Data Loss Prevention

Greatings, I have Symantec DLP 14.0 installed and am working on documentation of the different roles (including permissions) and responsibilities and am looking for a wheel that has already been created instead of re-creating it.  What would be desirable is a list of the various roles that you use in your environment from incident management, policy creator and infrastructure management.  The goal is that none of the roles have complete access to create\update policies AND ability to enable\disable policies, view and manage incidents AND not able to enable\disable policies, etc.  Keeping segregation of duties as number one for auditing and best practices.  What are people out there doing?  Thanks in advance!

hello Joe,

 usually i create several roles in order to manage seggregation of duties :

- one role to technically manage the tool (server administration) but no access to policies nor incident.

- one role to manage account and role (unfortunately we cannot split that with existing DLP privilege).

- one role to manage policies (create/update/delete). You cannot split these policy privileges. Sinve v14.0 you can create a dedicated role to review policies, with only a read privilege on all policies. You can split also this role into several based on policy groups, so you may have some people working on network policies some others on endpoint policies.....

- several to manage incident depending on incident assessment workflow designed with my customer. You can introduce several seggregation at this level based on incident originator attributes, incident type (network, endpoint,...), ..... Main thing is that usually i just give right to delete incident to very few roles.

 It is very important to have this kind of seggregation in your role definition, check that you will have enough people working on DLP because if not at the end few users will combine several roles

 regards

 Regards