Data Loss Prevention

 View Only

  • 1.  DLP Health Metrics

    Posted May 11, 2015 08:56 AM

    Hello,

    I am in the process of gathering metrics for DLP and have been asked by management to determine the "health" of DLP.  Are there any industry standard metrics which demonstrate the health of DLP?  Either listing the metrics here or pointing me to a document would be great.

    Thanks,

    Evan



  • 2.  RE: DLP Health Metrics

    Posted May 11, 2015 10:46 AM

    When gauging the health of DLP you can break it that down to DLP software (incidents, policies, etc) and DLP infrastructure (Server performance, database size/performance, etc).

    I can't provide specifics when measuring against an industry standard but I would check the following:

    DLP Software:

    • Incident reports - New, Esclated, Resolved, etc.
    • System --> Servers --> Overview
    • System --> Servers --> Traffic

    DLP Infrastructure:

    • Enforce server performance.
    • Oracle database performance and size.
    • Oracle db server performance.


  • 3.  RE: DLP Health Metrics

    Posted May 11, 2015 12:02 PM

    Would add DLP Agents health to your metrics.

     BR,



  • 4.  RE: DLP Health Metrics

    Posted May 12, 2015 09:49 AM

    DLP Incidents:

    Generated Incidents

    -Labeled True Positives

    -Labeled False Positives

    -Labeled False Negatives

     

    The purpose is to identify the total accuracy of a designed policy.   In the wild it is not possible to identify the recall of all targeted documents but in QA or Testing you should strive for 100% recall and 100% precision. While this may be an unlikely goal it is important to at least attempt to generate an F-Score especially if you know how many documents or transactions you are looking for.

    http://en.wikipedia.org/wiki/F1_score

     

     



  • 5.  RE: DLP Health Metrics

    Posted May 21, 2015 12:13 PM

    Thanks for all the responses everyone!  I will definitely use these.