Is Your Organization Thinking Of Adopting DLP? Here is a small checklist you may like to check to tick off before you start the adoption:
- Your organization have developed appropriate policy to govern the use of DLP solution?
To draw true value from any DLP deployment an organisation must first come up with a DLP specific policy to start with. The policy should clearly talk about the goals and objectives of DLP deployment, identify and allocate resources for it and talk about the roles and responsibilities of stakeholders for effective governance of the same
- You have defined the data to be protected?
It is very important to know what is to be protected. You have to be very meticulous in defining what constitute sensitive data. You can look at the regulatory requirement that your organisation must comply with or/and refer to the various Industry standards to find out.
- You have done comprehensive risk assessment to identify the applications, people, processes, systems and protocols that deals with the sensitive data?
Once you have defined what is to be protected, next step is to find out who to protect it from? And how to protect it? Risk assessment can help you answer these questions. Identify all the key applications that processes that data, the system on which it resides, the network devices through it passes, the protocols that is uses, the people who uses it etc.
- You have designed workflow to handle policy violations and data breaches?
Incidence response workflow must be designed to tackle any data breaches. Flow-chart can be developed identifying steps to take to isolate the incident, people to notify immediately, and methods for the preservation of evidence for forensics. The entire process must be tested for its applicability
- Your organisation has clearly defined roles and responsibilities for each employee, including privileged users?
Clearly define the roles and responsibility for each employee. Identifying who is the owner of data? Who is the custodian of data? Who is the user of data? The answer to these questions will help you in assigning privileges to users on data.
Comments