Follow up to why classification matters (seems that others believe the same):
"It's not just data. You have to classify everything from a risk perspective," said Brian Cleary, vice president of marketing at access governance firm Aveksa. "Once you have those controls in place, the likelihood of losing that data goes down exponentially." Copied from an article about information loss prevention published here:http://www.crn.com/security/205207370
If you don't keep tabs (meta data) on the types of data you have, who has access (and should have access) its sensitivity, and its age, you are running blind.
A natural extension to a DLP implementation and solution is to implement a classification solution, an entitlement solution (helps SOX), and a retention solution.
How to secure sensitive information, data loss prevention, for sensitive data in corporations and other organizations, (ILP,CLP,DLP). It covers personal identifiable information, personal health information, credit card information, PII, PCI, PHI etc, and how to protect it. All opinions are mine, and not of my employer or any other organization. For terms of use, see first posting.
About Me
Blog Archive
-
▼
2008
(72)
-
▼
January
(30)
- Bold and commendable move by IBMIBM is deploying P...
- Blogging and DLPShould you worry about loosing IP ...
- Why companies and organizations need to think abou...
- Here is a link to several good thoughts on various...
- In the data loss news:58 year old Greek mathematic...
- Context and uniqueness, a method for finding the p...
- DLP and eDiscoveryDLP lends itself well to eDiscov...
- EU says IP addresses are personal informationPeter...
- What does Roman aqueducts have in common with secu...
- PCI and DLPHow can you use DLP to protect the flow...
- An interesting report on the state of PCI by Forre...
- Why classification and protection matters for inte...
- I know this is old news by now, but it illustrates...
- Health care organizations are now facing review of...
- A tape containing financial information of 650,000...
- Corporate espionage and other threats to companies...
- Sears sued over privacy breach. They posted custom...
- DLP solutions for data basesThe three major catego...
- DRM and ILPWhen you have identified your sensitive...
- California SB 1386 extended to cover unencrypted h...
- Swedish secret military information left in a publ...
- Follow up to why classification matters (seems tha...
- Virginia Governor Kaine announces new legislation ...
- How to tie it all together?The way to tie it toget...
- A good overview of how to detect credit card data ...
- An interesting blog on DLP vendor selection from R...
- Necessary additions for an enterprise running a DL...
- If you are an engineer, or specially interested in...
- Proof of Concept of an ILP solution:Before embarki...
- Worrisome findings:Companies Clueless about unsecu...
-
▼
January
(30)
No comments:
Post a Comment