Video Screencast Help

Standard Operating Procedure - Where to Start?

Created: 14 Jan 2013 • Updated: 06 Mar 2013 | 2 comments
This issue has been solved. See solution.

I have been given the responsibility of writing the SOP for the DLP tool and I have no idea where to start. I do however have great working knowledge of the tool. At this time we are only using the Network Incidents tab for PII and PCI.

 

If anyone has any tips on where to begin and what to include, I would greatly appreciate it.

 

Thanks!

Comments 2 CommentsJump to latest comment

Jsneed's picture

For our environment the following makes sense:

1.  Procedures for incident handling

2.  Procedures for policy change

3.  Procedures for other changes/upgrades

I know this isnt much to go on, but it should give you a place to start.

 

kishorilal1986's picture

Hi ,

 I am closely worked for SOP in prevous company, U can do below

1)start with just monitoring and user awarenes (Escalation and closure with cautioning the users)

2Incident management (false negative incident identification-escalation-closure with remark)

3)Preparing inputs for false positive incidents reduction (Whitelist and IP filtering technology) for network and enpoints

4)Providing diffrent types of vialation report to Information Securty dept for policy review

5)Stabalization DLP and maturing the policy to block the confidentail data with creation some responce rule

6)Once policy matured appropriate level start taking action on genuine incidents 

5) Provideng monthlt/quaterly presentation for progress ti ISG stakeholders.

SOLUTION