Upload
isacabelgium
View
423
Download
1
Embed Size (px)
DESCRIPTION
Isaca RoundTableNoel VandendriesscheData Loss Prevention
Citation preview
The Weakest Link
Data Loss Prevention in a financial organisation
ISACA
2 December 2010
Noël Van den Driessche, Group ISO KBC
12/04/23 2
This presentation gives an overview of ideas and techniques used in KBC’s Information Risk Management
programme. Opinions and comparisons expressed, represent the author’s thoughts and do not necessarily
refer to official views of KBC.
12/04/23 3
“Endpoints are the highest risks”Aberdeen Group, 2008
12/04/23 4
Pandora’s box?
12/04/23 5
Protect the data?
Or
Control the perimeter?
Your votes please!
12/04/23 6
500 Terabyte of dataonline in data centre
12/04/23 7
Security Theory:
People
Technology
Process
12/04/23 8
1in hands of
right person?
2for necessary
process?
3with acceptedtechnology?
12/04/23 9
12/04/23 10
84leakage channels
12/04/23 11
Risk-ranking the leakage channels
12/04/23 12
12/04/23 13
12/04/23 14
12/04/23 15
12/04/23 16
34 highest-riskleakageareas
12/04/23 17
White ListBlack List
12/04/23 18
“Only use company-approved techniques”
example
12/04/23 19
“Only provide company-approved techniques”
12/04/23 20
Don’t offer staff techniques thatthey can’t use in a secure way
12/04/23 21
Always installbaseline security
12/04/23 22
34 highest-risk leakage areas: 150 baseline security controls
12/04/23 23
12/04/23 24
DLP requirements analysis
12/04/23 25
12/04/23 26
Decisions?At local level
Behaviour?It all dependson users…
Next steps…
12/04/23 27
Next 38 leakage channels: done
User behaviour & Data whereabouts:Scan: data at rest / data at move Education of users
ongoing
Automated user assist tools