a security team equally vigilent.
Assessment & Assurance- Business Impact & Risk Assessments
- Compliance & Regulatory Standards
- Penetration Testing
- Application Security
- Social Engineering Test
- Source Code Review
- Host Security Assessments
- Database Security
- Wireless Security
- Telecom Security
- PCI Compliance
- SCADA Security
- Virtualisation Security
- Mobility Security
- Incident Response
Data Loss Prevention
The modern enterprise network is a multi-faceted technological conglomeration of hardware and software. In fact, even a simple network can have more entry and exit points than one might imagine. Combine this complexity with today.s voracious appetite for information on demand and you have a recipe for multiple channels to funnel corporate information into and out of enterprise systems. Unfortunately many of these channels are either not monitored, or perhaps not even known, and they present an opportunity for sensitive information to be lost and leaked.
Email is the most prolific avenue for data loss. It is incredibly easy to attach documents, spreadsheets, database files and the like into an email with a distribution list extending beyond the corporate email domain. USB keys and other portable media such as music players, external hard drives, CD/DVD ROMs etc all provide high density, low form factor options to extract information from corporate systems. Laptops themselves are designed to be portable devices and are frequently lost or stolen with inordinate amounts of sensitive data on them.
Proposed changes to the Privacy Act in Australia will mean that it is likely there will be an obligation to disclose sensitive data lost via security breaches in the not too distant future.
A number of technologies exist which can be deployed to address the various loss vectors (e.g. encrypted laptop hard disks, encrypted USB keys, email gateway monitoring). When these are combined with appropriate governance they can provide an effective solution to data leakage across the enterprise.
The time act on protecting corporate and client information is now.