262
edits
Changes
Jump to navigation
Jump to search
Line 18:
Line 18: − + Line 34:
Line 34: − + Line 169:
Line 169: − + Line 175:
Line 175: − + − + Line 187:
Line 187: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Technology Trends/Data Leak Prevention (view source)
Revision as of 09:22, 4 February 2020
, 09:22, 4 February 2020no edit summary
<th>[[Tendances_Technologiques|Tendances Technologiques]]</th>
<th>[[Tendances_Technologiques|Tendances Technologiques]]</th>
<th> / </th>
<th> / </th>
<th>Prévention des Fuites de Données</th>
<th>[[Tendances_Technologiques/Prevention_des_fuites_de_donnees|Prévention des Fuites de Données]]</th>
</tr>
</tr>
</table>
</table>
<tr>
<tr>
<th>Latest version</th>
<th>Latest version</th>
<td>August 6, 2019</td>
<td>February 3, 2020</td>
</tr>
</tr>
<tr>
<tr>
<p>Although DLP protocols and controls have already been implemented into much of SSC’s IT infrastructure, there are some areas in which improvements should be considered. With government-wide strategies around “Open Government” and “cloud computing,” SSC will face increasing need to adapt DLP tools into these platforms as they evolve and expand.</p>
<p>Although DLP protocols and controls have already been implemented into much of SSC’s IT infrastructure, there are some areas in which improvements should be considered. With government-wide strategies around “Open Government” and “cloud computing,” SSC will face increasing need to adapt DLP tools into these platforms as they evolve and expand.</p>
<p>Once aligned with policies, which may change and evolve as time goes on and technology advances, SSC must be prepared for its DLP controls to change with it. Leading experts in the area of DLP define DLP as a dynamic process, not an end-state. A robust DLP program is an opportunity to work with stakeholders and set the expectation that protocols should change and be adjusted over time. DLP must also be considered when the network architecture and tools change, SSC should evaluate how security checks are integrated into new projects.</p>
<p class="expand mw-collapsible-content">Once aligned with policies, which may change and evolve as time goes on and technology advances, SSC must be prepared for its DLP controls to change with it. Leading experts in the area of DLP define DLP as a dynamic process, not an end-state. A robust DLP program is an opportunity to work with stakeholders and set the expectation that protocols should change and be adjusted over time. DLP must also be considered when the network architecture and tools change, SSC should evaluate how security checks are integrated into new projects.</p>
<p>Furthermore, while SSC will play a main role in procuring DLP tools for departments and delivery these services, the protection of data requires a team effort. Collaboration in terms of monitoring, surveillance, and the granting of access to local or departmental networks and resources will be needed. Also, engaging stakeholders helps to identify vulnerabilities that may otherwise be missed. A mindset of collective responsibility is a best practice for ensuring the most effectiveness of DLP.</p>
<p>Furthermore, while SSC will play a main role in procuring DLP tools for departments and delivery these services, the protection of data requires a team effort. Collaboration in terms of monitoring, surveillance, and the granting of access to local or departmental networks and resources will be needed. Also, engaging stakeholders helps to identify vulnerabilities that may otherwise be missed. A mindset of collective responsibility is a best practice for ensuring the most effectiveness of DLP.</p>
<p>One way of helping to achieve buy-in around DLP as an ongoing process, as well as creating a culture of collective responsibility, could be for SSC, along with its partner departments in the GC, to establish “Security Champions”. The GC has introduced a national champion, Mr. David Jean, the GC’s Champion of Security, to be the link between departmental security and national security interests, with respect to all forms of threats or safety issues, not only those related to cybersecurity. However, cyber-specific champions could also be introduced at a more local level and advance DLP “on the ground” as suggested in the [https://www.canada.ca/content/dam/ssc-spc/documents/IT-Transformation-Plan-Consultations-Report-2016.pdf Summer-Fall 2016 Consultations: Information technology Transformation Plan – What We Heard Final Report]. Such employees can help promote the importance of security protocols and behaviours, and can be an important part of the DLP framework.</p>
<p>One way of helping to achieve buy-in around DLP as an ongoing process, as well as creating a culture of collective responsibility, could be for SSC, along with its partner departments in the GC, to establish “Security Champions”. The GC has introduced a national champion, Mr. David Jean, the GC’s Champion of Security, to be the link between departmental security and national security interests, with respect to all forms of threats or safety issues, not only those related to cybersecurity. However, cyber-specific champions could also be introduced at a more local level and advance DLP “on the ground” as suggested in the [https://www.canada.ca/content/dam/ssc-spc/documents/IT-Transformation-Plan-Consultations-Report-2016.pdf Summer-Fall 2016 Consultations: Information technology Transformation Plan – What We Heard Final Report]. Such employees can help promote the importance of security protocols and behaviours, and can be an important part of the DLP framework.</p>
<p>However, DLP tools and processes cannot work in isolation of systems and users. Without proper operationalization, DLP runs the risk of offering a false sense of security and merely becoming a risk generator. [http://myssc-monspc.ssc-spc.gc.ca/en/worktools-processes/integrated-business-planning/CITS#toc251 The SSC Departmental Plan of the Cyber and IT Security] program identifies the following five risks with respect to cybersecurity, of which DLP is a part:</p>
<p class="expand mw-collapsible-content">However, DLP tools and processes cannot work in isolation of systems and users. Without proper operationalization, DLP runs the risk of offering a false sense of security and merely becoming a risk generator. [http://myssc-monspc.ssc-spc.gc.ca/en/worktools-processes/integrated-business-planning/CITS#toc251 The SSC Departmental Plan of the Cyber and IT Security] program identifies the following five risks with respect to cybersecurity, of which DLP is a part:</p>
<ul>
<ul class="expand mw-collapsible-content">
<li><b>Resource Capacity:</b> SSC may not have the adequate financial and human resources to improve services and to introduce the latest technologies to counteract cyber threats.</li>
<li><b>Resource Capacity:</b> SSC may not have the adequate financial and human resources to improve services and to introduce the latest technologies to counteract cyber threats.</li>
<li><b>Aging IT Systems:</b> Current IT infrastructure is at risk of failing due to its end of life.</li>
<li><b>Aging IT Systems:</b> Current IT infrastructure is at risk of failing due to its end of life.</li>
<h2>References</h2>
<h2>References</h2>
<ol>
<li>Arellano, N. E. (2014, March 31). [https://www.itworldcanada.com/post/revenue-agency-bumps-up-government-data-breach-numbers Data breaches in federal departments soar in 10 months]. Retrieved from IT World Canada</li>
<li>Brooks, R. (2018, November 29). [https://blog.netwrix.com/2018/11/29/what-to-know-about-a-data-breach-definition-types-risk-factors-and-prevention-measures/ What to Know about a Data Breach: Definition, Types, Risk Factors and Prevention Measures]. Retrieved from Netwrix</li>
<li>Canadian Centre for Cyber Security. (2019, May 15). [https://cyber.gc.ca/en/guidance/five-practical-ways-make-yourself-cybersafe Five practical ways to make yourself cybersafe]. Retrieved from cyber.gc</li>
<li>Digital Guardian Guest Contributor. (2018, February 5). [https://digitalguardian.com/blog/getting-successful-dlp-two-approaches-quick-dlp-wins Getting Successful with DLP: Two Approaches for Quick DLP Wins]. Retrieved from Digital Guardian</li>
<li>DLPexperts. (2019, may 17). [https://dlpexperts.com/data-loss-prevention-buyers-guide-and-vendor-comparison/ DATA LOSS PREVENTION BUYER’S GUIDE & VENDOR COMPARISON]. Retrieved from DLPexperts</li>
<li>Ernst & Young. (2011, October). [https://www.ey.com/Publication/vwLUAssets/EY_Data_Loss_Prevention/$FILE/EY_Data_Loss_Prevention.pdf Data loss prevention]. Retrieved from EY</li>
<li>Governement of Canada. (2004, May 31). [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12328 Operational Security Standard: Management of Information Technology Security (MITS)]. Retrieved from Governement of Canada</li>
<li>Government of Canada. (2018, December 13). [https://laws-lois.justice.gc.ca/eng/acts/P-21/ The Privacy Act]. Retrieved from Government of Canada</li>
<li>Hughes, C. (2014, September 3). [http://aspg.com/three-states-digital-data/#.XN7E0aBKi71 The Three States of Digital Data]. Retrieved from ASPG</li>
<li>Imperva. (2019, May 17). [https://www.imperva.com/learn/application-security/insider-threats/ Insider Threats]. Retrieved from Imperva</li>
<li>Imperva. (2019, May 17). [https://www.imperva.com/learn/application-security/siem/ Security information and event management (SIEM)]. Retrieved from Imperva</li>
<li>Imperva. (2019, May 17). [https://www.imperva.com/learn/data-security/data-breach/ What is a Data Breach | Tips for Data Leak Prevention | Imperva]. Retrieved from impperva</li>
<li>Imperva. (2019, May 17). [https://www.imperva.com/learn/data-security/data-loss-prevention-dlp/ What is Data Loss Prevention (DLP) | Data Leakage Mitigation | Imperva]. Retrieved from imperva</li>
<li>Janacek, B. (2015, December 1). [https://www.datamotion.com/2015/12/best-practices-securing-data-at-rest-in-use-and-in-motion/ Best Practices: Securing Data at Rest, in Use, and in Motion]. Retrieved from DataMotion</li>
<li>Larson, S. (2017, October 4). [https://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html Every Single Yahoo Account was Hacked - 3 billion in all]. Retrieved from CNN Business</li>
<li>Markets and Markets. (2015, September). [https://www.marketsandmarkets.com/Market-Reports/data-loss-prevention-advanced-technologies-market-531.html Data Loss Prevention Market by Solution Type (Network DLP, Storage DLP, Endpoint DLP), by Deployment Type (On-Premise, Cloud), by Applications, by Service, by Organization Size, by Vertical, and by Regions - Global Forecast to 2020]. Retrieved from Markets and Markets</li>
<li>Meizlik, D. (2008, February 5). [http://img2.insight.com/graphics/uk/media/pdf/whitepaper_roiofdlp_en.pdf The ROI of Data Loss Prevention]. Retrieved from Websense, Inc.</li>
<li>Office of the Privacy Commissioner of Canada. (2018, January). [https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/ PIPEDA in brief]. Retrieved from priv.gc</li>
<li>Osakwe, M. (2018, July 19). [https://www.nextadvisor.com/blog/data-breaches-vs-data-leaks-whats-the-difference/ Data Breaches vs. Data Leaks: What’s the Difference?] Retrieved from NextAdvisor</li>
<li>McCarthy, Niall. (2018, July 13). [https://www.forbes.com/sites/niallmccarthy/2018/07/13/the-average-cost-of-a-data-breach-is-highest-in-the-u-s-infographic/#58c9dcd32f37 The Average Cost of a Data Breach is Highest in the U.S]. Retrieved from Forbes</li>
<li>Shared Services Canada. (2018, April 24). [http://myssc-monspc.ssc-spc.gc.ca/en/worktools-processes/integrated-business-planning/CITS 2017–18 Cyber and Information Technology Security Branch Business Plan]. Retrieved from Shared Services Canada</li>
<li>Shared Services Canada. (2018, February 2). [http://myssc-monspc.ssc-spc.gc.ca/en/employee-centre/security/it-security/data-loss Data Loss Prevention and the Use of Portable Storage Devices]. Retrieved from Shared Service Canada</li>
<li>Shared Services Canada. (2019, April 11). [http://myssc-monspc.ssc-spc.gc.ca/en/worktools-processes/integrated-business-planning SSC business planning]. Retrieved from Shared Services Canada</li>
<li>Treasury Board of Canada Secretariat. (2018). [https://www.canada.ca/en/government/system/digital-government/digital-operations-strategic-plan-2018-2022.html#ToC8 Digital Operations Strategic Plan: 2018-2022]. Retrieved from Treasury Board of Canada Secretariat</li>
<li>Treasury Board of Canada Secretariat. (2017, November 1). [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN)]. Retrieved from Treasury Board of Canada Secretariat</li>
<li>SiteUptime. (2017, June 8). [https://www.siteuptime.com/blog/2017/06/08/data-leakage-vs-data-loss-whats-the-difference/ Data Leakage Vs Data Loss: What’s The Difference?] Retrieved from SiteUptime</li>
<li>Verizon Enterprise Solutions. (2019, May 17). [https://enterprise.verizon.com/resources/reports/dbir/ 2019 Data Breach Investigations Report]. Retrieved from Verizon Enterprise Solutions</li>
<li>Wikipedia. (2019, May 10). [https://en.wikipedia.org/wiki/Data_breach Data Breach]. Retrieved from Wikipedia</li>
<li>Wikipedia. (2019, May 5). [https://en.wikipedia.org/wiki/Information_security Information Security]. Retrieved from Wikipedia</li>
<li>Zhang, Ellen. 2019, January 3). [https://digitalguardian.com/blog/what-data-loss-prevention-dlp-definition-data-loss-prevention What is Data Loss Prevention (DLP): a Definition of Data Loss Prevention]. Retrieved from Digital Gaurdian</li>
</ol>
</div>
</div>
