Prevention - K. K. Mookhey
byNetwork Intelligence India
 
How Network Data Loss Prevention is Implemented
byJerry Paul Acosta
 
5 Myths About Data Loss Prevention
byGary Bahadur
 
Data Loss Prevention
bydj1arry
 
The Definitive Guide to Data Loss Prevention
byDigital Guardian
 
Data Leakage Prevention (DLP)
byNetwork Intelligence India
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
bycentralohioissa
 
Protecting your Data in Google Apps
byElastica Inc.
 
DLP Executive Overview
byKim Jensen
 

Viewers also liked

PPTX
Why Insider Threat is a C-Level Priority
byObserveIT
 
PPTX
Gov & Education Day 2015 - User Behavior Analytics
bySplunk
 
PDF
Expert FSO Insider Threat Awareness
byEric Schiowitz
 
PDF
Insider threat
byARCON TECHSOLUTIONS
 
PPTX
Gov Day Sacramento 2015 - User Behavior Analytics
bySplunk
 
PDF
Dealing with the insider threat.
byMatt Lemon
 
PPTX
Insider threat v3
byLancope, Inc.
 
PPTX
Insider Threat Kill Chain: Detecting Human Indicators of Compromise
byTripwire
 
PDF
5 Signs you have an Insider Threat
byLancope, Inc.
 
PDF
Risk Analysis using open FAIR and Adoption of right Security Controls
byPriyanka Aash
 
PDF
Network Forensics and Practical Packet Analysis
byPriyanka Aash
 
PPTX
I am my worst enemy — A first person look at Insider Threat
byAhmed Masud
 
PPTX
Practical Applications of Block Chain Technologies
byPriyanka Aash
 
PDF
Jisheng Wang at AI Frontiers: Deep Learning in Security
byAI Frontiers
 
PDF
Li Deng at AI Frontiers: Three Generations of Spoken Dialogue Systems (Bots)
byAI Frontiers
 
Why Insider Threat is a C-Level Priority
byObserveIT
 
Gov & Education Day 2015 - User Behavior Analytics
bySplunk
 
Expert FSO Insider Threat Awareness
byEric Schiowitz
 
Insider threat
byARCON TECHSOLUTIONS
 
Gov Day Sacramento 2015 - User Behavior Analytics
bySplunk
 
Dealing with the insider threat.
byMatt Lemon
 
Insider threat v3
byLancope, Inc.
 
Insider Threat Kill Chain: Detecting Human Indicators of Compromise
byTripwire
 
5 Signs you have an Insider Threat
byLancope, Inc.
 
Risk Analysis using open FAIR and Adoption of right Security Controls
byPriyanka Aash
 
Network Forensics and Practical Packet Analysis
byPriyanka Aash
 
I am my worst enemy — A first person look at Insider Threat
byAhmed Masud
 
Practical Applications of Block Chain Technologies
byPriyanka Aash
 
Jisheng Wang at AI Frontiers: Deep Learning in Security
byAI Frontiers
 
Li Deng at AI Frontiers: Three Generations of Spoken Dialogue Systems (Bots)
byAI Frontiers
 

Similar to Comprehensive Data Leak Prevention

PPT
Information Leakage - A knowledge Based Approach
byGlobal Business Events - the Heart of your Network.
 
PPTX
Electronic data & record management
byGreenLeafInst
 
PPTX
Protecting the Crown Jewels – Enlist the Beefeaters
byJack Nichelson
 
PDF
A Case For Information Protection Programs
byMichael Annis
 
PPTX
Information awareness program
bykhattar31
 
PDF
The Need for DLP now - A Clearswift White Paper
byBen Rothke
 
PDF
How to Build and Implement your Company's Information Security Program
byFinancial Poise
 
PDF
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
byFinancial Poise
 
PDF
Classification-HowToBoostInformationProtection
byGianmarco Ferri
 
PDF
How to Secure Your Files with DLP and FAM
byImperva
 
PPTX
626 Information leakage and Data Loss Prevention Tools
bySplitty
 
PDF
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
byIBM Security
 
PPTX
Data Leakage Prevention
byMicrosoft TechNet - Belgium and Luxembourg
 
PDF
Data Privacy Compliance
byFinancial Poise
 
PDF
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
byFinancial Poise
 
PPTX
L2 - Protecting Security of Assets_.pptx
byRebeccaMunasheChimhe
 
PDF
Where In The World Is Your Sensitive Data?
byDruva
 
PDF
Information security principles to the private versus public sector.pdf
byinfo401595
 
PPTX
Introduction to Incident Response Management
byDon Caeiro
 
PDF
Data security or technology what drives dlp implementation
bySatyanandan Atyam
 
Information Leakage - A knowledge Based Approach
byGlobal Business Events - the Heart of your Network.
 
Electronic data & record management
byGreenLeafInst
 
Protecting the Crown Jewels – Enlist the Beefeaters
byJack Nichelson
 
A Case For Information Protection Programs
byMichael Annis
 
Information awareness program
bykhattar31
 
The Need for DLP now - A Clearswift White Paper
byBen Rothke
 
How to Build and Implement your Company's Information Security Program
byFinancial Poise
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
byFinancial Poise
 
Classification-HowToBoostInformationProtection
byGianmarco Ferri
 
How to Secure Your Files with DLP and FAM
byImperva
 
626 Information leakage and Data Loss Prevention Tools
bySplitty
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
byIBM Security
 
Data Leakage Prevention
byMicrosoft TechNet - Belgium and Luxembourg
 
Data Privacy Compliance
byFinancial Poise
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
byFinancial Poise
 
L2 - Protecting Security of Assets_.pptx
byRebeccaMunasheChimhe
 
Where In The World Is Your Sensitive Data?
byDruva
 
Information security principles to the private versus public sector.pdf
byinfo401595
 
Introduction to Incident Response Management
byDon Caeiro
 
Data security or technology what drives dlp implementation
bySatyanandan Atyam
 

Recently uploaded

PPT
Data Warehousing and Data Mining – Concepts, Architecture and Applications
bystark317700
 
PDF
T1 DPB20042 Management Information System.pdf
by68gr55d8f9
 
PPTX
Quartiles_Ungrouped_Data_Grade_10-1.pptx
byxiandexter21
 
PDF
Machine_Psychology_2050_Strategic_Scenarios.pdf
byKambs Consulting
 
PPTX
Query Parsing: The SEO Gatekeeper That Decides Rankings
bySemantic SEO BD
 
PPTX
7.__Developing_a_Research_Proposal[1].pptx
bynahomeshetu340
 
PPTX
Internship ppt about multiple disease prediction
byGOUTHAMTr2
 
PDF
What is Context Engineering for Agentforce Developer and Architect
byParis Salesforce Developer Group
 
PDF
Whitepaper Optymyze / Expand further (2026)
byOptymyze
 
PDF
Data Science vs Machine Learning vs AI | Industry Skills Explained
bymuhsinam9074
 
PDF
Maricar Payaoan Belarma Portfolio :)))))
bymaricarbelarmava
 
PDF
Plainte française dans le cadre de l'affaire Epstein
bySociété Tripalio
 
PPTX
Merge Sort Algorithm: Analysis of Time and Space Complexity.pptx
byrigurahu
 
PPTX
Microsoft-Dynamics-365-Business-Central (1).pptx
byUlirRohwana
 
PDF
Content Strategy Presentation.pdfjjjjhhhhh
byCerineAmmarkhodja1
 
PDF
Macro Energy Trust Shock - current developments in the Venezuelan energy sector
byAurélie Dupassieux
 
PPTX
Autism types, forms and everything we need to know
byfuzertamas
 
PPTX
SQL FOR DATA ANALYSTS - MSSQLServer for Analysts
bysirtwumasi77
 
PDF
"Essential Excel Tips for Beginners & Professionals – 50+ Techniques to Maste...
byCA Suvidha Chaplot
 
PPTX
Smart Crop prediction presentation for final year
bySurya386647
 
Data Warehousing and Data Mining – Concepts, Architecture and Applications
bystark317700
 
T1 DPB20042 Management Information System.pdf
by68gr55d8f9
 
Quartiles_Ungrouped_Data_Grade_10-1.pptx
byxiandexter21
 
Machine_Psychology_2050_Strategic_Scenarios.pdf
byKambs Consulting
 
Query Parsing: The SEO Gatekeeper That Decides Rankings
bySemantic SEO BD
 
7.__Developing_a_Research_Proposal[1].pptx
bynahomeshetu340
 
Internship ppt about multiple disease prediction
byGOUTHAMTr2
 
What is Context Engineering for Agentforce Developer and Architect
byParis Salesforce Developer Group
 
Whitepaper Optymyze / Expand further (2026)
byOptymyze
 
Data Science vs Machine Learning vs AI | Industry Skills Explained
bymuhsinam9074
 
Maricar Payaoan Belarma Portfolio :)))))
bymaricarbelarmava
 
Plainte française dans le cadre de l'affaire Epstein
bySociété Tripalio
 
Merge Sort Algorithm: Analysis of Time and Space Complexity.pptx
byrigurahu
 
Microsoft-Dynamics-365-Business-Central (1).pptx
byUlirRohwana
 
Content Strategy Presentation.pdfjjjjhhhhh
byCerineAmmarkhodja1
 
Macro Energy Trust Shock - current developments in the Venezuelan energy sector
byAurélie Dupassieux
 
Autism types, forms and everything we need to know
byfuzertamas
 
SQL FOR DATA ANALYSTS - MSSQLServer for Analysts
bysirtwumasi77
 
"Essential Excel Tips for Beginners & Professionals – 50+ Techniques to Maste...
byCA Suvidha Chaplot
 
Smart Crop prediction presentation for final year
bySurya386647
 

Comprehensive Data Leak Prevention

  • 1.
    1 Enterprise Information LeakPrevention Recent trends shows Insider’s threat is bigger then the Hacker’s.
  • 2.
    2 Knowing ‘what’ issensitive is a business problem that Technology alone can not solve. (The Policy) Technology need to know the data, to know ‘How’ and ‘Where’ to manage it. ( Process & Federation) Ancillary functions are required in order to increase further functionalities. Each DLP program is unique and ancillary functions changes from deployment to deployment. What is Information or Data Leak Prevention ? Information / Data Leak Prevention (DLP) is a strategy for making sure that sensitive information doesn’t reach to wrong hands either inside or outside of the enterprise network. The term is also used to describe technology products that help a network administrator to control the data that end-users transfer. Terms Information-Data, Leak-Loss and Prevention-Protection are used interchangeably.
  • 3.
    3 Quiz - Aheadof Apple much anticipated new product launch. On iCloud, a celebrity picture leak incident caused its share prize to fall by 4.2%. If Apple have total 5.99 Billion shares then Kindly put a price tag on this leak ? a) $ 6 Million b) $15 Million c) $15 Billion d) $25 Billion Financial Implication of a Single Information Leak; An example
  • 4.
    4 “According to KasperskyLabs Accidental Data sharing leads to loss of more data than software flaws.27% of organizations have lost sensitive business data due to internal threats in last 12 months…” Industry Trend Vulnerabilities in Existing software Accidental Leaks / Sharing od data by staff Loss / Theft of mobile device by staff Intentional Leaks / Sharing of data by staff Information leaked / inappropriately shared on mobile device Security failure by third part supplier Fraud by employess 7% 7% 7% 9% 5% 4% 5% 13% 14% 12% 9% 10% 7% 7% 16% 7% 7% 3% 6% 5% 4% Data Loss Threats Yes- Of Sensitive Business Data Yes- Of Non Sensitive Data No
  • 5.
    5 Obtain top managementbuy-in, Have a policy and Have a high-level vision of enterprise network to establish the primary boundary and identifying primary gateways Speak to Corporate Governance, Data Governance, Control Minded Cousin Speak to IT and understand various Information types and its handling Speak to sample staff at all levels to understand the culture around information life cycle Survey to business function to understand specific Business Process and develop data flow diagrams Develop a road map with all the above details Finding the Starting Point Policy Leak Control at Mail Gateway (@xyz.co.kw) Leak Control at Automation (USB,CD, etc.) Leak Control at Internet Gateway (Gmail, SkyDrive, etc.)
  • 6.
    6 Data Classification Policy Framework Rights Management Gateway Tech Integration Encryption Mobile Support While developinga roadmap, identify the ‘What’, ‘How’ and ‘Where’, and ancillary functionality as per organization priorities. The Roadmap ‘What’ shall constitute the Information Classification as per the Policy, to achieve the primary building block of the program ‘Where’ shall form the base and extended boundaries thus constituting the Federation ‘Who’ shall constitute the Rights Management ‘How’ shall constitute related Business Processes, flow diagrams and also the deployment of gateway technology (Mostly referred as the DLP Products) Ancillary functions are further added to bring in the functionality for Encryption and Mobility
  • 7.
    7 Public Information whichis to be shared outside the enterprise Internal Use Information accessible to staff on need-to- know basis or need-to-have basis. Business Partners Information accessible to Vendors, Partners or consultant (i.e. outside KFH Domain) . Confidential Information accessible to staff only on need- to-know or need-to-have basis perform assigned jobs responsibilities within organization only. Secret Information accessible to highly restricted authorized employees within org with absolute need to know or need to have requirement to perform assigned job. Information Classification Scheme InformationSensitivity Information Classification is the fundamental requirement of identifying sensitive data. In its absence, no amount of technology deployment can be an alternative Information Classification Policy 1 Public Internal use Business Partners Confidential Secret
  • 8.
    8 The term ‘Leak’refers to the breach of boundaries by respective classification Boundaries also constitutes the constituency of each classification Similar to Social media framework allows end user to classify his / her information accordingly. KSA 3rd party Oman UAE Qatar Bahrain KSA Kuwait Examples of LinkedIn, Google, FB : Its fundamental requirement to establish logical enterprise boundaries as per base organization. Federation Framework
  • 9.
    9 Print Rights Management alongwith validation features manages the restriction and access control mechanism of program Rights to change the classification are managed to avoid unauthorized business partner classification in order to send the information Outside RM mechanism deployed to restrict the printing of ‘Confidential’ and ‘Secret’ information. RM manages the authorization of Public information. Its required to establish ‘Who’ can do ‘what’ as per job authorization. Rights Management Right Management Mechanism
  • 10.
    10 Identified sensitive informationshall be auto encrypted and do not require interference from average end user Encryption mechanism get auto evoked based on classification without end user intervention. Organization do not need to apply cumbersome encryption across the organization. Special public announcement that needs to be treated as confidential till released are managed with special process. Encryption and Digital Certificates 50% 10% 20% 5% 15% Sensitivity Trends Internal Use Business Partners Confidential Secret Public
  • 11.
    11 Extend the programon Mobile Devices as per organization appetite, similar to PC. Integrate Mobile Device Management with solution Including device identity parameters For large organization facility can be rolled out with limited staff only to keep license cost down SMB may consider integration with MS Office360 / Google Docs Deploy Black and white (MAC Address) list at the enterprise gateway Mobility Corporate Network Manageme nt Server ProxyData Stora ge Exchange + Policy + Policy DMZ CA Server Forrester Research 2013
  • 12.
    12 General Benefits # Benefits 1Gaining Competitive advantage, in both brand value and reputation 2 Data leakage prevention comprehensively covers all information types, that Management do not wish to get leaked 3 Once information is classified, no user interference is required, further security is managed in the background 4 Increases the staff awareness about value and sensitivity of the data adherence to corporate governance and information security policies 5 Confidential information printing is restricted 6 Secure work environment, Archive Data Governance, Intellectual Property protection, Privacy and Regulations, Culture Change 7 Securing Proprietary information against security threats caused by enhanced employee mobility and new communication channels 8 Preventing the misuse of information, both on and off the enterprise network
  • 13.
    13 Regulatory / ComplianceBenefits # Regulation Benefits 1 Payment Card Industry - Data Security Standards V3.0 PCI requirement 4.2: Never send unprotected PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat, etc.). PCI requirement 9.6.1: Classify media so the sensitivity of the data can be determined. PCI requirement 12.2 Implement a risk-assessment process that is performed at least annually and upon significant changes to the environment (for example, acquisition, merger, relocation, etc.), Identifies critical assets, threats, and vulnerabilities, and Results in a formal risk assessment. (KRIs) 2 Central Bank of Kuwait Information Security Instruction ( 2012 /2013) and Corporate Governance Instruction (20112):Banking confidentiality is considered one of the key principles of banking business due to the trust and reassurance it gives to all parties dealing with banks 3 IS027001-2013 Information Security Management A.8.2.1 Classification of Information A.8.2.2 Labelling of Information A.8.2.3 Handling of Assets 4 Intellectual Property Protection All public information are intrinsically protected for Trademarking, © protection and ® 5 Data Governance Primary requirement of any Data Governance program
  • 14.
    14 https://kw.linkedin.com/in/tanvirh Tanvir is anInformation Security professional specializing in managing large scale programs that requires unique blend of expertise in strategy, process re-engineering and technological action planning. Prior to his role at Kuwait Finance House (KFH), He has been associated with leading companies including National Commercial Bank (NCB), Emirates NBD, Riyad Bank and HSBC. Tanvir has MS in Electronics & Communications and CISSP, CISA, AMBCI Certifications. Speaker Profile