RE: Data Theft

["Sumeet Narula" <sumeet.narula () gmail com>]

Thanks for your help

Sumeet Narula, CEO
Comsquare Networks India Pvt Ltd.

-----Original Message-----
From: Dennis Li [mailto:dennis.li.sh () gmail com] 
Sent: 26 May 2010 07:18
To: Sumeet Narula
Cc: security-basics () securityfocus com
Subject: Re: Data Theft

Hi,

The full solution would be the following steps, you shall consider the
management and tool both to mitigate the risk:

1. Identify what information is sensitive to your company and classify them;
2. assign responsiblities to the owner, custodian and user of the
information. The example of owner's responsibilities as below:
a. define the classification of the information
b. define who can access those information by default
c. define the application and approval procedure if others want to
access infomation
d. define the delivery, retention and storage requirement for those
classified information.

3. And CEO/CIO shall assign the sercurity officer to be responsible
for defining security pollicies, conduct security audit regularly

4. Define the access control policies based on the clause b in section
2 mentioned above.

5. Find a proper DLP tool to deploy. The best commercial tool is
Symantec DLP, the best one based Garner magic quadrant (other tool
vendor include EMC, Websense, RSA, etc).

6. Define the policies of the DLP tool based on the access control
policy and access list generated during step 1 to 4.


Please be aware,  DLP tool is after-event prevention solution. It
means, only somebody is trying to steal your information then DLP tool
can identify, log, warn and prevent the action. The tool cannot
prevent all leakage channels. The steps 1 - 4 are security policies to
mitigate the risk prior to the case really happens by clarifying
security responsibilities and access control policies.

If you need more detailed information, don't hesitate to contact me.

Dennis Li


On Fri, May 21, 2010 at 3:17 PM, Sumeet Narula <sumeet.narula () gmail com>
wrote:
> we are looking for any software/firewall solution.
>
> which  prevent the user(user is not under domain) from copying the data
from
> PC/laptop to Pen drive/mail the data as an attachment.
>
> actually our main concern is to prevent the data theft from our office
> PCs(suggest if you have some other other solution).
>
> we require this for at least 5-10 PCs.---------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.
>
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
> ------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------