Data Loss Prevention

 View Only

  • 1.  DLP Remediation

    Posted Apr 06, 2012 10:40 PM

    A lot of documentation has gone into the development and implementation of the DLP hardware and policies. However, I have found very little on the topic of remediation once the hardware and policies have been correctly implemented. It appears we have a hole: Without an effective remediation process the program is pointless. The topic deserves some more attention.

    I would like to start a discussion on the best practices for remediating DLP violations specifically email monitor violations. Essentially, once we have found an employee who violated policy, how do we ensure he/she does not repeat the violation?

    I’ll start the discussion with our current process.

    At my organization we rely heavily on the involvement of the direct manger. The manager is alerted of a violation and asked to work with the sender to prevent future occurrence. Closure is dependent on receipt of confirmation from the manager that the sender has been “remediated”. What that remediation entails is mostly left up to the manager. After the incident is closed no further action is taken. There are some further escalations if the sender were to become a repeat.

    We consider the golden statistic for effectiveness to be the number of users who continually generate violations: so called repeat offenders. My hope is to hear new ideas that may help decrease this number.



  • 2.  RE: DLP Remediation

    Posted Apr 09, 2012 11:50 AM

    Hi,

    I think every DLP implementations should (must) be accompanied by HR and Legal Departments from customer company, as they will know the legal path to take with employees that don't respect company's policies.

    If you are the implementation team, my advice is that you should never go into the punishment area (sometimes, customer wouldn't even allow it). Companies usually have it already figured out.

    You can train managers to work with DLP incidents console and advice about good practices if you a requested to, but that's it.

    You don't want to get in the middle, trust me.

     

    Hope this helps.

    Regards

    LG



  • 3.  RE: DLP Remediation

    Posted Apr 09, 2012 11:53 PM

    DLP Remediation will be more effective if you first aware your employee effectively to Dos and Donts while handling organization information. Though you implement effective config on DLP but at the same time you must have to make aware about importance of DLP. You should also consider the legal and HR views on this.