How To Prevent An Illicit Data Dump

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.darkreading.com/insider-threat/167801100/security/perimeter-security/232400126/how-to-prevent-an-illicit-data-dump.html

By Michael Cobb
Contributing Writer
Jan 11, 2012

[Excerpted from "How to Prevent an Illicit Data Dump," a new report posted 
this week on Dark Reading's Insider Threat Tech Center.]

The headline occurs almost every day lately -- a large enterprise or 
government agency loses a huge cache of data through the actions of an 
employee. Whether it's a malicious theft and posting, a la WikiLeaks, or 
an unintentional compromise of sensitive business information, the 
affected organization is put in a position of serious risk.

Developing and enforcing rules around how data is handled within your 
company is the most effective way to reduce the likelihood of a major data 
loss.

The first step is to classify your company?s data in terms of its value, 
legal storage and protection requirements, sensitivity and criticality. If 
you don?t know what you need to protect and its value, you can?t allocate 
the necessary and appropriate security controls to guard against data loss 
and theft.

With classifications in place, data should be labeled?either with 
metatags, in the case of digital data, or physical labels, in the case of 
printed material or physical storage devices.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/