DLP implementation changes organization's culture and the way everyone perceives information and importance associated with it in terms of security.
The management of DLP solution should be aligned with the key requirement which led to DLP implementation in first place. If the pre-implementation was well thought-out and planned, the management part just needs to follow the execution. Starting small and building confidence before expanding is key to DLP program success.
In a very nutshell, organizations should do the following from pre-implementation to post-implementation for successful DLP program:
1) Identify the need, pain-points and build a business case
2) Create information classification matrix
3) Locate information to be protected
4) Initialize employee awareness to get the buy-in
5) Identify key data loss use-cases
6) Identify and get on-board key stakeholders from each department in-scope
7) Identify workflow based approvals (if required)
8) Shortlist the right DLP solution
9) Start small (focusing on endpoint agent with 'monitor')
10) Implement key use-cases build confidence
11) Move to warning
12) Move to block
13) Expand to other information leaking vectors similarly
14) Consistently improve
15) Show DLP worth to management based on Point 1
The management of DLP solution should be aligned with the key requirement which led to DLP implementation in first place. If the pre-implementation was well thought-out and planned, the management part just needs to follow the execution. Starting small and building confidence before expanding is key to DLP program success.
In a very nutshell, organizations should do the following from pre-implementation to post-implementation for successful DLP program:
1) Identify the need, pain-points and build a business case
2) Create information classification matrix
3) Locate information to be protected
4) Initialize employee awareness to get the buy-in
5) Identify key data loss use-cases
6) Identify and get on-board key stakeholders from each department in-scope
7) Identify workflow based approvals (if required)
8) Shortlist the right DLP solution
9) Start small (focusing on endpoint agent with 'monitor')
10) Implement key use-cases build confidence
11) Move to warning
12) Move to block
13) Expand to other information leaking vectors similarly
14) Consistently improve
15) Show DLP worth to management based on Point 1
No comments:
Post a Comment