Data Loss Prevention

 View Only

  • 1.  Any documentation on Industry Standard?

    Posted Mar 06, 2013 01:08 PM

    I was wondering if anyone had any documentation on an industry standard of compliance violations per number of employees in the company. We are trying to get a paper together to see what others companies that use DLP are seeing and the number of dlp violations per month per company with an employee size.

     

    Currently in my company which has an employee size of ~25,000 we see about 8,000-16,000 blocks of PII data a month to USB or other external device. We are hoping to take this to our CISO to give a comparison on where we stand.



  • 2.  RE: Any documentation on Industry Standard?

    Posted Mar 06, 2013 10:29 PM

    Hi Mike,

    There is no such std doc. Its a just process to reduce the data leak incidents. You can create presentation to show the stratics of incident with different trend.



  • 3.  RE: Any documentation on Industry Standard?

    Posted Mar 07, 2013 12:54 AM

    Hi MIke ,

    There is no such documentation u r looking for. Its and ur internal IT security process and procedure to make it documentated. Symantec DLP does not provide support for this but as I have worked on this I can guide u somehow.

    There is predefine reports in DLP which can be filtered out as per requirement to find the trend of threats currently happening in organization.

    U can generate such incident report for endpoint ny source,destibation, protocol, enepoint responce (user cancel etc,) and prepare a dashboard or presenation to show the situation and associated solution based on report and analysis.



  • 4.  RE: Any documentation on Industry Standard?

    Trusted Advisor
    Posted Mar 07, 2013 02:52 AM

    Hi mike,

     

     Not that easy to get such information cause usually companies dont want to share this information. May be you can find some useful statistics on datalossdb.org or in last year ponemon study. Let me know if you cant find these docs, i have them so i can send you a copy but not sure you will get type of information you expect.

     

     Regards.



  • 5.  RE: Any documentation on Industry Standard?

    Posted Mar 07, 2013 12:47 PM

    I understand the reporting capabilities in DLP itself and I have dashboards and daily reports of my company. But my big bosses want to see how we are compared to others.

     

    Stephane, thank you for the site as that is amazing!! I figured that most companies do not want to publish data leaks that I am looking for.



  • 6.  RE: Any documentation on Industry Standard?

    Trusted Advisor
    Posted Mar 08, 2013 01:45 AM

    Mike,

     May be you can ask Symantec (or any other DLP vendor) to give you some contact in a company with same business activity as yours in order to have a direct call or meeting with them and share information like that in a "non official way".

     regards.