04 August 2019

🛡️Information Security: Data Loss Prevention [DLP] (Definitions)

"Attempts to prevent the loss of confidentiality of sensitive information by limiting the use of confidential information only for authorized purposes." (David G Hill, "Data Protection: Governance, Risk Management, and Compliance", 2009)

"A set of technologies and inspection techniques used to classify information content contained within an object—such as a file, an email, a packet, an application or a data store - while at rest (in storage), in use (during an operation), or in transit (across a network). DLP tools also have the ability to dynamically apply a policy - such as log, report, classify, relocate, tag, and encrypt - and/or apply enterprise data rights management protections." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"Data loss prevention (DLP; also known as data leak prevention) is a computer security term referring to systems that identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, and so on) and with a centralized management framework. Systems are designed to detect and prevent unauthorized use and transmission of confidential information." (Robert F Smallwood, "Information Governance for Healthcare Professionals", 2018)

[data leak prevention (DLP):] "The actions that organizations take to prevent unauthorized external parties from gaining access to sensitive data." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide, 8th Ed", 2018)

"A capability that detects and prevents violations to corporate policies regarding the use, storage, and transmission of sensitive data. Its purpose is to enforce policies to prevent unwanted dissemination of sensitive information." (Forrester)

 "A systems ability to identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep packet content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.), within a centralized management framework. Data loss prevention capabilities are designed to detect and prevent the unauthorized use and transmission of NSS information." (CNSSI 4009-2015) 

No comments:

Related Posts Plugin for WordPress, Blogger...

About Me

My photo
Koeln, NRW, Germany
IT Professional with more than 24 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.