DLP Complete Certification Kit P108

Uncover the most sought-after security software for organizations worldwide, known as Data Loss Prevention (DLP).
DLP software
tools have fast become an integral part of business security measures. DLP security solutions ensure any organizations vital information is kept under lock and key, allowing business owners to breathe a sigh of relief. Become a valued member of your organization by
learning the benefits and advantages of implementing DLP software solutions.
Data Loss Prevention (DLP) can be described as a strategy for ensuring that critical or sensitive information or data is not leaked
outside of an organizations corporate network. DLP software tools are implemented to assist, manage, and control data transfers. It
is designed to detect potential data breaches and initiate prevention through early detection and blocking of any sensitive data. This
course would be beneficial to businesses looking to implement DLP software tools for security purposes, IT Professionals researching
DLP software services and computer security systems, and Managers wanting to be informed about the importance of data protection.
This certification validates your knowledge of specific methods, models, and/or tools. This is essential to professionals in order to be
updated on the latest multimedia trends, and to add to their DLP toolbox.
The industry is facing a bold, new world with the amazing developments in DLP technology, and the challenges and the opportunities
that this presents are unprecedented. The Data Loss Prevention Complete Certification Kit serves as a complete introductory guide for
anyone looking to grasp a better understanding of DLP concepts and their practical application in any environment.
The Art of Services introductory DLP training and certification helps IT practitioners develop the skills that are crucial, as businesses
embark on this massive transformation. It provides an industry credential for IT professionals to help them transform into the world of
DLP.
Take the next step: Get Certified!

The Art of Service IT Service Management programs are the #1 certification programs in the information management industry. Being
proven means investing in yourself, and formally validating your knowledge, skills, and expertise by the industrys most comprehensive learning and certification program. The Data Loss Prevention Complete Certification course prepares you for DLP Certification.
Why register?
- Easy and affordable.
- Learning about DLP technologies has never been more affordable.
- Latest industry trends are explained.
- Acquire valuable skills and get updated about the industrys latest trends right here. Today.
- Learn from the Experts. The Art of Service offers education about DLP and 300 other technologies by the industrys best.
- Learn at your own pace. Find everything right here, when you need it, and from wherever you are.
What will you learn?
- Learn the important concepts, software tools, and uses of DLP.
- Learn about the benefits and importance of implementing DLP software services into any organization.
- Examine computer and cloud security.
- Review DLP solutions and standards.
- Explore data categories and lifecycle.
Course Outline
The topics covered in this course are:
- Data Loss and Recovery
- Overview of Data Loss Prevention
- Data Categories and Lifecycle
- Computer Security
- Cloud Security
- Solutions
- Standards
Data Loss Prevention Complete Certification Kit - Core Series for IT
This training and certification enables you to move both the industry and business forward, and to quickly take advantage of the
benefits that DLP applications present.
Foreword
As an education and training organization within the IT Service Management (ITSM) industry, we
have watched with enthusiasm as the world of Data Loss Prevention has evolved over the years.
The opportunities provided through Data Loss Prevention have allowed for significant growth
within an industry that continues to mature and develop at a rapid pace. Our primary goal is to
provide the quality education and support materials needed to enable the understanding and
application of Data Loss Prevention in a wide range of contexts.
This comprehensive book is designed to complement the in-depth eLearning Data Loss
Prevention Specialist program provided by The Art of Service. The interactive eLearning course
uses a combination of narrated PowerPoint presentations with flat text supplements and
multiple-choice assessments, which will ultimately prepare you for the Data Loss Prevention
certification exam.
In this brand new edition, we created a focused and specialized manual, which dives straight
into Data Loss Prevention. We hope you find this book to be a useful tool in your educational
library, and we wish you well in your IT career!
The Art of Service
The Art of Service Pty Ltd

All of the information in this document is subject to copyright. No part of this document may in any form or by any means (whether
electronic or mechanical or otherwise) be copied, reproduced, stored in a retrieval system, transmitted or provided to any other person
without the prior written permission of The Art of Service Pty Ltd, who owns the copyright.
Notice of Rights
All rights reserved. No part of this book may be reproduced or transmitted in any form by any
meanselectronic, mechanical, photocopying, recording, or otherwisewithout the prior written
permission of the publisher.
Notice of Liability
The information in this book is distributed on an As Is basis without warranty. While every
precaution has been taken in the preparation of the book, neither the author nor the publisher shall
have any liability to any person or entity, with respect to any loss or damage caused or alleged to be
caused directly or indirectly by the instructions contained in this bo ok or by the products described
in it.
Trademarks
Many of the designations used by manufacturers and sellers to distinguish their products are
claimed as trademarks. Where those designations appear in this book, and the publisher was aware
of a trademark claim, the designations appear as requested by the owner of the trademark. All other
product names and services identified throughout this book are used in editorial fashion only and
for the benefit of such companies with no intention of infringement of the trademark. No such use,
or the use of any trade name, is intended to convey endorsement or other affiliation with this book.
Write a review to receive any free eBook from our Catalog$99 Value!
If you recently bought this book, we would love to hear from you! Benefit from receiving a free eBook
from our catalog at http://www.emereo.org/ by writing a review on Amazon (or the online store where
you purchased this book) about your last purchase! As part of our continual service improvement
process, we love to hear real student experiences and feedback.
How does it work?

To post a review on Amazon, just log in to your account and click on the Create your own review
button (under Customer Reviews) of the relevant product page. You can find examples of product
reviews in Amazon. If you purchased from another online store, simply follow their procedures.
What happens when I submit my review?

Once you have submitted your review, send us an email at review@emereo.org with the link to your
review, and the eBook you would like as our thank you from http://www.emereo.org/. Pick any book
you like from the catalog, up to $99 RRP. You will receive an email with your eBook as download link.
It is that simple!
Contents
Foreword1
HOW TO ACCESS THE eLEARNING PROGRAM
Introduction11
Data Loss and Recovery
14
Objectives14
Data Loss
14
Types15
By the Numbers
16
Data Recovery - Response to Data Loss
18
Scenarios19
Backup Strategy
20
Data Loss Prevention - Foundation
21
Questions23
Overview of Data Loss Prevention
25
Objectives25
Data Loss Prevention
25
Data Loss Prevention - Common Themes
28
Need30
Risks30
Common Data Loss
31
Data Loss Prevention vs. Data Leakage
32
Questions33
Data Categories and Lifecycle
35
Objectives35
Data Loss Prevention - Categories
35
Data Lifecycle
36
Data Lifecycle - Data in Motion
39
Data in Use
40
Data at Rest
41
Terminology - Data Breach
42
Information Security
43
Security Awareness
43
Questions44
Computer Security
46
Objectives46
Computer Security
46
Computer Security - Secure OS
47
Importance49
Computer Security Threats
51
Improving Computer Security
52
Questions56
Cloud Security
58
Objectives58
Cloud Security
58
Security Issues
59
Security Controls
59
Dimensions62
Key Security Issues
62
Questions68
Solutions70
Objectives70
Data Loss Prevention Solutions
70
DLP Features vs. DLP Solutions
70
DLP Solutions
71
DLP Solutions - Considerations
72
Questions79
Standards81
Objectives81
Cyber Security Standards
81
History81
Standard of Good Practice
82
ISO/IEC 27002
83
ISO 15408
84
RFC 2196
85
IEC/ISA-6244385
Other Standards
86
Questions90
Answers92
Index94
Introduction
The Art of Services trained IT professionals have created the Data Loss Prevention Complete
Certification Kit to serve as a complete introductory guide for anyone looking to grasp a better
understanding of Data Loss Prevention concepts and their practical application in any IT
environment. Our Data Loss Prevention Certification Kit provides you with the opportunity to
familiarize yourself with the latest and greatest business and technology trends in the form of a
study guide eBook and online course, which are delivered to you via our eLearning portal, ensuring
you the freedom to access your course at your convenience!
The online learning program is available for a 90-day access period.
Data Loss Prevention (DLP) can be described as a strategy for ensuring that critical or sensitive
information or data is not leaked outside of an organizations corporate network. DLP software tools
are implemented to assist, manage, and control data transfers. It is designed to detect potential data
breaches and initiate prevention through early detection and blocking of any sensitive data.
The Data Loss Prevention Complete Certification Kit contains everything you need to know about
Data Loss Prevention concepts, including:

Real-world scenarios that describe what you have learned in the context of service solutions.
These include thought-provoking questions to challenge your thinking and understanding.
Section reviews for each chapter to help you zero in on what you need to know and quiz
questions to help solidify your knowledge.
A Real-World Guide to Data Loss Prevention. Key information and real-world examples
organized around the actual day-to-day tasks and challenges you will face in the application
of Data Loss Prevention.
Trainer lead, engaging Adobe Flash presentations that you can view and replay as many
times as required.
Audience:
The Data Loss Prevention Complete Certification Kit will be of interest to:

Recent graduates looking to get a foothold in the IT Industry
Individuals looking for work within public or private sector organizations
Businesses looking to implement DLP software tools for security purposes
IT Professionals researching DLP software services and computer security systems
Managers wanting to be informed about the importance of data protection

Computer Security
Cloud Security
Solutions
Standards
Prerequisites:
There are no prerequisites for the Data Loss Prevention program, but a basic IT literacy and
knowledge is desirable.
Contact Hours:
The recommended minimum contact hours for the eLearning course is 18 hours.
13
Delivery:
The program combines seven (7) short presentations supported by trainer audio. There are also
quizzes and exercises at the conclusion of each module (marking scheme provided), to ensure
learners are testing their knowledge and competency to enhance understanding of key concepts.
A Certificate will be awarded to students upon successfully passing the final exam and
completion of the course.
This program is an eLearning Program. Your access details to the eLearning course are in the book.
Program Materials:

Multimedia presentations
Downloadable resources (PDF documents)
End of module review questions to assess your content knowledge
We hope you find the Data Loss Prevention Certification Kit beneficial to the expansion of your IT
knowledge base and future career growth.
Copyright The Art of Service I Brisbane, Australia I Email: service@theartofservice.com

Web: http://store.theartofservice.com I eLearning: http://theartofservice.org I Phone: +61 (0) 7 3252 2055
Chapter 1
Objectives

To learn about the different types of data loss
To identify the response to data loss
Data Loss
Data loss is an error condition in information systems in which information is destroyed by failures
or neglect in storage, transmission, or processing. Information systems implement backup and
disaster recovery equipment and processes to prevent data loss or restore lost data.
Data loss is different from data unavailability, as the latter may arise from a network outage. Although
the two have similar effects, data unavailability is temporary, while data loss may be permanent.
Data loss is also distinct from data spill, although the term data loss has been sometimes used
in those incidents. Data loss incidents can, however, be also data spill incidents, in case media
containing sensitive information is lost and subsequently acquired by another party. However,
data spills are possible without the data being lost in the originating side.
Data loss can occur on any device that stores data. Although any loss of data, even a simple
misplacement, is by definition technically a loss, what we are primarily concerned with is the
permanent loss of data that is important to your business ongoing success.
14
Types
Intentional Action

Intentional deletion of a file or program
Unintentional Action

Accidental deletion of a file or program
Misplacement of CDs or memory sticks
Administration errors
Inability to read unknown file format
Disaster

Natural disaster, earthquake, flood, tornado, fire, etc.
Failure

Power failure and power outages, resulting in data in volatile memory not being saved to
permanent memory
Hardware failure, such as a head crash in a hard disk, bad sectors, bad RAM, and the like
A software crash or freeze, resulting in data not being saved
Software bugs or poor usability, such as not confirming a file delete command
Business failure (vendor bankruptcy), where data is stored with a software vendor using
Software-as-a-service and SaaS data escrow has not been provisioned
Data corruption, such as file system corruption or database corruption
Ejecting external hard drives and related storage devices before disconnecting them or
powering them off
15
16
data loss prevention
Crime

Theft, hacking, sabotage, etc.
A malicious act such as a worm, virus, hacker, or theft of physical media
Studies have consistently shown hardware failure and human error to be the two most common
causes of data loss, accounting for roughly three quarters of all incidents.
A commonly overlooked cause is a natural disaster. Although the probability is small, the only way
to recover from data loss due to a natural disaster is to store backup data in a physically separate
location.
By the Numbers
Breaches are Expensive

$ 6.75M - The average organizational cost of data breach in 2009
Data Loss is Everywhere
88% - Percentage of companies that experienced data loss in 2010

17
More Data, More Breach
61.7% - Compound annual growth rate of unstructured data (word processing documents,
spreadsheets, photos, videos, etc.) in traditional centers, 2008 2012
Data Loss is Coming from Within Organizations
59% - Percentage of ex-employees who leave with company data
Confidential Data is Going to Competitors
67% - Percentage of ex-employees who have taken confidential data that use it to leverage a new
job in 2009
Leading Causes of Data Loss
Based on the data above, 25% of data loss is due to events beyond user control, which means it
leaves a lot of room for improvement.

18
Data Recovery - Response to Data Loss

Recovery
This is basically everyones go-to move when data has been lost.
Data recovery is the process of salvaging data from damaged, failed, corrupted, or inaccessible
secondary storage media when it cannot be accessed normally. Often, the data are being salvaged
from storage media such as internal or external hard disk drives, solid-state drives (SSD), USB flash
drive, storage tapes, CDs, DVDs, RAID, and other electronics.
The term Data Recovery is also used in the context of forensic applications or espionage, where
data which has been encrypted or hidden, rather than damaged, is recovered.
Data recovery is often performed by specialized commercial services that have developed, often
proprietary, methods to recover data from physically damaged media. Service costs at data
recovery labs are usually dependent on the type of damage and type of storage medium, as well
as the required security or cleanroom procedures.
File system corruption can frequently be repaired by the user or the system administrator with
the right software tools. A deleted file may not be overwritten on disk. It is more common for the
operating system to simply delete its entry in the file system index. This can be easily reversed.

19
Scenarios
Recovery may be required due to physical damage to the storage device or logical damage to the
file system that prevents it from being mounted by the host operating system.
Three (3) scenarios are involved in recovering data:

The most common data recovery scenario involves an operating system failure, in which case the
goal is simply to copy all wanted files to another disk. This can be easily accomplished using a Live
CD. Many of which provide a means to mount the system drive and backup disks or removable
media, and to move the files from the system disk to the backup media with a file manager or
optical disc authoring software.
Such cases can often be mitigated by disk partitioning and by consistently storing valuable data
files on a different partition from the replaceable OS system files.
Another scenario involves a disk-level failure, such as a compromised file system or disk partition,
or a hard disk failure.
In any of these cases, the data cannot be easily read. Depending on the situation, solutions involve
repairing the file system, partition table or master boot record, or hard disk recovery techniques
ranging from software-based recovery of corrupted data, hardware-software based recovery of
damaged service areas, to hardware replacement on a physically damaged disk.

20
If hard disk recovery is necessary, the disk itself has typically failed permanently, and the focus is
rather on a one-time recovery, salvaging whatever data can be read.
In a third scenario, files have been deleted from a storage medium.
Typically, the contents of deleted files are not removed immediately from the drive; instead,
references to them in the directory structure are removed, and the space they occupy is made
available for later overwriting. In the meantime, the original file contents remain, often in a number
of disconnected fragments, and may be recoverable.
Backup Strategy
Successful recovery from a data loss generally requires an effective backup strategy. Without a
backup strategy, recovery requires reinstallation of programs and regeneration of data. Even with
an effective backup strategy, restoring a system to the precise state it was in prior to the Data Loss
Event is extremely difficult.
Some level of compromise between granularity of recoverability and cost is necessary. Furthermore,
a Data Loss Event may not be immediately apparent. An effective backup strategy must also
consider the cost of maintaining the ability to recover lost data for long periods of time.
The most convenient backup system would have duplicate copies of every file and program that
are immediately accessible whenever a Data Loss Event is noticed.
Many backup strategies decrease the granularity of restorability as the time increases since the
21
potential Data Loss Event. By this logic, recovery from recent Data Loss Events is easier and more
complete than recovery from Data Loss Events that happened earlier in the past.
There are many ways to store data: hard drives, removable disks, CDs or DVDs just to name a few.
No matter how reliable these storage products might be, any mechanical or electronic device can
fail to function normally.
However, in most situations, there is an inverse correlation between the value of a unit of data
and the length of time it takes to notice the loss of that data. Taking this into consideration, many
backup strategies decrease the granularity of restorability as the time increases since the potential
Data Loss Event. By this logic, recovery from recent Data Loss Events is easier and more complete
than recovery from Data Loss Events that happened earlier in the past.
There are many non-failure-related causes of lost or inaccessible data, such as accidentally deleting
files, formatting/repartitioning a disk, or a forgotten password.
Sometimes, disaster strikes and a storage device might physically be unusable, such as in the case
of a fire, a spill or other damage. When normal methods for accessing data fail, data recovery is the
process we use to regain safe, reliable access to that data.
Data Loss Prevention - Foundation

Preventing the loss of data should be everyones Plan A whether the data is for personal or
business use.
Data loss prevention can rarely be guaranteed. However, the frequency of data loss and the impact
22
can be greatly mitigated by taking proper precautions. The different types of data loss demand
different types of precautions. For example, multiple power circuits with battery backup and a
generator will only protect against power failures. Similarly, using a journaling file system and RAID
storage will only protect against certain types of software and hardware failure.
Regular data backups are an important asset to have when trying to recover after a data loss event,
but they dont do much to prevent user errors or system failures.
A well-rounded approach to data protection has the best chance of avoiding data loss events.
Such an approach will also include mundane tasks as maintaining antivirus protection and
network firewalls, as well as staying up to date with all published security fixes and system patches.
User education is probably the most important and most difficult aspect of preventing data loss.
Nothing else will prevent users from making mistakes that jeopardize data security.

23
Questions
1. __________ is temporary, while data loss may be permanent.
a. Data transmission
b. Data processing
c. Data storage
d. Data unavailability
2. __________ is the process of salvaging data from being damaged or corrupted.

a. Data recovery
b. Data transmission
c. Data processing
d. Data unavailability
3. Which of the following is/are involved in the most common data recovery scenario?
a. disk-level failure
b. operating system failure
c. deleted files
d. hard disk failure
4. Successful recovery from a data loss generally requires an effective backup strategy but
without a backup strategy, what does the recovery require?
a. Repairing the file system or partition
b. Replacement on a damaged disk
c. Reinstallation of programs and regeneration of data
d. Mount the system drive and backup disks

24
5. Although the probability is small, what is the only way to recover from data loss due to a
natural disaster?
a. Mount the system drive and backup disks
b. Store backup data in a physically separate location
c. Simply delete its entry in the file system index
d. Backup a file manager or optical disc authoring software
6. 25% of data loss is due to what event?

a. beyond user control
b. natural disaster
c. lack of data backups
d. system failures

Chapter 2

Objectives

To have a grasp about data loss prevention
To distinguish data loss from data leakage
Data Loss Prevention
Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or
critical information outside the corporate network. The term is also used to describe software
products that help a network administrator control what data end users can transfer. It is the
process and methodology to detect and prevent the unauthorized transmission or disclosure of
sensitive information. Data loss prevention refers to systems in place to protect the security of
data. Preventing data loss will be key to every organization. Policies and systems will often be put
in place to identify and monitor data in order to detect and prevent issues from arising. Such issues
could cause data loss.
DLP is the practice of detecting and preventing confidential data from being leaked out of
an organizations boundaries for unauthorized use. It also refers to a class of applications and
appliances aimed at identifying sensitive information in an IT system and preventing them from
leaking out. Data may be physically or logically removed from the organization either intentionally
25
26
or unintentionally.
Data and information filtering, leak prevention and detection will aim to avoid costly and
detrimental data loss occurrences. Data loss breaches can be illegal, costly and can cause damage
to your reputation. Data loss prevention is therefore often high on company agendas, if not
compulsory for best practice.
Adoption of DLP is being driven by insider threats and by more rigorous state privacy laws, many
of which have stringent data protection or access components.
DLP software products use business rules to examine file content and tag confidential and critical
information so that users cannot disclose it. The software can be useful for identifying and tagging
well-defined content but tends to fall short when an administrator is trying to identify other
sensitive data such as intellectual property. To implement enterprise DLP software successfully,
personnel from all levels of management need to be actively involved in creating the business
rules for tags.
Once DLP software tools have been deployed, an end user who accidentally or maliciously attempts
to disclose confidential information thats been tagged will be denied. In addition to being able
to monitor and control endpoint activities, DLP tools can also be used to filter data streams on the
corporate network and protect data at rest.
The first part in understanding DLP is figuring out what were actually talking about. The following
names are all being used to describe the same market:

Data Loss Prevention/Protection
Data Leak Prevention/Protection
Information Loss Prevention/Protection

27

Information Leak Prevention/Protection
Extrusion Prevention
Content Monitoring and Filtering
Content Monitoring and Protection
DLP seems to be the most common term, and while its life is probably limited, we will use this term
in the remainder of this course for simplicity.
Over the last few years, companies in every industry sector around the globe have seen their
sensitive internal data lost, stolen or leaked to the outside world. A wide range of high-profile
data loss incidents have cost organizations millions of dollars in direct and indirect costs and have
resulted in tremendous damage to brands and reputations. Many different types of incidents have
occurred, including the sale of customer account details to external parties and the loss of many
laptops, USB sticks, backup tapes and mobile devices, to name just a few. The vast majority of these
incidents resulted from the actions of internal users and trusted third parties, and most have been
unintentional.
As data is likely one of your organizations most valuable assets, protecting it and keeping it out
of the public domain is of paramount importance. In order to accomplish this, a number of DLP
controls must be implemented, combining strategic, operational and tactical measures.
However, before DLP controls can be effectively implemented, your organization must understand
the answer to these three fundamental questions:
1. What sensitive data do you hold?
2. Where does your sensitive data reside, both internally and with third parties?
3. Where is your data going?

28
Data Loss Prevention - Common Themes

In the data loss assessments that were performed, common and recurring root causes for data
loss have become evident. These themes often capture the reasons data loss occurs, specifically
unintentional data loss.

People
Process
Technology
People

Lack of awareness
Employees do not clearly understand or feel accountable for the protection of sensitive data.
Lack of accountability
Training and awareness programs do not focus enough on protecting sensitive data, appropriate
use of email and the Internet, use of security tools such as file encryption and each employees
personal responsibility for complying with information security/data protection policies.
Lack of user responsibility for their actions

Employees feel that there is no risk involved in breaking the rules (i.e., no one is watching so I
will not get caught).
Process

Lack of data usage policies/guidance

Data protection, data classification, and acceptance use policies that do not clearly articulate:
The controls that should be implemented for securely sending sensitive data to third

29
parties
Whether employers may send sensitive data to home computers and personal email
accounts
The specific data that is considered sensitive and requires data protection controls

Lack of data transmission procedures

Process owners have not assessed their methods in which sensitive data is shared with third
parties to evaluate information security risks.
Lack of data usage monitoring

Without ongoing DLP monitoring program, policy violators cannot be identified efficiently
and the success of policy communications, training, and awareness programs and technical
controls is not measurable.
Technology

Lack of flexibility in remote connectivity

Current remote access tools are not flexible enough to support the business, resulting in
users employing alternative approaches, such as emailing documents to their personal email
accounts, to enable working from home and remote locations.
No content-aware DLP tools

Content-aware email encryption tools are not effectively used to automatically require
encryption of emails containing sensitive data such as account numbers.
Lack of secure communication platforms

Secure links between the company and its third parties are not in place to enable encrypted
email or other secure transmission methods.

30
At the heart of DLP is a combination of people, processes, and technology. These elements should
work together to help ensure data is utilized in its intended manner.
Need
There are certain types of information that are best kept within the confines of your company.
When left in the open, personal information of clients and employees can lead to identity theft.
Leaked trade secrets and financial information, on the other hand, can benefit competitors and
drive investors away. But with the security breach incidents we read about in the news every single
day, we know that preventing data loss is no easy task.
A solution is needed that can quickly scan the system for sensitive information and prevent all that
information from falling into the wrong hands. With hundreds of gigabytes or even terabytes to
scan, it is essential for the solution to be intelligent enough to avoid too many false-positives or
false-negatives. This is the type of gargantuan task where youll need to deploy DLP.

31
Risks
Threats of data loss from internal users have always been a risk. To sum up the changing landscape
and increasing risk:
1. There are now many more ways data can leave an organization.
2. Storage is cheap. Many gigabytes of data can walk out of the door on an employees keychain
or smartphone or be sent through online systems such as Drop box.
3. Data is everywhere. Decentralized systems and work collaboration tools make it much more
difficult for organizations to track and control information within the business.
4. The most recent generation of workers to join companies has grown up with openness and
information sharing as a cultural norm.
5. Data has value in the real world, including from seemingly legitimate sources.
6. It is easier than ever for data to cross borders, and demand for sensitive information is coming
from all over the world as companies try to gain competitiveness in the global marketplace.
7. The sheer volume of data is increasing as never before.
Common Data Loss

Common areas where data is lost:

Email
Webmail
Instant messaging
File transfer protocol
Blogs
Social media
Web pages
Removable media

32
Cameras
Hard copy
Data Loss Prevention vs. Data Leakage

The Data Leakage problem can be defined as any unauthorized access of data due to an improper
implementation or inadequacy of a technology, process, or a policy.
The unauthorized access described above can be the result of a malicious, intentional, inadvertent
data leakage, or a bad business/technology process from an internal or external user.

33
Questions
1. What does DLP stand for?
a. Data Link Processor
b. Data loss prevention
c. Digital Light Processor
d. Desktop Link Protocol
2. It is the process and methodology to detect and prevent the unauthorized transmission or
disclosure of sensitive information.
a. DLP
b. DLB
c. Data loss assessment
d. Data information filtering
3. Which of the following processes will aim to avoid costly and detrimental data loss
occurrences?
a. Filtering
b. Leak prevention
c. Detection
d. All of the above
4. There are themes that often capture the reasons dataloss occurs, specifically unintentional
data loss. Which theme do the employees not clearly understand or feel accountable for the
protection of sensitive data?
a. Lack of accountability
b. Lack of awareness
c. Lack of user responsibility
d. Lack of flexibility

34
5. In which of the following themes does process owners have not assessed their methods in
which sensitive data is shared with third parties to evaluate information security risks.
a. Lack of user responsibility
b. Lack of data usage monitoring
c. Lack of data transmission procedures
d. Lack of secure communication platforms
6. In this theme, the content-aware email encryption tools are not effectively used to
automatically require encryption of emails containing sensitive data.
a. No content-aware DLP tools
b. Lack of flexibility in remote connectivity
c. Lack of date usage policies
d. Lack of data transmission procedures

Chapter 3

Objectives

To be aware of the different categories of data
To discover the data lifecycle in the context of data loss prevention
Data Loss Prevention - Categories

The data leakage incidents can be divided into the following categories:

Standard security measures
Advanced/intelligent security measures
Access control and encryption
Designated DLP systems
Standard security measures

Firewalls, intrusion detection systems (IDSs), and antivirus software are commonly available
mechanisms that guard computers against outsider as well as insider attacks. The use of firewall,
for example, limits the access of outsiders to the internal network, and an intrusion detection
system detects intrusion attempts by outsiders. Inside attacks can be diverted through antivirus
scans that detect Trojan horses installed on PCs, which send confidential information, and by the
use of thin clients, which operate in a client-server architecture with no personal or sensitive data
stored on a clients computer.
Advanced security measures
35
36
Advanced security measures employ machine learning and temporal reasoning algorithms for
detecting abnormal access to data (i.e. databases or information retrieval systems) or abnormal
e-mail exchange, honeypots for detecting authorized personnel with malignant intentions, and
activity-based verification (e.g. recognition of keystrokes dynamics) for detecting abnormal access
to data.
Designated DLP solutions

These solutions detect and prevent unauthorized attempts to copy or send sensitive data,
intentionally or unintentionally, without authorization, mainly by personnel who are authorized to
access the sensitive information. In order to classify certain information as sensitive, these solutions
use mechanisms such as exact data matching, structured data fingerprinting, statistical methods,
rule and regular expression matching, published lexicons, conceptual definitions, and keywords.
Data Lifecycle
From a data loss perspective, the industry has adopted three standard terms related to the states
in the data lifecycle:

37
Network DLP (a.k.a. Data in Motion (DiM)
Data in Motion is a software or hardware solution that is installed at network egress points near
the perimeter. It analyzes network traffic to detect sensitive data that is being sent in violation of
information security policies.
Data in Motion is data that is being transmitted over a network. The biggest threats to Data in Motion
are interception and alteration. Your user name and password should never be transmitted over a
network without protection as it could be intercepted and used by someone else to impersonate
you or gain access to sensitive information. Other private information such as bank account
information should also be protected when transmitted across a network. If the network session
was encrypted then you would not have to worry as much about the data being compromised
while it is being transmitted.
Data in Motion is particularly vulnerable to attackers because the attacker does not have to be
near the computer in which the data is being stored, rather they only have to be somewhere along
the path. Encryption tunnels can protect data along the path of communications.
Endpoint DLP (a.k.a. Data in Use (DiU)

Data in Use is active data that is subject to frequent change (e.g. operational databases).
Such systems run on end-user workstations or servers in the organization. Like network-based
systems, endpoint-based can address internal as well as external communications, and can
therefore be used to control information flow between groups or types of users (e.g. Chinese
walls). They can also control e-mail and Instant Messaging communications before they are
stored in the corporate archive, such that a blocked communication (i.e. one that was never sent,
and therefore not subject to retention rules) will not be identified in a subsequent legal discovery
situation. Endpoint systems have the advantage that they can monitor and control access to
physical devices (such as mobile devices with data storage capabilities), and in some cases can
38
access information before it has been encrypted. Some endpoint-based systems can also provide
application controls to block attempted transmissions of confidential information, and provide
immediate feedback to the user. They have the disadvantage that they need to be installed on
every workstation in the network, cannot be used on mobile devices (e.g. cell phones and PDAs),
or where they cannot be practically installed (for example, on a workstation in an internet caf).
Data at Rest
Data at Rest is inactive and unchanging data (e.g. archives).
Data at Rest specifically refers to old archived information that is stored on either a client PC hard
drive, on a network storage drive or remote file server, or even data stored on a backup system
such as a tape or CD media. This information is of great concern to businesses and government
institutions simply because the longer data is left unused in storage, the more likely it might be
retrieved by unauthorized individuals outside the network.
Data at Rest is data that is stored on a hard drive, tape, CD, DVD, disk, or other media. This
informations biggest threat comes from being physically stolen. Laptops in airports, CDs going
through the mail, and backup tapes that get left behind in the wrong places are all examples of
events where data can be compromised through theft. If the data was encrypted on the media,
then you wouldnt have to worry as much about the data being compromised.
Data at Rest is a term that is sometimes used to refer to all data in computer storage while
excluding data that is traversing a network or temporarily residing in computer memory to be read
or updated. Data at Rest can be archival or reference files that are changed rarely or never; Data
at Rest can also be data that is subject to regular but not constant change. Examples include vital
corporate files stored on the hard drive of an employees notebook computer, files on an external
backup medium, files on the servers of a storage area network (SAN), or files on the servers of an
offsite backup service provider.
39
Often I see people talk about the two obvious pieces: Data at Rest and Data in Motion. These are
pretty obvious. Data at Rest deals much with access permissions and encryption. Data in Motion
deals with encryption of the channel over which data is transmitted.
But there is more. What about Data in Use? Can your users print, copy, move, and otherwise twiddle
the data they have access to? No amount of the first two pieces will stop that sales executive from
making his mistake. Can they open a document and recite the numbers to someone over the
phone or take photos of it? Yes, tough if not impossible to fully stop, but a concern nonetheless?
(Yes, it is arguable whether we should spend time thinking about the unfixable.)
Data Lifecycle - Data in Motion

Data in Motion (Network DLP)
Data in Motion is data that is in transit, flowing across internal networks and to the outside world
(i.e. data on the wire and in the air).
Data in Motion, or network DLP, is data that is being transmitted over a network. The biggest threats
to Data in Motion are interception and alteration. Your user name and password should never be
transmitted over a network without protection as it could be intercepted and used by someone
else to impersonate you or gain access to sensitive information. Other private information, such
as bank account information, should also be protected when transmitted across a network. If the
network session was encrypted then you would not have to worry as much about the data being
compromised while it is being transmitted.
Data in Motion is particularly vulnerable to attackers because the attacker does not have to be
near the computer in which the data is being stored rather they only have to be somewhere along
40
the path. Encryption tunnels can protect the data along the path of communications.
It is typically a software or hardware solution that is installed at network egress points near the
perimeter. It analyzes network traffic to detect sensitive data that is being sent in violation of
information security policies.
Data in Use
Data in Use (Endpoint DLP)
Data in Use is data that is being accessed or used by a system at a point in time. It is active data
subject to frequent change. Examples include data in temporary memory on a local machine, an
open report or a running query on a workstation, an e-mail that has been drafted but not sent, a
file being copied to a USB drive, and data being copied and pasted from one local document to
another.
Such systems run on end-user workstations or servers in the organization. Like network-based
systems, endpoint-based can address internal as well as external communications, and can
therefore be used to control information flow between groups or types of users. They can also
control e-mail and Instant Messaging communications before they are stored in the corporate
archive, such that a blocked communication will not be identified in a subsequent legal discovery
situation.
Endpoint systems have the advantage that they can monitor and control access to physical devices,
and in some cases can access information before it has been encrypted. Some endpoint-based
systems can also provide application controls to block attempted transmissions of confidential
information, and provide immediate feedback to the user. They have the disadvantage that they
need to be installed on every workstation in the network, cannot be used on mobile devices or

41
where they cannot be practically installed (for example, on a workstation in an internet caf).
Data at Rest
Data at Rest
Data at Rest is a term that is sometimes used to refer to all data in computer storage while
excluding data that is traversing a network or temporarily residing in computer memory to be read
or updated. Data at Rest can be archival or reference files that are changed rarely or never; Data
at Rest can also be data that is subject to regular but not constant change. Common components
containing Data at Rest are servers, databases, file shares, internet sites, workstations, laptops,
mobile devices, portable storage, backup tapes, and removable media. Data at Rest can also be
stored externally with third parties or through external extensions of the IT infrastructure such as
cloud storage.
Data at Rest specifically refers to old archived information that is stored on either a client PC hard
drive, on a network storage drive or remote file server, or even data stored on a backup system
such as a tape or CD media. This information is of great concern to businesses and government
institutions simply because the longer data is left unused in storage, the more likely it might be
retrieved by unauthorized individuals outside the Network.
Data at Rest is data that is stored on a hard drive, tape, CD, DVD, disk, or other media. This
informations biggest threat comes from being physically stolen. Laptops in airports, CDs going
through the mail, and backup tapes that get left behind in the wrong places are all examples of
events where data can be compromised through theft. If the data was encrypted on the media
then you wouldnt have to worry as much about the data being compromised.

42
Terminology - Data Breach

A data breach is the intentional or unintentional release of secure information to an untrusted
environment. Other terms for this phenomenon include unintentional information disclosure,
data leak, and also data spill. Incidents range from concerted attack by black hats with the backing
of organized crime or national governments, to careless disposal of used computer equipment or
data storage media.
A data breach is a security incident in which sensitive, protected, or confidential data is copied,
transmitted, viewed, stolen, or used by an individual unauthorized to do so. Data breaches may
involve financial information such as credit card or bank details, personal health information (PHI),
personally identifiable information (PII), trade secrets of corporations, or intellectual property.
According to the nonprofit consumer organization Privacy Rights Clearinghouse, a total of
227,052,199 individual records containing sensitive personal information were involved in security
breaches in the United States between January 2005 and May 2008, excluding incidents where
sensitive data was apparently not actually exposed.
Data breach may be incidents such as theft, or loss of digital media such as computer tapes, hard
drives, or laptop computers containing media upon which information is stored unencrypted.
Other examples include posting information on the worldwide web or on a computer that is
otherwise accessible via the Internet without proper information security precautions, as well
as transfer of information to a system that is not completely open, but is not appropriately or
formally accredited for security at the approved level, such as unencrypted e-mails or transfer of
information to the information systems of a possibly hostile agency (i.e. a competing corporation
or a foreign nation) where it may be exposed to more intensive decryption techniques.

43
Information Security
Information security is the practice of defending information from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection, recording, or destruction. It is a general
term that can be used regardless of the form the data may take (electronic, physical, etc.). For the
individual, information security has a significant effect on privacy, which is viewed very differently
in different cultures.
The field of information security has grown and evolved significantly in recent years. There are, in
fact, many ways of gaining entry into the field as a career. It offers many areas for specialization
including: securing network(s) and allied infrastructure, securing applications and databases,
security testing, information systems auditing, business continuity planning and digital forensics,
etc.
Security Awareness
Security awareness refers to the knowledge and attitude that members of an organization possess
regarding the protection of the physical and, most especially, the information assets of that
organization. Many organizations require formal security awareness training for all workers when
they join the organization and periodically thereafter, usually annually.
Having security awareness means you understand that there is the potential for some people to
deliberately or accidentally steal, damage, or misuse the data that is stored within a companys
computer systems and throughout its organization. Therefore, it would be prudent to support the
assets of the institution by trying to prevent that from happening.

44
Questions
1. This solution detects and prevents unauthorized attempts to copy or send sensitive data.
a. Advanced security measures
b. Standard security measures
c. Designated DLP solutions
d. Data in Motion
2. __________ is particularly vulnerable to attackers because the attacker does not have to be
near the computer in which the data is being stored, rather they only have to be somewhere
along the path.
a. Data in Use
b. Data at Rest
c. Data in Motion
d. Endpoint DLP
3. What is the advantage of Endpoint systems?

a. They can monitor and control access to physical devices
b. They can provide application controls to block attempted transmissions of confidential
information
c. They can access information before it has been encrypted
d. All of the above
4. __________ can also be data that is subject to regular but not constant change.
a. Data at Rest
b. Data in Use
c. Data in Motion
d. Data breach

45
5. __________ is a security incident in which sensitive, Protected, or confidential data is copied
or used by an individual unauthorized to do so.
a. Data in Use
b. Data in Motion
c. Data breach
d. Data at Rest
6. __________ refers to the knowledge and attitude that members of an organization

possess regarding the protection of the physical and, especially, information assets of that
organization.
a. Security awareness
b. Computer security
c. Preventive controls
d. Risk awareness

Chapter 4
Computer Security
Objectives

To have an overview about Computer Security
To identify the threats of Computer Security
To know how to improve Computer Security
Computer Security
Computer Security is information security as applied to computers and networks.
The field covers all the processes and mechanisms by which computer-based equipment,
information, and services are protected from unintended or unauthorized access, change, or
destruction. Computer Security also includes protection from unplanned events and natural
disasters.
One way to think of Computer Security is to reflect security as one of the main features.
46
One way to think of Computer Security is to reflect security as one of the main features. Some of
the techniques in this approach include:

The principle of least privilege, where each part of the system contains only the privileges
needed for its function. That way, even if an attacker gains access to that part, they only have
limited access to the whole system.
Automated theorem proving to prove the correctness of crucial software subsystems.
Code reviews and unit testing are approaches to make modules more secure where formal
correctness proofs are not possible.
Defense in depth, where the design is such that more than one subsystem needs to be violated
to compromise the integrity of the system and the information it holds.
Default secure settings and design to fail secure rather than fail insecure. Ideally, a secure
system should require a deliberate, conscious, knowledgeable, and free decision on the part of
legitimate authorities in order to make it insecure.
Audit trails tracking system activity, so that when a security breach occurs, the mechanism and
extent of the breach can be determined. Storing audit trails remotely, where they can only be
appended to, and can keep intruders from covering their tracks.
Full disclosure to ensure that when bugs are found, the window of vulnerability is kept as
short as possible.
Computer Security - Secure OS

One use of the term Computer Security refers to technology to implement a secure operating
system. Much of this technology is based on science developed in the 1980s and used to produce
what may be some of the most impenetrable operating systems ever.
Though still valid, the technology is in limited use today, primarily because it imposes some
changes to system management and also because it is not widely understood. Such ultra-strong
secure operating systems are based on operating system kernel technology that can guarantee
47
48
that certain security policies are absolutely enforced in an operating environment. An example of
such a Computer Security policy is the BellLaPadula model.
The BellLaPadula Model (abbreviated BLP) is a state machine model used for enforcing access
control in government and military applications. It was developed to formalize the U.S. Department
of Defense (DoD) multilevel security (MLS) policy. The model is a formal state transition model of
Computer Security policy that describes a set of access control rules which use security labels on
objects and clearances for subjects. Security labels range from the most sensitive, down to the least
sensitive. The BellLaPadula model is an example of a model where there is no clear distinction of
protection and security.
The strategy is based on a coupling of special microprocessor hardware features, often involving
the memory management unit, to a special correctly implemented operating system kernel. This
forms the foundation for a secure operating system which, if certain critical parts are designed and
implemented correctly, can ensure the absolute impossibility of penetration by hostile elements.
This capability is enabled because the configuration not only imposes a security policy, but in
theory completely protects itself from corruption. Ordinary operating systems, on the other hand,
lack the features that assure this maximal level of security. The design methodology to produce
such secure systems is precise, deterministic, and logical.
Systems designed with such methodology represent the state of the art of Computer Security,
although products using such security are not widely known. In sharp contrast to most kinds of
software, they meet specifications with verifiable certainty comparable to specifications for size,
weight, and power. Secure operating systems designed this way are used primarily to protect
national security information, military secrets, and the data of international financial institutions.
These are very powerful security tools and very few secure operating systems have been certified
at the highest level (Orange Book A-1) to operate over the range of Top Secret to unclassified
(including Secure Communications Processor or SCOMP, U.S. Air Forces Strategic Air Command
Digital Information Network, U.S. National Security Agencys Blacker and the Boeing Multi-level

49
Security Local Area Network or better known as the MLS LAN). The assurance of security depends
not only on the soundness of the design strategy, but also on the assurance of correctness of
the implementation, and therefore there are degrees of security strength defined for Computer
Security.
The Common Criteria quantifies security strength of products in terms of two components, security
functionality and assurance level (such as EAL levels), and these are specified in a Protection Profile
for requirements and a Security Target for product descriptions. None of these ultra-high assurance
and secure general-purpose operating systems have been produced for decades or certified under
Common Criteria.
In the U.S. parlance, the term High Assurance usually suggests that the system has the right
security functions that are implemented robustly enough to protect DoD- and DoE-classified
information. Medium assurance suggests it can protect less valuable information such as income
tax information. Secure operating systems that were designed to meet medium robustness levels of
security functionality and assurance have seen wider use within both government and commercial
markets. Medium robust systems may provide the same security functions as high-assurance
secure operating systems, but do so at a lower assurance level (such as Common Criteria levels
Evaluation Assurance Level 4 or Evaluation Assurance Level 5). Lower levels mean less certainty
that the security functions are implemented flawlessly, and are therefore less dependable. These
systems are found in use on web servers, guards, database servers, and management hosts, and
are used not only to protect the data stored on these systems but also to provide a high level of
protection for network connections and routing services.

50
Importance
Computer Security is the process of preventing and detecting unauthorized use of your computer.
Prevention measures help you to stop unauthorized users (also known as intruders) from
accessing any part of your computer system. Detection helps you to determine whether or not
someone attempted to break into your system, if they were successful, and what they may have
done.
We use computers for everything, from banking and investing to shopping and communicating
with others through email or chat programs. Although you may not consider your communications
top secret, you probably do not want strangers reading your email, using your computer to attack
other systems, sending forged email from your computer, or examining personal information
stored on your computer (such as financial statements).
Intruders may not care about your identity. Often, they want to gain control of your computer so
they can use it to launch attacks on other computer systems.
Having control of your computer gives them the ability to hide their true location as they launch
attacks, often against high-profile computer systems such as government or financial systems.
Even if you have a computer connected to the Internet for the simple purpose of playing the latest
games or to send email to friends and family, your computer may still be a target.
Intruders may be able to watch all your actions on the computer, or cause damage to your computer

51
by reformatting your hard drive or changing your data.
Unfortunately, intruders are always discovering new vulnerabilities to exploit in computer

software. The complexity of software makes it increasingly difficult to thoroughly test the security
of computer systems.
Also, some software applications have default settings that allow other users to access your
computer unless you change the settings to be more secure. Examples include chat programs that
let outsiders execute commands on your computer or web browsers that could allow someone to
place harmful programs on your computer that run when you click on them.
Computer Security is an increasingly important consideration. From authentication to encryption

keys, learn how to keep your computers hard drive protected and your personal information safe.
Computer Security Threats

Computer Security threats are relentlessly inventive. Masters of disguise and manipulation, these
threats constantly evolve to find new ways to annoy, steal, and harm. Arm yourself with information
and resources to safeguard against complex and growing Computer Security threats and stay safe
online.
Computer Virus Threats

Perhaps the most well-known Computer Security threat is a computer virus. It is a program written
to alter the way a computer operates, without the permission or knowledge of the user. A virus
replicates and executes itself, usually doing damage to your computer in the process. Learn how
to combat computer virus threats and stay safe online.

52
Spyware Threats
A serious Computer Security threat, spyware is any program that monitors your online activities or
installs programs without your consent for profit or to capture personal information.
Hackers and Predators

People, not computers, create Computer Security threats and malware. Hackers and predators are
programmers who victimize others for their own gain by breaking into computer systems to steal,
change, or destroy information as a form of cyberterrorism.
Phishing Threats
Masquerading as a trustworthy person or business, phishers attempt to steal sensitive financial or
personal information through fraudulent email or instant messages.
Improving Computer Security

Ways to Improve on Computer Security:
1. Connect to a Secure Network
Information flows from the Internet to your home network by first coming into your modem,
then to your router, which most people have, and finally to your computer. Because your
modem doesnt have security settings, its crucial to secure your routerthe first securable
device that receives information from the Internet. Be sure to secure it before you connect
to the Internet to improve your computers security. If you dont have a router, contact your
service provider to learn how you can best secure your network.

53
2. Enable and Configure a Firewall
A firewall is a device that controls the flow of information between your computer and the
Internet, similar to a router. Most modern operating systems include a software firewall. In
addition to the operating systems firewall, the majority of home routers have a firewall built
in. Refer to your Users Guide for instructions on how to enable your firewall. Once your firewall
is enabled, consult the Users Guide to learn how to configure the security settings and set a
strong password to protect it against unwanted changes.
3. Install and Use Antivirus and Antispyware Software

Installing an antivirus and antispyware software programs and keeping it up to date is a
critical step in protecting your computer. Many types of antivirus and antispyware software
can detect the possible presence of malware by looking for patterns in the files or memory
of your computer. This software uses virus signatures provided by software vendors to look
for malware. New malware is discovered daily, and vendors frequently make new signatures
available, so antivirus software will be most effective if the signatures are up to date. Many
antivirus and antispyware programs offer automatic updating. Enable that feature so your
software always has the most current signatures. If automatic updates arent offered, be sure to
install the software from a reputable source, like the vendors website or a CD from the vendor.
4. Secure Your Web Browser

Web browsers installed on new computers usually dont have secure default settings.
Securing your browser is another critical step in improving your computers security because
an increasing number of attacks take advantage of web browsers. Before you start surfing the
Internet, secure your browser by doing the following:

54

Disable mobile code (i.e. Java, JavaScript, Flash, and ActiveX) on websites youre not familiar
with or dont trust. While disabling these types of code on all sites will significantly reduce your
risk of being attacked, the websites you visit may not function as they normally do.
Disable the option to always set cookies. A cookie is a file placed on your computer that stores
website data. Attackers may be able to log onto a site youve visited (like a banking site) by
accessing the cookie with your login information. To prevent that, configure the browser to ask
for permission before setting a cookie, allow cookies for sessions only, and disable features that
keep you logged in to a site or that retain information youve entered, such as text you type
into forms and the search bar.
If youre using Internet Explorer, set the security levels for trusted sites (websites you most often
visit and trust) to the second highest level. At the highest level, websites may not function
properly.
5. Use Good Security Practices

You can do some simple things to improve your computers security. Some of the most
important to keep in mind are:

Use caution with email attachments and untrusted links. Malware is commonly spread
by people clicking on an email attachment or a link that launches the malware. Dont open
attachments or click on links unless youre certain theyre safe, even if they come from a person
you know. Some malware sends itself through an infected computer. While the email may
appear to come from someone you know, it really came from a compromised computer. Be
especially wary of attachments with sensational names, emails that contain misspellings, or
emails that try to entice you into clicking on a link or attachment (e.g. an email with a subject
that reads, Hey, you wont believe this picture of you I saw on the Internet!).
Use caution when providing sensitive information. Some email or web pages that appear to
come from a legitimate source may actually be the work of an attacker. An example is an email
claiming to be sent from a system administrator requesting your password or other sensitive
information or directing you to a website requesting that information. While Internet service
providers may request that you change your password, they will never specify what you should
change it to or ask you what it is.
Create strong passwords. Passwords that have eight or more characters, use a variety of
55
uppercase and lowercase letters, and contain at least one symbol and number, are best.
Dont use passwords that people can easily guess like your birthday or your childs name. The
longer and more complex a password is, the harder these tools have to work to crack it. Also,
when setting security verification questions, choose questions for which it is unlikely that an
Internet search would yield the correct answer.

56
Questions
1. __________ is a state machine model used for enforcing access control in government and
military applications.
a. DLP
b. BellLaPadula
c. Multilevel security
d. Masquerading
2. The Common Criteria quantifies security strength of products in terms of how many
components?
a. five
b. four
c. two
d. three
3. In the U.S. parlance, what does the term High Assurance usually suggests?
a. It can protect less valuable information, such as income tax information
b. These are very powerful security tools and very few secure operating systems have
been certified at the highest level
c. The system has the right security functions that are implemented robustly enough to
protect DoD- and DoE-classified information
d. It helps you to determine whether or not someone attempted to break into your
system
4. What is the most well-known Computer Security threat?

a. Spyware Threats
b. Computer virus threat
c. Hackers
d. Predators
57
5. Which of the following must be done before surfing the Internet to secure your browser?
a. Set the security levels for trusted sites to the second highest level
b. Disable options to always set cookies
c. Disable Java , Flash and other mobile codes
d. All of the above
6. __________ is commonly spread by people clicking on the email attachment or a link that
launches it.
a. Malware
b. Phishing
c. Spyware
d. Masquerading

Chapter 5
Cloud Security
Objectives

To have an overview on cloud security
To understand the issues and controls of cloud security
To identify the key issues on cloud security
Cloud Security
Cloud computing security (sometimes referred to simply as cloud security) is an evolving subdomain of computer security, network security, andmore broadlyinformation security. It
refers to a broad set of policies, technologies, and controls deployed to protect data, applications,
and the associated infrastructure of cloud computing.
Cloud security is not to be confused with security software offerings that are cloud-based (a.k.a.
security-as-a-service).
58
Security Issues
There are a number of security issues and concerns associated with cloud computing, but these
issues fall into two broad categories: security issues faced by cloud providers (organizations
providing software-, platform-, or infrastructure-as-a-service via the cloud) and security issues
faced by their customers. In most cases, the provider must ensure that their infrastructure is secure
and that their clients data and applications are protected, while the customer must ensure that the
provider has taken the proper security measures to protect their information.
The extensive use of virtualization in implementing cloud infrastructure brings unique security
concerns for customers or tenants of a public cloud service. Virtualization alters the relationship
between the OS and underlying hardware, be it computing, storage, or even networking. This
introduces an additional layervirtualizationthat itself must be properly configured, managed,
and secured. Specific concerns include the potential to compromise the virtualization software, or
hypervisor. While these concerns are largely theoretical, they do exist. For example, a breach in
the administrator workstation with the management software of virtualization software can cause
the whole datacenter to go down or reconfigured to the attackers liking.
Security Controls
Cloud security architecture is only effective if the correct defensive implementations are in place.
An efficient cloud security architecture should recognize the issues that will arise with security
management. The security management addresses these issues with security controls. These
controls are put in place to safeguard any weaknesses in the system as well as reduce the effect
of an attack. While there are many types of controls behind a cloud security architecture, they can
usually be found in one of the following categories:
59
60
Detective Controls
Detective controls are used to detect any attacks that may be inflicting the system. In the event of
an attack, the detective control will signal the preventative or corrective controls to address the
issue.
Deterrent Controls
These controls are set in place to prevent any purposeful attack on a cloud system. Much like a
warning sign on a fence or a property, these controls do not reduce the actual vulnerability of a
system.
Deterrent Controls are difficult to quantify. The goal of a deterrent control is to reduce the likelihood
of a vulnerability being exploited without actually reducing the exposure. While this doesnt sound
like an effective approach straight off the bat, these controls are important when combined with
other types of security controls.
Large financial organizations typically reinforce what users should expect from them in every
outbound communication. Statements like We will never ask you for your password and We will
never include a hyperlink in an email will be plastered over every email, letter, and message box
they can put in front of their customers. The goal being to govern their customers expectations
on what they should and should not expect to receive from them and therefore, help customers
identify phishing emails and other scams.
Ultimately the goal is to reduce the likelihood that a phishing attack, which is completely outside
the control of the target company, is successful by increasing the awareness of its customers.
Quantifying the likelihood of something like this working is extremely difficult, particularly when
the customer base is large. When the target users are actual staff members, various policies and
61
procedures can be put in place to help quantify these things and assess how successful these
Deterrent Security Controls have been.
The U.S. Department of Justice regularly sends out elaborate phishing emails to their staff to
both determine the success of their internal security awareness programs and also as a means to
educate their staff.
Similarly, for internal facing threats, including blacklists of known malware sites and so forth can
reduce the likelihood of the staff being exposed to these kinds of threats.
Preventative Controls
These controls upgrade the strength of the system by managing the vulnerabilities. The
preventative control will safeguard vulnerabilities of the system. If an attack were to occur, the
preventative controls are in place to cover the attack and reduce the damage and violation to the
systems security.
Preventative Controls are the most desirable as it stops problems from occurring. It includes
standards, training, segregation of duties, authorization, forms design, pre-numbered forms,
documentation, passwords, consistency of operations, etc.
Corrective Controls
Corrective controls are used to reduce the effect of an attack. Unlike the preventative controls, the
corrective controls take action as an attack is occurring. It assists individuals in the investigation
and correction of causes of exposures that have been detected.

62
Dimensions
Dimensions of Cloud Security
Correct security controls should be implemented according to asset, threat, and vulnerability
risk-assessment matrices. While cloud security concerns can be grouped into any number of
dimensions ,these dimensions have been aggregated into three general areas: Security and
Privacy, Compliance, and Legal or Contractual Issues.
Key Security Issues

As were adopting cloud computing, we are more aware of the security concerns it raises rather
than the issues created by other large-scale technologies adopted in the past. This is a wonderful
thing! But security nirvana has not yet been achieved. While theres still plenty of room for cloud
providers to improve, many aspects of cloud security must be the responsibility of the consumer.
There are five security-related issues with cloud computing that are critical to the success and
security of a cloud-based project, and these five issues are not always getting the full consideration
they deserve.
Internal clouds are not inherently secure.

In the past year, many organizations have foregone using public clouds, choosing instead to build
private clouds behind their firewalls. This may be the best solution for risk-averse groups.

63
These teams, however, need to understand that just because theyve built a cloud inside their
firewall doesnt mean that their solution is safe. It still takes just one bad apple to spoil the barrel: a
single department, user, or application that is not behaving as it should.
An organization that is risk-averse enough to avoid the public cloud should be building a secure
cloud; possibly, the company should be building its dream cloud, which contains all the security
controls that it thinks are missing from a public environment. Since the company physically owns
the private cloud, incident response can be very swift. Detection capabilities need to be cloudspecific and operational capabilities such as patch management must be sharp. A vulnerable
service thats in a cloud might have greater exposure and risk than the same service in a standard
server farm thanks to the shared nature of cloud resources.
Several vendors are now able to sell spare resources from a private cloud to other organizations.
Imagine this scenario: a risk-averse company builds an internal cloud, firewalled from the public
Internet. Theyve taken basic precautions, but havent really built security into their playbook. The
following year, the organizations budget shrinks, and management hears it can cover costs by
renting part of the companys cloud when its not in use. Maybe they understand the risk involved,
but decide to mitigate it at a contractual level.
This is not a farfetched scenario, and if one were looking for malicious entertainment, buying a few
hours time in an organizations internal cloud could provide interesting results.
Companies lack security visibility and risk awareness.

The paucity of security visibility that most providers offer their customers is itself getting plenty of
visibility. Obviously, when using a public cloud service, companies must balance the competing
factors of control, visibility, and cost. This can be a significant issue; reduced visibility results in
diminished situational awareness and a questionable understanding of risk. When planning a
move to the cloud, an organization needs to recognize this lack of visibility and determine how to
best leverage what insight they can get their hands on. This means designing mitigating controls.

64
At the infrastructure and platform levels, this is straightforward: log more information in your
applications and set systems up to generate alerts when signs of compromise or malicious use are
spotted (for example, when files are modified, records are changed more frequently than usual, or
resource usage is abnormally high). For software as a service (SaaS), however, these precautions
will require more thought.
SaaS providers are beginning to distinguish themselves via security features. Organizations vetting
SaaS providers should consider how they will handle risk awareness: does the provider offer usage
data that is granular enough to recognize changes in usage? (Monthly billing doesnt really cut it,
unless the risk scenario is a malefactor who only attacks on the 29th of the month.)
If a malicious user attempts to access data stored in the cloud, how will the company learn of this?
If sensitive data is modified or destroyed, is there a way for you to be notified quickly? Frequently,
providers will offer a wider variety of information via an application programming interface than
they do on their dashboard. While this does require obtaining a code written that can leverage the
API, modern APIs are usually easy to work with, and the information you gain as a result will be
valuable to risk-sensitive organizations.
It would be great to have a standardized API for gathering security information from a provider,
but as of current, none has been developed.
Sensitive information needs safer storage.

Safely storing sensitive information is one of the toughest problems in cloud computing. The
solution is to encrypt data, but the critical questions are where to encrypt and how.
The first requirement of successful encryption in the cloud, which some providers do not yet
understand is, do not store the encryption key with the encrypted data. Doing so more or less

65
negates any value gained from encrypting the data.
In current shared environments, one has yet to offer a virtual-machine solution that guarantees
the integrity of the guest environment. This means that a malicious program could be monitoring
the guests encryption-decryption logic, capturing both plain-text data and the encryption key.
If the application receives plain-text data and encrypts it in the cloud, theres no easy fix for this
right now other than running on bare metal: installing applications directly on the hard drive, not
in the OS.
Some businesses, however, dont encrypt in the cloud, but encode it before it reaches the cloud
service. This works in cases such as a company using a customer resource management system
only from its offices, or a business where all users either are at headquarters or virtual private
networks into headquarters before connecting to the cloud service.
Several companies make appliances (virtual or physical) that proxy data leaving an office on the
way to a cloud service, and encrypt or tokenize it before sending it to the cloud. This allows them
to use a cloud service without worrying about data loss, as long as they only intend to access the
cloud service from behind that appliance.
Apps arent secure.

Application security has been getting attention for years. One may consider that its importance
increases when an application is deployed to a cloud environment, as the application is more
exposed.
One of the biggest mistakes an organization can make is to take an existing application and simply

66
deploy it to a cloud without first considering what new attack vectors this move opens up.
When possible, an application should be re-architected for cloud deployment. This allows parts
of the application to scale independently, and to be more distributed and resilient. Its really an
opportunity to make an application more secure than ever. Forcing a development team to not
use the corporate firewall as a crutch will result in a solid application.
Application security can be a complicated topic, but here are certain things to keep in mind: never
trust user input and always encode output back to the user. Getting those two things right will
remove about 80% of application security issues.
After input and output are taken care of, next up is proper authentication and authorization.
These should be checked on every page or service request, not just upon initial login. Ideally,
any administrative functions are run through a separate application, so if a malicious user does
compromise an account, the most he can get is a single users data, not admin access.
The last big thing to consider is data encryption: for performance reasons, most organizations
dont want to encrypt all data, so the trick is to find the balance of encrypting enough sensitive
information so that if you get compromised, data cannot be pieced together to provide useful
identification.
Authentication and authorization must be more robust.

Of all the problems covered in this article, cloud authentication and authorization has the greatest
number of commercial solutions available. This does not mean the issue is easily solved, however.
Every organization has its own way to manage authentication and authorization.

67
First, it must determine if its current authentication system could also work in a secure and reliable
way for users in a cloud environment. If the answer is yes, the follow-up question is whether that is
also the best way to authenticate cloud services.
Also worth considering is the question, does every cloud service that the organization uses need
to be authenticated by the same system?
There is a lot of policy that a company must define to settle the issues of cloud authentication and
authorization.
Policy aside, any authentication system must be very flexible, whether it integrates with an
enterprises active directory or is standalone, security administrators must be able to easily
add support for new services, which may have different authentication schemes and group
memberships.
It is crucial that the authentication system fits into the companys aforementioned visibility plan.
Theres no reason not to know very quickly of a series of failed authentication attempts.

68
Questions
1. __________ alters the relationship between the OS and underlying hardware, be it
computing, Storage, or even networking.
a. Deterrent Controls
b. Virtualization
c. Detective Controls
d. Application
2. These controls upgrade the strength of the system by managing the vulnerabilities.
a. Preventative Controls
b. Detective Controls
c. Deterrent Controls
d. Corrective Controls
3. What is the first requirement of successful encryption in the cloud, which some providers do
not yet understand?
a. Never trust user input, and always encode output back to the user
b. Encrypt the cloud, but encode it before it reaches the cloud service
c. Do not store the encryption key with the encrypted data
d. All of the above
4. The __________ take action as an attack is occurring.

a. corrective controls
b. preventative controls
c. cloud security
d. application security

69
5. __________ are difficult to quantify.
a. Detective Controls
b. Preventive Controls
c. Corrective Controls
d. Deterrent Controls
6. In the event of an attack, the __________ will signal the preventative or corrective controls to
address the issue.
a. detective control
b. deterrent controls
c. cloud security
d. authentication system

Chapter 6
Solutions
Objectives

To distinguish between DLP features and DLP solutions
To know the things to be considered in DLP solutions
Data Loss Prevention Solutions

Data Loss Prevention (DLP) solutions both protect sensitive data and provide insight into the use
of content within the enterprise. Few enterprises classify data beyond that which is public and
everything else. DLP helps organizations better understand their data and improve their ability to
classify and manage content.
Point products may provide some DLP functionality, but tend to be more limited in either their
coverage or content analysis capabilities. This report will focus on comprehensive DLP suites, but
some organizations may find that a point solution is able to meet their needs.

The DLP market is also split between DLP as a feature and DLP as a solution. A number of products,
particularly email security solutions, provide basic DLP functions, but arent complete DLP solutions.
70
DLP Solutions
The difference is:

A DLP Product includes centralized management, policy creation, and enforcement workflow,
dedicated to the monitoring and protection of content and data. The user interface and
functionality are dedicated to solving the business and technical problems of protecting
content through content awareness.
DLP Features include some of the detection and enforcement capabilities of DLP products, but
are not dedicated to the task of protecting content and data.
This distinction is important because DLP products solve a specific business problem that may or
may not be managed by the same business unit or administrator responsible for other security
functions.
We often see non-technical users such as legal or compliance officers responsible for the protection
of content. Even human resources is often involved with the disposition of DLP alerts.
Some organizations find that the DLP policies themselves are highly sensitive or need to be
managed by business unit leaders outside of security. DLP is dedicated to a clear business problem
that is differentiated from other security problems (protect my PC or protect my network), most of
you should look for dedicated DLP solutions.
This doesnt mean that DLP as a feature wont be the right solution, especially in smaller
organizations. It also doesnt mean that one shouldnt buy a suite that includes DLP, as long as
the DLP management is separate and dedicated to DLP. Well be seeing more and more suites as
large vendors enter the space, and it often makes sense to run DLP analysis or enforcement within
71
72
another product, but the central policy creation, management, and workflow should be dedicated
to the DLP problem and isolated from other security functions.
The last thing to remember about DLP is that it is highly effective against bad business processes
(e.g. FTP exchange of unencrypted medical records with your insurance company) and mistakes.
While DLP offers some protection against malicious activity, were at least a few years away from
these tools protecting against knowledgeable attackers.
DLP Solutions - Considerations

Considerations for Effective Data Loss Prevention
1. Identify and Prioritize Your Most Vulnerable Risk Points

Unwanted internal and external disclosure of Non-Public Information, Personally Identifiable
Information, and Intellectual Property can occur at many different points throughout your
network. This is why a comprehensive DLP solution ultimately has to protect all potential-risk
points in your organization.
While end-to-end protection of all vulnerable sites is the ultimate goal for a DLP solution, in
reality, it makes far more tactical and financial sense to begin by protecting the dataas well as
the mechanisms used to move this datathat represents the most danger to your enterprise.
As the most frequently accessed and used electronic application in all companies, email is,
without question, the most susceptible data-loss risk point for most enterprises. With literally
every employee in a typical organization sending and receiving more than 100 messages every
day, its an obvious vessel for sensitive and confidential information to go where it shouldnt.
Adding to this security threat is the fact that email can originate from several different locations,
73
many with gaping security holes, including desktops, mobile devices, public computers, Webbased corporate email, and disconnected laptops.
Not far behind email in propagating enterprise risk are removable storage devicesUSB keys,
iPods, CD/DVD burners, and disconnected laptopsthat can hold hundreds of megabytes
of data. Control-free Web activity also represents a Pandoras Box of data loss opportunities,
particularly due to popular social networking and file-sharing tools such as instant and thirdparty messaging, Webmail, Internet forums, blogs, and wikis.
Additional enterprise vulnerabilities that need to be addressed include scanning file systems,
repositories, document management systems, mail archives for sensitive and confidential
data, as well as communication protocols such as FTP, general SMTP, and HTTP.
2. Comprehensive Accuracy Is Essential

While simple, content-based analysis uses lexicon matching to detect data loss violations. For
every identified authentic breach, hundreds of compliant events are flagged. When your review
queue is filled with false positives, the only alternatives are to manually inspect hundreds
of incidents, evaluate breaches post-event, or relax policy. All of these options resulting from
simple detection significantly increase the probability of data loss by missing true violations
and introducing potentially serious operational inefficiencies by flagging too many events.
The only way to confidently respond to potential violations is to use an analysis technique that
is identity and business aware, one that can identify true violations while allowing legitimate
business activity to take place. This level of comprehensive accuracy is only possible by going
beyond matching simple key words and phrases to examine content around content and
context, while considering enterprise hierarchy and the identity of end-users involved. Context,
in particular, plays a crucial role in distinguishing a potential data breach from a genuine action.
For example, a content-based approach to detecting three-digit credit scores would likely flag a
file or message containing the number 225 as a potential violation. But since valid three-digit
credit scores only fall between 300 and 850, this information should not immediately qualify
74
as a potential data loss breach. Likewise, if the number 703 is detected between parentheses,
it is more than likely a telephone area code in Virginia than a credit score.
In addition to standard scoring for positive hits, accurate analysis also involves weighting
and scoring offsets to determine whether a file or message should be flagged. For example, a
subjective threshold might define a privacy violation when 50 nine-digit numbers are found
in any one document or message. But what if there are only 48 of those numbers? Should that
item be given a pass? Most likely, it should not.
Taking into consideration the identities involved, such as the author of a document, the sender/
recipient of an email, and their role within the organization, is another key analysis technique
that helps determine if a given action represents a true data loss risk.
3. Insist on Proven, Pre-Built Policies

An extensive catalog of effective policiesone that employs comprehensive and accurate
analysis to provide the right response for any given eventis the foundation of any DLP
solution. While it is critical to be able to quickly and easily create and deploy policies, it is just
as important that the policies you employ effectively capture your companys best practices
and business rules.
Your DLP solution should draw on a complete set of customizable, pre-built, and tested policies
that can address an array of security and compliance issues, or target a particular area of risk
with pinpoint precision. Most must be 100% ready for immediate deployment across all critical
risk points, including email, Web, and Instant Messaging. Some may require customer-specific
configuration to ensure optimum operation in a particular environment. With either approach,
the time and effort required to design, prioritize, develop, and deploy your DLP policies will be
dramatically reduced.
An ideal policy catalog should feature packaged, proven methodologies and blueprints that
75
provide options to appropriately respond to violations based on who was involved, what
occurred, and what was detected.
4. Protect More Than Just Confidential and Sensitive Data
In addition to preventing information security breaches of Personally Identifiable Information,
Intellectual Property, and Non-Public Information, your DLP solution should also mitigate all
risks created by unsafe or non-compliant behavior conducted electronically. This broad range
of activity can include unsuitable and offensive employee behavior, communication not in
compliance with various regulatory and jurisdictional requirements, behavior that could
compromise legal activity and strategy, uncontrolled financial transactions, and inappropriate
handling of customer complaints.
You should also ensure that the solution can address broader regulatory and corporate
compliance needs.
5. Respond Appropriately to Each Incident

Once an event has been determined to be a violation, your DLP solution should respond in
real time with the appropriate action such as blocking, quarantining, warning, encrypting, or
informing, and then provide suitable steps for immediate remediation. Each response should
be gauged specifically to the type and severity of the violation, particularly by considering who
is involved. For example, an infraction caused by the company CEO may need to be handled
differently than one by a sales rep or a member of the research team.
Other appropriate responses include redirecting a message or a user to an informative

webpage on company security policy, providing procedural support to complete the task at
hand, classifying the relevant message or file, updating an incident dashboard, and silently
capturing problematic activity. In addition, you should be able to move, copy, delete, or tag all
files at rest.

76
To ensure that breaches are addressed wherever they occur, responses must originate from all
potential risk points, including desktop, message server, network boundary, files repositories,
and upon import and analysis of historical events.
6. Optimize Your Incident Response Process

Half of the battle in DLP is detecting real information leaks while minimizing false positive
detections. The other half is efficiently and decisively resolving suspected breaches as close to
the incident as possible. To accomplish this objective without impeding business workflow, you
need a complete, automated, fully customizable remediation application that helps supervisors
and administrators review, audit, escalate, annotate, report, and resolve problematic activity.
An optimized remediation process should always feature native visibility controls that
securely determine which manager can review a specific violation. To facilitate the proper
course of action, a Web-based remediation application must provide configurable one-click
review buttons for easy evaluation of events in their entirety. This includes automating the
creation of the audit trail, and recording how, when, and by whom each incident was handled
in the system. The reviewer must be able to view all relevant information, including the full
message, complete files, and attachments in their original formats, as well as be able to search
automatically or in an ad hoc manner, and to easily find related incidents to aid investigations.
There should be no need to employ third-party case management tools or to process obscure
system activity logs. If appropriate, the originator of problematic content must be able to be
notified of incident status or required action via automated, secure messages sent from the
review application.
7. End-User Education and Self-Remediation

An effective DLP solution must interact with employees so that they can understand why a
given activity is inappropriate, as well as learn how to self-correct and avoid potential future

77
breaches.
Ongoing education reinforces correct behavior and provides users with full knowledge of the
repercussions of violating various company policies. Appropriate interaction with employees
at the right time ensures that security and other policies will be top-of-mind for employees,
thus maximizing their data loss awareness. Moreover, this solution dimension can seamlessly
complement your companys existing training and awareness efforts for the use of electronic
communication, human resources, ethics, e-policies, and many other areas of employee
education. When companies do a better job of educating employees on the dangers of data
loss at the moment of truth (i.e. the click of the send button), violations will be drastically
reduced over time, along with similarly diminished enterprise risk, IT burden, financial costs,
and lost time.
8. Implement a Flexible Architecture

A DLP solution based on a set of modular, distributed, data analyzing components allow
companies to immediately and cost-effectively address their most pressing requirements
while being able to add new controls as their needs change. This type of platform architecture
enables the system administrator to determine which combination of control points provides
the necessary coverage for your company. In some cases, only desktop or laptop controls may
be desired, while in others, network control points will be necessary. In certain situations, serverbased controls combined with desktop and network controls may achieve an enterprises DLP
objectives.
A modular approach will ensure speedy deployment, eliminate single points of failure, and
easily scale to protect 500 or 500,000 employees. Endpoint or client components should
be able to ensure protection even when disconnected from a central server or from the
corporate network. When the user reconnects to the corporate network, new policies must be
automatically downloaded and captured incidents seamlessly uploaded.

78
The platform should provide automated policy distribution so that the right policy is quickly
and securely deployed to the right place imperceptibly to the user, ensuring higher adoption
rates. All capabilities must be supported, regardless of the number of policies used or the
number of control points .
In addition, the DLP solution must work in a variety of locations in any sequence, with
supplementary modules added later with little effort. As new data types, channels, and
protocols emerge, the solution should be able to adapt to these evolving requirements.

79
Questions
1. __________ both protect sensitive data and provide insight into the use of content within the
enterprise.
a. DLP solutions
b. DLP features
c. DLP market
d. DLP functions
2. __________ include some of the detection and enforcement capabilities of DLP products, but
are not dedicated to the task of protecting content and data.
a. DLP solutions
b. DLP features
c. DLP market
d. DLP functions
3. What is the last thing to remember about the DLP?

a. They are not dedicated to the task of protecting content and data
b. Protect sensitive data and provide insight into the use of content within the enterprise
c. It is highly effective against bad business processes and mistakes
d. All of the above
4. __________ activity also represents a Pandoras Box of data loss opportunities.

a. Control-free Web
b. Social Networking
c. Third-party messaging
d. None of the above

80
5. __________ is dedicated to a clear business problem that is differentiated from other security
problems.
a. GLBA
b. HIPAA
c. DLP
d. SOX
6. Once an event has been determined to be a violation, DLP solution should __________.
a. Respond in real time with the appropriate action
b. Provide suitable steps for immediate remediation
c. Be gauged specifically to the type and severity of the violation
d. All of the above

Chapter 7
Standards
Objectives

To be introduced to the different security standards that protect our data
To recognize and differentiate the security standards
Cyber Security Standards
Cyber Security Standards are security standards which enable organizations to practice safe
security techniques to minimize the number of successful cyber security attacks. These guides
provide general outlines as well as specific techniques for implementing cyber security. For certain
specific standards, cyber security certification by an accredited body can be obtained. There are
many advantages to obtaining certification, including the ability to get cyber security insurance.
History
Cyber security standards have been created recently because sensitive information is now
frequently stored on computers that are attached to the Internet. Many tasks that were once done
by hand are carried out by computer; therefore, there is a need for Information Assurance (IA) and
81
82
security. Cyber security is important in order to guard against identity theft. Businesses also have a
need for cyber security because they need to protect their trade secrets, proprietary information,
and personally identifiable information (PII) of their customers or employees. The government also
has the need to secure its information.
One of the most widely used security standards today is ISO/IEC 27002, which started in 1995.
This standard consists of two basic parts: BS 7799 part 1 and BS 7799 part 2, both of which were
created by British Standards Institute. Recently, this standard has become ISO 27001. Several
special publications addressing cyber security was released by The National Institute of Standards
and Technology (NIST).
The International Society of Automation (ISA) developed cyber security standards for industrial
automation control systems (IACS) that are broadly applicable across manufacturing industries.
The series of ISA industrial cyber security standards are known as ISA-99 and are being expanded
to address new areas of concern.
Standard of Good Practice

In the 1990s, the Information Security Forum (ISF) published a comprehensive list of best practices
for information security, published as the Standard of Good Practice (SoGP). The ISF continues to
update the SoGP every two years; the latest version was published in 2011.
Originally a private document, the SoGP was available only to ISF members, but the ISF has since

83
made the full document available to the general public at no cost.
Among other programs, the ISF offers its member organizations a comprehensive benchmarking
program based on the SoGP. Furthermore, it is important for those in charge of security management
to understand and adhere to North American Electric Reliability Corporation Critical Infrastructure
Protection (NERC CIP) compliance requirements.
ISO/IEC 27002
ISO/IEC 27002 incorporates mainly part 1 of the BS 7799 good security management practice
standard. The latest versions of BS7799 is BS7799-3. Sometimes ISO/IEC 27002 is therefore referred
to as ISO 17799 or BS 7799 part 1 and sometimes it refers to part 1 and part 7. BS 7799 part 1
provides an outline or good practice guide for cyber security management; whereas, BS 7799 part
2 and ISO 27001 are normative and therefore, provide a framework for certification.
ISO/IEC 27002 is a high-level guide to cyber security. It is most beneficial as explanatory guidance
for the management of an organization to obtain certification to the ISO 27001 standard. The
certification once obtained lasts three years. Depending on the auditing organization, none or
some intermediate audits may be carried out during the three years.
ISO 27001 (ISMS) replaces BS 7799 part 2, but since it is backward compatible, any organization
working toward BS 7799 part 2 can easily transition to the ISO 27001 certification process. There is
also a transitional audit available to make it easier once an organization is BS 7799 part 2 certified
for the organization to become ISO 27001 certified.

84
ISO/IEC 27002 states that information security is characterized by integrity, confidentiality, and
availability. The ISO/IEC 27002 standard is arranged into 11 control areas: security policy, organizing
information security, asset management, human resources security, physical and environmental
security, communication and operations, access controls, information systems acquisition/
development/maintenance, incident handling, business continuity management, and compliance.
ISO 15408
This standard develops what is called the Common Criteria. It allows many different software
applications to be integrated and tested in a secure way.
The Common Criteria for Information Technology Security Evaluation is an international standard
(ISO/IEC 15408) for computer security certification. 3.1.Release 4 is the current version.
Common Criteria is a framework in which computer system users can specify their security
functional and assurance requirements, vendors can then implement and/or make claims about
the security attributes of their products, and testing laboratories can evaluate the products to
determine if they actually meet the claims. In other words, Common Criteria provides assurance
that the process of specification, implementation, and evaluation of a computer security product
has been conducted in a rigorous and standard manner.

85
RFC 2196
RFC (Requests for Comments) 2196 is a memorandum published by the Internet Engineering Task
Force for developing security policies and procedures for information systems connected on the
Internet. The RFC 2196 provides a general and broad overview of information security, including
network security, incident response, or security policies. The document is very practical and
focusing on day-to-day operations.
IEC/ISA-62443
IEC/ISA-62443 (formerly ISA-99) is a series of standards, technical reports, and related information
that define procedures for implementing electronically secure Industrial Automation and Control
Systems (IACS).
This guidance applies to end-users, system integrators, security practitioners, and control systems
manufacturers responsible for manufacturing, designing, implementing, or managing industrial
automation and control systems reports, and related information that define procedures for
implementing electronically secure IACS.
These documents were originally referred to as ANSI/ISA-99 standards, as they were created by the
International Society for Automation (ISA) and publicly released as American National Standards
Institute (ANSI) documents. In 2010, they were renumbered to be the ANSI/ISA-62443 series. This
change was intended to align the ISA and ANSI document numbering with the corresponding
International Electrotechnical Commission (IEC) standards.

86
All ISA work products are now numbered using the convention ISA-62443-x-y and previous
ISA99 nomenclature is maintained for continuity purposes only. Corresponding IEC documents
are referenced as IEC 62443-x-y. The approved IEC and ISA versions are generally identical for all
functional purposes.
ISA99 remains the name of the Industrial Automation and Control System Security Committee
of the ISA. Since 2002, the committee has been developing a multi-part series of standards and
technical reports on the subject. These work products are then submitted to the ISA for approval
and publishing under ANSI. They are also submitted to IEC for review and approval as standards
and specifications in the IEC 62443 series.
Other Standards
ISO/IEC 13335-1:2004
Standard containing generally accepted descriptions of concepts and models for information and
communications technology security management. The standard is a commonly used code of
practice, and serves as a resource for the implementation of security management practices and
as a yardstick for auditing such practices.
ISO/IEC TR 15443-1:2005
Security assurance: the Technical Report (TR) contains generally accepted guidelines which can be
used to determine an appropriate assurance method for assessing a security service, product or
environmental factor.
ISO/IEC 15816:2002

87
Security management: access control. The standard allows security professionals to rely on a
specific set of syntactic definitions and explanations with regard to SIOs, thus avoiding duplication
or divergence in other standardization efforts.
ISO/IEC TR 15947:2002
Security management: intrusion detection in IT systems. The standard allows security professionals
to rely on a specific set of concepts and methodologies for describing and assessing security risks
with regard to potential intrusions in IT systems. It does not contain any RM/RA obligations as
such, but rather, it is a tool for facilitating RM/RA activities in the affected field.
ISO/IEC 15408-1/2/3:2005
Standard containing a common set of requirements for the security functions of IT products
and systems and for assurance measures applied to them during a security evaluation. Scope:
publicly available ISO standard, which can be voluntarily implemented. The text is a resource for
the evaluation of the security of IT products and systems, and can thus be used as a tool for RM/RA.
The standard is commonly used as a resource for the evaluation of the security of IT products and
systems, including (if not specifically) for procurement decisions with regard to such products. The
standard can thus be used as an RM/RA tool to determine the security of an IT product or system
during its design, manufacturing or marketing, or before procuring it.
ISO/IEC 17799:2005
The standard containing generally accepted guidelines and general principles for initiating,
implementing, maintaining, and improving information security management in an organization,
including business continuity management. The standard is a commonly used code of practice,
and serves as a resource for the implementation of information security management practices
and as a yardstick for auditing such practices.

88
ISO/IEC TR 15446:2004
Technical Report (TR) containing guidelines for the construction of Protection Profiles (PPs)
and Security Targets (STs) that are intended to be compliant with ISO/IEC 15408 (the Common
Criteria). The standard is predominantly used as a tool for security professionals to develop PPs
and STs, but can also be used to assess the validity of the same (by using the TR as a yardstick to
determine if its standards have been obeyed). Thus, it is a (non-binding) normative tool for the
creation and assessment of RM/RA practices.
ISO/IEC 18028:2006
This is a five-part standard (ISO/IEC 18028-1 to 18028-5) containing generally accepted guidelines
on the security aspects of the management, operation and use of information technology networks.
The standard is considered an extension of the guidelines provided in ISO/IEC 13335 and ISO/IEC
17799, focusing specifically on network security risks. The standard is a commonly used code of
practice, and serves as a resource for the implementation of security management practices and
as a yardstick for auditing such practices.
ISO/IEC 27001:2005
This is a standard containing generally accepted guidelines for the implementation of an
Information Security Management System within any given organization. Scope includes that
this is not a publicly available ISO standard, which can be voluntarily implemented. While not
legally binding, the text contains direct guidelines for the creation of sound information security
practices. The standard is a very commonly used code of practice, and serves as a resource for the
implementation of information security management systems and as a yardstick for auditing such
systems and/or the surrounding practices.
ISO/IEC TR 18044:2004
This involves a Technical Report (TR) containing generally accepted guidelines and general
principles for information security incident management in an organization. Scope includes that
89
this is not a publicly available ISO TR, which can be voluntarily used. While not legally binding, the
text contains direct guidelines for incident management. The standard is a high-level resource
introducing basic concepts and considerations in the field of incident response. As such, it is mostly
useful as a catalyst to awareness raising initiatives in this regard.
ISO/TR 13569:2005
This is a standard containing guidelines for the implementation and assessment of information
security policies in financial services institutions. The standard is a commonly referenced guideline,
and serves as a resource for the implementation of information security management programs in
institutions of the financial sector, and as a yardstick for auditing such programs.
ISO/IEC 18045:2005
The standard containing auditing guidelines for assessment of compliance with ISO/IEC 15408.
Scope states that this is a publicly available ISO standard, to be followed when evaluating
compliance with ISO/IEC 15408. The standard is a companion document, which is thus primarily
of use for security professionals involved in evaluating compliance with ISO/IEC 15408. Because it
describes minimum actions to be performed by such auditors, compliance with ISO/IEC 15408 is
impossible if ISO/IEC 18045 has been disregarded.

90
Questions
1. What is the most widely used security standard today?
a. ISO/IEC 27003
b. ISO/IEC 27002
c. ISA-99
d. ISO/IEC 15408
2. __________ is a framework in which computer system users can specify their security
functional.
a. Common Criteria
b. Computer Security Certification
c. Security Evaluation
d. Control Systems
3. All ISA work products are now numbered using the convention __________ and previous
ISA99 nomenclature is maintained for continuity purposes only.
a. ISA-62443-y-x
b. ISA-62443-y-z
c. ISA-62443-x-y
d. ISA-62443-w-x
4. The __________ provides a general and broad overview of information security including
network security, incident response or security policies.
a. ISA-99
b. IEC 624433
c. BS7799
d. RFC 2196

91
5. What is the latest version of BS7799?
a. BS7799-3
b. BS7799-2
c. RFC 2196
d. ISA-99
6. What is the Common Criteria for the Information Technology Security Evaluation that is also
an international standard for computer security certification?
a. ISO/IEC 27002
b. ISO/IEC 15408
c. ISO 27001
d. BS 7799

Chapter 8
Answers
Chapter 1
1. d
2. a
3. b
4. c
5. b
6. a
Chapter 2
1. b
2. a
3. d
4. b
5. c
6. a
Chapter 3
1. c
2. c
3. d
4. a
5. c
6. a
92
Chapter 4
1. b
2. c
3. c
4. b
5. d
6. a
Chapter 5
1. b
2. a
3. c
4. a
5. d
6. a
Chapter 6
1. a
2. b
3. c
4. a
5. c
6. d
Chapter 7
1. b
2. a
3. c
4. d
5. a
6. b
93
Chapter 9
Index
A
activity 75-6, 79
Advanced security measures 35-6, 44
application 11, 25, 58-9, 63-6, 68
application controls 38, 40, 44
application security 65-6, 68
attackers 37, 39, 44, 54
attacks 35, 50, 53, 59-61, 64, 68-9
authorization 36, 61, 66-7
B
backup disks 19, 23-4
backup strategies 6, 20-1, 23
backup tapes 27, 38, 41
block 38, 40, 44
browser 4, 53-4, 57
BS 82-3, 90-1
businesses 12, 14, 29, 31, 38, 41, 52, 65, 71, 73, 82
94
C
categories 7, 35, 59
CDs 15, 18, 21, 38, 41
certification, computer security 84, 90-1
change 46, 51-2, 54, 77, 85
constant 38, 41, 44
cloud 59, 63-6, 68
cloud computing 58-9, 62, 64
cloud security 7-8, 12, 58, 62, 68-9
cloud service 65, 67-8
Common Criteria 49, 56, 84, 88, 90-1
companies 2, 16, 27, 29-31, 63-5, 67, 72, 74, 77
compliance 62, 75, 84, 89
computer 5, 37, 39, 42, 44, 46, 50-4, 81
Computer Security 7, 12, 45-52, 56, 58
Computer Security Threats 7, 46, 51
confidential data 17, 42, 45, 73
confidential information, attempted transmissions of 38, 40, 44
content 6, 20, 70, 73, 76, 79
context 1, 11, 18, 35, 73
control access 37, 40, 44
corporate network 11, 25-6, 77
95
96
corrective controls 60-1, 68-9

cost 20, 63, 83
customers 59-60, 63, 82
Cyber Security Standards 8, 81-2
D
damage 2, 18, 21, 26-7, 43, 50-1, 61
Data Categories and Lifecycle 7, 12, 35
Data in Motion (DiM) 7, 37, 39, 44-5
Data in Use (DiU) 7, 37, 39-40, 44-5
Data Leakage 6, 25, 32
data lifecycle 7, 35-6, 39
data loss 6, 14, 16-18, 20-1, 23-6, 28, 31, 65, 73, 77
preventing 22, 25, 30
Data Loss and Recovery 6, 12, 14
Data Loss Prevention (DLP) 1, 6-7, 11-12, 16, 18, 20-2, 24-8, 30, 32-6, 38, 40, 42, 56, 70-2, 76, 78-80
Data Recovery 6, 18, 21, 23
databases 36, 41, 43
deleted files 18, 20, 23
design 47, 74, 87
desktop 73, 76-7
Detective Controls 60, 68-9

97
Deterrent Controls 60, 68-9
disclosure 25, 33, 43, 47
disk 18-21, 38, 41
DLP Features 8, 70-1, 79
DLP software tools 11-12, 26
DLP Solutions 8, 70-2, 74-5, 77-80
document 1, 39, 74, 83, 85
drive, hard 38, 41, 51, 65
DVDs 18, 21, 38, 41
E
eLearning Programs 4-5, 13
email 3-4, 28-9, 34, 50, 54, 60, 72-4
employees 28, 30, 33, 72, 76-7, 82
encrypt 64-6, 68
encrypting 65-6, 75
encryption 29, 34-5, 39, 64, 68
encryption key 51, 64-5, 68
Endpoint DLP 37, 40, 44
Endpoint systems 37, 40, 44
enterprise 67, 70, 72, 79
evaluation 76, 84, 87

98
exposures 60-1, 63
F
failures 14-15, 77
field 43, 46, 87, 89
files 5, 15, 19-20, 38, 53-4, 64, 73-5
firewall 4, 35, 53, 62-3
framework 83-4, 90
function 21, 47, 54
G
government 48-50, 56, 82
H
hacker 16, 52, 56
hardware failure 15-16, 22
I
IEC (International Electrotechnical Commission) 8, 82-91
implementation 49, 84, 87-9
incident response 63, 85, 89-90
incidents 14, 16, 27, 30, 42, 73, 75-6
industry 1, 12, 36
99
information security 7, 28, 43, 46, 58, 82, 84-5, 90
information security policies 37, 40, 89
instructions 2, 4, 53
Internet 28, 42, 50, 52-4, 57, 81, 85
Internet Explorer 4-5, 54
intruders 47, 50-1
ISA (International Society of Automation) 82, 85-6, 90
ISA-99 82, 85, 90-1
ISO 8, 82-4, 86-91
issues 25, 58-9, 62, 67
K
knowledge 11-13, 43, 45, 51, 77
L
Lack of user responsibility 28, 33-4
laptops 27, 38, 41
level, highest 48, 54, 56-7
link 3, 54, 57
log 3-4, 54, 64
loss 2, 14, 21, 27, 42

100
M
malware 52-4, 57
Masquerading 52, 56-7
media 14, 38, 41-2
members 43, 45, 75
mobile devices 27, 37-8, 40-1, 73
Motion 37, 39, 44
N
natural disaster 15-16, 24, 46
network 37-41, 46, 52, 71-2
network security 58, 85, 90
O
organizations 11, 17, 25, 27, 31, 37, 40, 43, 45, 59, 62-3, 65-6, 70-2, 74, 83, 87-8
OS 59, 65, 68
P
part 1-3, 47, 50, 82-3
passwords 21, 37, 39, 54-5, 60-1
path 37, 40, 44
permission 1-2, 51, 54
person 1-2, 52, 54
101
personal information 30, 50-2
personally identifiable information (PII) 42, 72, 75, 82
physical devices 37, 40, 44
policies 25, 28, 32, 48, 58, 60, 67, 74, 77-8
precautions 2, 22, 64
products 2, 48, 70, 72, 84, 86-7
programs 4, 13, 15, 20, 23, 51-2, 83, 89
protection 26-8, 33, 37, 39, 43, 45-6, 48-9, 72, 77
providers 59, 64, 68
R
recover 16, 20, 22, 24
recovery 6, 12, 14, 18-21, 23
resource 51, 86-9
Rest 7, 38-9, 41, 44-5
review 3, 76, 86
RFC 8, 85, 90-1
risk awareness 45, 63-4
risks 6, 28, 31, 54, 63, 74-5

102
S
scenarios 6, 19, 63
secure operating systems 47-9, 56
security 25, 30, 42-3, 46-9, 51, 62-3, 71, 74, 77, 82, 84, 87-8, 90
security awareness 7, 43, 45
security controls 8, 59-60, 63
security functions 49, 71-2, 87
security management 59, 83, 87
security management practices 83, 86, 88
security policies 48, 84-5, 90
security settings 5, 52-3
security tools 28, 48, 56
servers 37-8, 40-1, 77
services 2, 46, 63-4
set 48, 53-4, 57-8, 60, 77, 87
software 22, 26, 37, 40, 48, 51, 53, 59, 64
solutions 5, 8, 12, 19, 30, 36, 44, 63-4, 70, 75, 78
standards 8-9, 12, 61, 81, 85-6, 88
steal 43, 51-2
stolen 27, 38, 41-2
storage devices 15, 19, 21
subject 1, 37-8, 41, 44, 48, 54, 86
system administrator 18, 54, 77
103
systems 20, 25, 30, 37, 40, 42, 47-50, 56, 59-61, 67-8, 76, 87-8
T
technology 28-30, 32, 47, 58
theft 16, 38, 41-2
themes 28, 33-4
third parties 27, 29, 34, 41
threats 51, 61-2
biggest 37-9, 41
time 4, 20-1, 40, 63, 74, 77
tools 1, 5, 55, 72, 87-8
TR (Technical Report) 86, 88-9
U
unauthorized access 32, 43, 46
Use 37, 39-40, 44-5
user responsibility 28, 33-4
users 5, 18, 22, 25-6, 29, 37-40, 51, 60, 63, 65-8, 75, 77-8
V
vendors 53, 63, 84
violations 61, 73, 75-7, 80
vulnerabilities 60-1, 68
104
W
web browsers 5, 51, 53
workstation 38, 40-1
worry 37-9, 41

105

106

Uncover the most sought-after security software for organizations worldwide, known as Data Loss Prevention (DLP). DLP software
tools have fast become an integral part of business security measures. DLP security solutions ensure any organizations vital information is kept under lock and key, allowing business owners to breathe a sigh of relief. Become a valued member of your organization by
learning the benefits and advantages of implementing DLP software solutions.
Data Loss Prevention (DLP) can be described as a strategy for ensuring that critical or sensitive information or data is not leaked
outside of an organizations corporate network. DLP software tools are implemented to assist, manage, and control data transfers. It
is designed to detect potential data breaches and initiate prevention through early detection and blocking of any sensitive data. This
course would be beneficial to businesses looking to implement DLP software tools for security purposes, IT Professionals researching
DLP software services and computer security systems, and Managers wanting to be informed about the importance of data protection.
This certification validates your knowledge of specific methods, models, and/or tools. This is essential to professionals in order to be
updated on the latest multimedia trends, and to add to their DLP toolbox.
The industry is facing a bold, new world with the amazing developments in DLP technology, and the challenges and the opportunities
that this presents are unprecedented. The Data Loss Prevention Complete Certification Kit serves as a complete introductory guide for
anyone looking to grasp a better understanding of DLP concepts and their practical application in any environment.
The Art of Services introductory DLP training and certification helps IT practitioners develop the skills that are crucial, as businesses
embark on this massive transformation. It provides an industry credential for IT professionals to help them transform into the world of
DLP.
Take the next step: Get Certified!

The Art of Service IT Service Management programs are the #1 certification programs in the information management industry. Being
proven means investing in yourself, and formally validating your knowledge, skills, and expertise by the industrys most comprehensive learning and certification program. The Data Loss Prevention Complete Certification course prepares you for DLP Certification.
Why register?
- Easy and affordable.
- Learning about DLP technologies has never been more affordable.
- Latest industry trends are explained.
- Acquire valuable skills and get updated about the industrys latest trends right here. Today.
- Learn from the Experts. The Art of Service offers education about DLP and 300 other technologies by the industrys best.
- Learn at your own pace. Find everything right here, when you need it, and from wherever you are.
What will you learn?
- Learn the important concepts, software tools, and uses of DLP.
- Learn about the benefits and importance of implementing DLP software services into any organization.
- Examine computer and cloud security.
- Review DLP solutions and standards.
- Explore data categories and lifecycle.
Course Outline
- Data Loss and Recovery
- Overview of Data Loss Prevention
- Data Categories and Lifecycle
- Computer Security
- Cloud Security
- Solutions
- Standards
Data Loss Prevention Complete Certification Kit - Core Series for IT
This training and certification enables you to move both the industry and business forward, and to quickly take advantage of the
benefits that DLP applications present.

DLP Complete Certification Kit P108

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

DLP Complete Certification Kit P108

Hochgeladen von

Copyright:

Verfügbare Formate

Uncover the most sought-after security software for organizations worldwide, known as Data Loss Prevention (DLP).

Take the next step: Get Certified!

Data Loss Prevention Complete Certification Kit - Core Series for IT

The Art of Service

The Art of Service Pty Ltd

How does it work?

What happens when I submit my review?

Data Recovery - Response to Data Loss

Data Loss Prevention - Foundation

Data Loss Prevention - Common Themes

Data Loss Prevention vs. Data Leakage

Data Lifecycle - Data in Motion

Terminology - Data Breach

Computer Security - Secure OS

Improving Computer Security

DLP Features vs. DLP Solutions

DLP Solutions - Considerations

The online learning program is available for a 90-day access period.

Recent graduates looking to get a foothold in the IT Industry

Individuals looking for work within public or private sector organizations

Businesses looking to implement DLP software tools for security purposes

IT Professionals researching DLP software services and computer security systems

Managers wanting to be informed about the importance of data protection

The topics covered in this course are:

Data Loss and Recovery

Overview of Data Loss Prevention

Data Categories and Lifecycle

Downloadable resources (PDF documents)

End of module review questions to assess your content knowledge

Copyright The Art of Service I Brisbane, Australia I Email: service@theartofservice.com

To learn about the different types of data loss

To identify the response to data loss

Intentional deletion of a file or program

Accidental deletion of a file or program

Misplacement of CDs or memory sticks

Inability to read unknown file format

Natural disaster, earthquake, flood, tornado, fire, etc.

A software crash or freeze, resulting in data not being saved

Data corruption, such as file system corruption or database corruption

data loss prevention

Theft, hacking, sabotage, etc.

A malicious act such as a worm, virus, hacker, or theft of physical media

Breaches are Expensive

Copyright The Art of Service I Brisbane, Australia I Email: service@theartofservice.com

Leading Causes of Data Loss

Copyright The Art of Service I Brisbane, Australia I Email: service@theartofservice.com

data loss prevention

Data Recovery - Response to Data Loss

Copyright The Art of Service I Brisbane, Australia I Email: service@theartofservice.com

Three (3) scenarios are involved in recovering data:

Copyright The Art of Service I Brisbane, Australia I Email: service@theartofservice.com

data loss prevention

In a third scenario, files have been deleted from a storage medium.

Data Loss Prevention - Foundation

data loss prevention

Copyright The Art of Service I Brisbane, Australia I Email: service@theartofservice.com

2. __________ is the process of salvaging data from being damaged or corrupted.

Copyright The Art of Service I Brisbane, Australia I Email: service@theartofservice.com

data loss prevention

6. 25% of data loss is due to what event?

Copyright The Art of Service I Brisbane, Australia I Email: service@theartofservice.com

Overview of Data Loss Prevention

To have a grasp about data loss prevention

Data Recovery - Response to Data Loss

Data Loss Prevention - Foundation

Data Loss Prevention - Common Themes

Data Loss Prevention vs. Data Leakage

Data Lifecycle - Data in Motion

Terminology - Data Breach

Computer Security - Secure OS

Improving Computer Security

DLP Features vs. DLP Solutions

DLP Solutions - Considerations