SlideShare a Scribd company logo

Information Leakage & DLP

Yun Lu, profile picture
Yun Lu

This document discusses information leakage and data loss prevention. It begins by defining information leakage as the intentional or unintentional disclosure of information to unauthorized parties. Information can leak through external hacking, insider leaks, outsourcing partners, or former employees. This leakage can cause financial and reputational loss for organizations. Frameworks like SOX and tools like DLP suites aim to prevent leakage and loss. The conclusion emphasizes the importance for executives to understand leakage risks and utilize prevention techniques and best practices.

EducationTechnologyBusiness
1 of 14
1
2
3
4
Most read
5
6
Most read
7
8
9
10
11
12
13
Most read
14
Information Leakage & Data Loss Prevention ACC626 Presented by: Carol Qianyun Lu July 23rd, 2013
Agenda What is Information Leakage? How and when it occurs? Impact on organizations Frameworks & DLP tools Implications for CA Conclusion
What is Information Leakage? Information leakage is an alternate term for information exposure Information exposure is the intentional or unintentional disclosure of information to a party that does not have access to that information (CWE, 2008) Common form of data loss Severity range widely depending on type of information that is revealed
How and when it occurs? External hack to organization’s confidential information Occur during outsourcing Acts of consultants who works for different firms concurrently Relevant to CAs who works as consultants and C-Suite Executive Between alliances and collaborating companies Leak from inside by employees
Leak from Inside Ways information can be leaked: Flash drives , USB devices, Other “lifestyle” devices iPods Bring-Your-Own-Device Former employees – Internal Control Deficiency Cyberspace Online Storage (e.g. Google – Gmail) Instant messages, emails, blogs
Impact on Organizations Financial and reputational loss Small leaks accumulate to big loss Loss of customer and employee private information Loss of competitive position Lawsuits or regulatory consequences
Frameworks The Privacy Act of 1974 – U.S. The Payment Card Industry Data Security Standards – U.S. Sarbanes-Oxley Act (SOX) – U.S. Federal Information Security Management Act (FISMA) – U.S.
DLP Tools Full DLP suites McAfee Data Loss Prevention - Commercial email security platform Controls for emails Websense TruWeb DLP, CISCO IronPort email and Google – Postini Stand-alone DLP products Code Green Networks, intrusion Inc., Workshare
Additional DLP Tools Internal Security Control Digital forensic techniques Network Security Solution E.g. Fidelis Security System’s XPS Deploy DLP tools as part of larger security suite
Implication on CA Safe environment for internet accounting information system Relevant to accounting profession Third party specialized auditor to appraise system Effective network security audit
Conclusion Extremely important for C-Suite executives to: understand information leakage Realize impact on organizations Utilize DLP tools Continuous effort to protect confidential information Combination of effective DLP implementation and best management practices
Work Cited Alawneh, M. & Abbadi I. (2008). “Preventing Information Leakage Between Collaborating Organizations”. Proceedings of the 10th International Conference on Electronic Commerce. No. 38. Pp. 1-10. Retrieved June 1, 2013, from ACM Digital Library: http://dl.acm.org.proxy.lib.uwaterloo.ca/results.cfm?h=1&cfid=221214407&cftoken=69627990 Baek, E. & Kim. Y. & Sung L. & Lee, S. (2008). “The design of framework for detecting an insider’s leak of confidential information”. 1st international conference on forensic applications and techniques in telecommunications, information, and multimedia and workshop. No.14. pp. 1-4. Retrieved June 1, 2013, from ACM Digital Library:http://dl.acm.org.proxy.lib.uwaterloo.ca/citation.cfm?id=1363217.1363236&coll=portal&dl=ACM Chen, A. & Chu, H. (2012). “Against the breaches: data loss prevention for online travelling services”. Information Security and Intelligence Control (ISIC). Pp.282-285. Retrieved June 1, 2013, from IEEE Xplore Digital Library:http://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=6449761&queryText%3DAgai nst+the+breaches%3A+data+loss+prevention+for+online+travelling+services CWE-200. (2008). “Information Leak (Information Disclosure)”. Common Weakness Enumeration. Retrieved June 1, 2013, from CWE: http://cwe.mitre.org/data/definitions/200.html Garretson, C. (2008). “Data-leak Prevention: Pros and Cons”. Network World. 25.1. pp. 1-39, Retrieved June 1, 2013, from ABI/Inform Global Database:http://search.proquest.com.proxy.lib.uwaterloo.ca/docview/215991675/13E68CFFDE85758648A/1?accountid=14906
Work Cited He, Q. & Chen, G. (2011). “Research of security audit of enterprise group accounting information system under internet environment”. Second international conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC). Pp. 516-519. Retrieved June 1, 2013, from IEEE Xplore:http://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=6010453&queryText%3DResearch+of+Sec urity+Audit+of+Enterprise+Group+Accounting+Information+System+under+Internet+Environment Hoecht, A. & Trott, P. (2006). “Outsourcing, information leakage and the risk of losing technology-based competencies”. European Business Review, Vol. 18 Iss:5. Pp.395-412. Retrieved June 1, 2013, from Emerald: http://www.emeraldinsight.com/journals.htm?issn=0955- 534X&volume=18&issue=5&articleid=1567303&show=abstract Irwin, K. & Yu, T. & Winsborough, WH. (2008). “Avoiding information leakage in security-policy-aware planning”. 7th ACM workshop on Privacy in the electronic society. Pp. 85-94. Retrieved June 1, 2013, from ACM Digital Library:http://dl.acm.org.proxy.lib.uwaterloo.ca/citation.cfm?id=1456403.1456418&coll=portal&dl=ACM Lawton, G. (2008). “New Technology Prevents Data Leakage”. Computer. Vol. 41 Iss: 9. Pp. 14-17. Retrieved June 1, 2013, from IEEE Xplore Digital Libraryhttp://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=4623215&queryText%3DNew+Technology+ Prevents+Data+Leakage: Lee, H-J. & Won, D. (2011). “Protection profile for data leakage protection system”. Proceedings of the Third international conference on Future Generation Information Technology. Pp. 316-326. Retrieved June 1, 2013, from ACM Digital Library:http://dl.acm.org.proxy.lib.uwaterloo.ca/citation.cfm?id=2183807.2183844&coll=DL&dl=GUIDE&CFID=221237978&CFTOKEN=52641 256 Liu, S. & Kuhn, R. (2010), “Data Loss Prevention”. IT Professionals, Vol. 12 No.2. pp. 10-13. Retrieved June 1, 2013, from IEEE Xplore Digital Library:http://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=5439507&queryText%3Ddata+loss+preven tion
Work Cited Murphy, J. (2008). “Data Loss Prevention: An Elixir for Privacy Compliance Headache?”. The EDP Audit, Control and Security Newsletter. Vol. XXXVIII, No. 6. Pp. 1-7. Retrieved June 1, 2013, from Scholars Portal:http://journals1.scholarsportal.info.proxy.lib.uwaterloo.ca/details-sfx.xqy?uri=/07366981/v38i0006/10_dlpaefpch.xml Norman, P. (2004), “Knowledge acquisition, knowledge loss and satisfaction in high technology alliances”, Journal of Business Research, Vol. 57 No. 6, pp. 610-9. Retrieved June 1, 2013, from ABI/Inform Global Database:http://search.proquest.com.proxy.lib.uwaterloo.ca/docview/232104520/fulltext/13E68DCF766941C339/1?accountid=1 4906# Oxley, J. and Sampson, R. (2004), “The scope and governance of international R&D alliances”, Strategic Management Journal, Vol. 25 Nos 8/9, pp. 723-49. Retrieved June 28, 2013, from Deep Blue: http://deepblue.lib.umich.edu/bitstream/handle/2027.42/34617/391_ftp.pdf?sequence=1 S-Koromina,V. et al., (2012). “Insider threats in corporate environments: a case study for data leakage prevention”. Proceedings of the Fifth Balkan Conference in Informatics, pp.271-274. Retrieved June 1, 2013, from ACM Digital Library:http://dl.acm.org.proxy.lib.uwaterloo.ca/citation.cfm?id=2371316.2371374&coll=DL&dl=ACM&CFID=221237978&CFTOK EN=52641256 Wuchner, T. & Pretschner, A. (2012). “Data Loss Prevention based on data-driven Usage Control”. IEEE 23rd International Symposium on Software Reliability Engineering. Pp. 151-160. Retrieved June 1, 2013, from IEEE Xplore Digital Library:http://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=6405363&queryText%3DData +Loss+Prevention+based+on+data-driven+Usage+Control Zinkewicz, P. (2009). “Dealing with Data Leakage”. Rough Notes, 152(4), 82-83. Retrieved June 1,2013, from Proquest: http://search.proquest.com.proxy.lib.uwaterloo.ca/docview/200371198?accountid=14906

More Related Content

PPTX
Data Loss Prevention
Reza Kopaee
 
PDF
Data Loss Threats and Mitigations
April Mardock CISSP
 
PDF
Data Leakage Prevention (DLP)
Network Intelligence India
 
PPTX
Data Loss Prevention from Symantec
Arrow ECS UK
 
PPTX
Data Loss Prevention in Office 365
CloudFronts Technologies LLP.
 
PPTX
Data Leakage Prevention
Dhananjay Aloorkar
 
PDF
1.1 Data Security Presentation.pdf
ChunLei(peter) Che
 
PPTX
Data Loss Prevention
dj1arry
 
Data Loss Prevention
Reza Kopaee
 
Data Loss Threats and Mitigations
April Mardock CISSP
 
Data Leakage Prevention (DLP)
Network Intelligence India
 
Data Loss Prevention from Symantec
Arrow ECS UK
 
Data Loss Prevention in Office 365
CloudFronts Technologies LLP.
 
Data Leakage Prevention
Dhananjay Aloorkar
 
1.1 Data Security Presentation.pdf
ChunLei(peter) Che
 
Data Loss Prevention
dj1arry
 

What's hot (20)

PDF
Overview of Data Loss Prevention (DLP) Technology
Liwei Ren任力偉
 
PPT
Security policy
Dhani Ahmad
 
PPTX
Employee Security Awareness Training
Denis kisina
 
PPTX
Information Security Awareness Training Open
Fred Beck MBA, CPA
 
PDF
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
PPTX
Advanced PII / PI data discovery and data protection
Ulf Mattsson
 
PPTX
Data Privacy Introduction
Prachi Gulihar
 
PPTX
Privacy & Data Protection
sp_krishna
 
PDF
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
PPT
DLP
saurabh.sood
 
PDF
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
PPTX
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
PPTX
Zero Trust Network Access
Er. Ajay Sirsat
 
PPTX
Technology Overview - Symantec Data Loss Prevention (DLP)
Iftikhar Ali Iqbal
 
PPT
Information security
LJ PROJECTS
 
PPTX
Data Security - English
Data Security
 
PPTX
Threats to information security
swapneel07
 
PDF
Metrics, Risk Management & DLP
Robert Kloots
 
PDF
Privacy and Data Security
WilmerHale
 
PPTX
what is data security full ppt
Shahbaz Khan
 
Overview of Data Loss Prevention (DLP) Technology
Liwei Ren任力偉
 
Security policy
Dhani Ahmad
 
Employee Security Awareness Training
Denis kisina
 
Information Security Awareness Training Open
Fred Beck MBA, CPA
 
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
Advanced PII / PI data discovery and data protection
Ulf Mattsson
 
Data Privacy Introduction
Prachi Gulihar
 
Privacy & Data Protection
sp_krishna
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
DLP
saurabh.sood
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Zero Trust Network Access
Er. Ajay Sirsat
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Iftikhar Ali Iqbal
 
Information security
LJ PROJECTS
 
Data Security - English
Data Security
 
Threats to information security
swapneel07
 
Metrics, Risk Management & DLP
Robert Kloots
 
Privacy and Data Security
WilmerHale
 
what is data security full ppt
Shahbaz Khan
 
Ad

Viewers also liked (16)

PPT
Data Leakage Presentation
Mike Spaulding
 
PPTX
Data Leakage Prevention
Microsoft TechNet - Belgium and Luxembourg
 
PPT
Information Leakage - A knowledge Based Approach
Global Business Events - the Heart of your Network.
 
PDF
The Definitive Guide to Data Loss Prevention
Digital Guardian
 
PPT
Data loss prevention (dlp)
Hussein Al-Sanabani
 
PDF
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
PDF
ISSA DLP Presentation - Oxford Consulting Group
aengelbert
 
PDF
Protection and defense against sensitive data leakage problem within organiza...
Alexander Decker
 
PDF
Data Leakage Prevention - K. K. Mookhey
Network Intelligence India
 
PDF
data-leakage-prevention
anuepcet
 
PDF
Symantec Data Loss Prevention 11
Symantec
 
PPT
Shariyaz abdeen data leakage prevention presentation
Shariyaz Abdeen
 
PDF
Introducing Data Loss Prevention 14
Symantec
 
PPT
apsec 7 Golden Rules Data Leakage Prevention / DLP
andreasschuster
 
PPTX
Data leakage detection
Vikrant Arya
 
PDF
Data Loss Prevention: Brainstorming
lkcyber
 
Data Leakage Presentation
Mike Spaulding
 
Data Leakage Prevention
Microsoft TechNet - Belgium and Luxembourg
 
Information Leakage - A knowledge Based Approach
Global Business Events - the Heart of your Network.
 
The Definitive Guide to Data Loss Prevention
Digital Guardian
 
Data loss prevention (dlp)
Hussein Al-Sanabani
 
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
ISSA DLP Presentation - Oxford Consulting Group
aengelbert
 
Protection and defense against sensitive data leakage problem within organiza...
Alexander Decker
 
Data Leakage Prevention - K. K. Mookhey
Network Intelligence India
 
data-leakage-prevention
anuepcet
 
Symantec Data Loss Prevention 11
Symantec
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz Abdeen
 
Introducing Data Loss Prevention 14
Symantec
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
andreasschuster
 
Data leakage detection
Vikrant Arya
 
Data Loss Prevention: Brainstorming
lkcyber
 
Ad

Similar to Information Leakage & DLP (20)

PPT
Managing insider threat
milliemill
 
PDF
Data trawling and security strategies
Venkata Karthik Gullapalli
 
PDF
Harnessing AI for Data Privacy through a Multidimensional Framework
ijcseit
 
PDF
Harnessing AI for Data Privacy through a Multidimensional Framework
ijcseit
 
PDF
HARNESSING AI FOR DATA PRIVACY THROUGH A MULTIDIMENSIONAL FRAMEWORK
ijcseit
 
PDF
HARNESSING AI FOR DATA PRIVACY THROUGH A MULTIDIMENSIONAL FRAMEWORK
ijcseit
 
PDF
June 2021 - Top 10 Read Articles in Network Security and Its Applications
IJNSA Journal
 
PDF
Most cited articles in academia - International journal of network security &...
IJNSA Journal
 
PDF
Ijsrp p5211
Vishvi Vidanapathirana
 
PDF
September 2021: Top 10 Read Articles in Network Security and Its Applications
IJNSA Journal
 
PDF
July 2021 - Top 10 Read Articles in Network Security & Its Applications
IJNSA Journal
 
PDF
May 2021: Top 10 Read Articles in Network Security and Its Applications
IJNSA Journal
 
PDF
TOP 5 Most View Article in Computer Science & Information Technology Research
AIRCC Publishing Corporation
 
PDF
August 2024 - Top 10 Cited Articles in International Journal of Security, Pri...
ClaraZara1
 
PDF
October 2020 - Top Read Articles in Network Security & Its Applications
IJNSA Journal
 
PDF
January 2021 - Top 10 Read Articles in Network Security & Its Applications
IJNSA Journal
 
PDF
March 2021: Top 10 Read Articles in Network Security and Its Applications
IJNSA Journal
 
PDF
My article about DLP Web Conference from RnD Express
Vera Trubacheva
 
PDF
Top cited Network Security Articles- Part 1
IJNSA Journal
 
PPTX
National seminar on emergence of internet of things (io t) trends and challe...
Ajay Ohri
 
Managing insider threat
milliemill
 
Data trawling and security strategies
Venkata Karthik Gullapalli
 
Harnessing AI for Data Privacy through a Multidimensional Framework
ijcseit
 
Harnessing AI for Data Privacy through a Multidimensional Framework
ijcseit
 
HARNESSING AI FOR DATA PRIVACY THROUGH A MULTIDIMENSIONAL FRAMEWORK
ijcseit
 
HARNESSING AI FOR DATA PRIVACY THROUGH A MULTIDIMENSIONAL FRAMEWORK
ijcseit
 
June 2021 - Top 10 Read Articles in Network Security and Its Applications
IJNSA Journal
 
Most cited articles in academia - International journal of network security &...
IJNSA Journal
 
Ijsrp p5211
Vishvi Vidanapathirana
 
September 2021: Top 10 Read Articles in Network Security and Its Applications
IJNSA Journal
 
July 2021 - Top 10 Read Articles in Network Security & Its Applications
IJNSA Journal
 
May 2021: Top 10 Read Articles in Network Security and Its Applications
IJNSA Journal
 
TOP 5 Most View Article in Computer Science & Information Technology Research
AIRCC Publishing Corporation
 
August 2024 - Top 10 Cited Articles in International Journal of Security, Pri...
ClaraZara1
 
October 2020 - Top Read Articles in Network Security & Its Applications
IJNSA Journal
 
January 2021 - Top 10 Read Articles in Network Security & Its Applications
IJNSA Journal
 
March 2021: Top 10 Read Articles in Network Security and Its Applications
IJNSA Journal
 
My article about DLP Web Conference from RnD Express
Vera Trubacheva
 
Top cited Network Security Articles- Part 1
IJNSA Journal
 
National seminar on emergence of internet of things (io t) trends and challe...
Ajay Ohri
 

Recently uploaded (20)

PPTX
Measures_of_location_-_Averages_and__percentiles_by_DR SURYA K.pptx
Surya Ganesh
 
PPTX
HEALTH CARE DELIVERY SYSTEM - UNIT 2 - GNM 3RD YEAR.pptx
Priyanshu Anand
 
PPTX
Basics and rules of probability with real-life uses
ravatkaran694
 
PPTX
A Smarter Way to Think About Choosing a College
Cyndy McDonald
 
PPTX
Tips Management in Odoo 18 POS - Odoo Slides
Celine George
 
PPTX
Information Texts_Infographic on Forgetting Curve.pptx
Tata Sevilla
 
PPTX
CDH. pptx
AneetaSharma15
 
PPTX
How to Manage Leads in Odoo 18 CRM - Odoo Slides
Celine George
 
PDF
2.Reshaping-Indias-Political-Map.ppt/pdf/8th class social science Exploring S...
Sandeep Swamy
 
DOCX
Modul Ajar Deep Learning Bahasa Inggris Kelas 11 Terbaru 2025
wahyurestu63
 
PDF
RA 12028_ARAL_Orientation_Day-2-Sessions_v2.pdf
Seven De Los Reyes
 
PPTX
An introduction to Dialogue writing.pptx
drsiddhantnagine
 
PPTX
Sonnet 130_ My Mistress’ Eyes Are Nothing Like the Sun By William Shakespear...
DhatriParmar
 
PDF
Biological Classification Class 11th NCERT CBSE NEET.pdf
NehaRohtagi1
 
PPTX
BASICS IN COMPUTER APPLICATIONS - UNIT I
suganthim28
 
PPTX
INTESTINALPARASITES OR WORM INFESTATIONS.pptx
PRADEEP ABOTHU
 
PPTX
family health care settings home visit - unit 6 - chn 1 - gnm 1st year.pptx
Priyanshu Anand
 
PPTX
Introduction to pediatric nursing in 5th Sem..pptx
AneetaSharma15
 
PDF
Module 2: Public Health History [Tutorial Slides]
JonathanHallett4
 
PPTX
Five Point Someone – Chetan Bhagat | Book Summary & Analysis by Bhupesh Kushwaha
Bhupesh Kushwaha
 
Measures_of_location_-_Averages_and__percentiles_by_DR SURYA K.pptx
Surya Ganesh
 
HEALTH CARE DELIVERY SYSTEM - UNIT 2 - GNM 3RD YEAR.pptx
Priyanshu Anand
 
Basics and rules of probability with real-life uses
ravatkaran694
 
A Smarter Way to Think About Choosing a College
Cyndy McDonald
 
Tips Management in Odoo 18 POS - Odoo Slides
Celine George
 
Information Texts_Infographic on Forgetting Curve.pptx
Tata Sevilla
 
CDH. pptx
AneetaSharma15
 
How to Manage Leads in Odoo 18 CRM - Odoo Slides
Celine George
 
2.Reshaping-Indias-Political-Map.ppt/pdf/8th class social science Exploring S...
Sandeep Swamy
 
Modul Ajar Deep Learning Bahasa Inggris Kelas 11 Terbaru 2025
wahyurestu63
 
RA 12028_ARAL_Orientation_Day-2-Sessions_v2.pdf
Seven De Los Reyes
 
An introduction to Dialogue writing.pptx
drsiddhantnagine
 
Sonnet 130_ My Mistress’ Eyes Are Nothing Like the Sun By William Shakespear...
DhatriParmar
 
Biological Classification Class 11th NCERT CBSE NEET.pdf
NehaRohtagi1
 
BASICS IN COMPUTER APPLICATIONS - UNIT I
suganthim28
 
INTESTINALPARASITES OR WORM INFESTATIONS.pptx
PRADEEP ABOTHU
 
family health care settings home visit - unit 6 - chn 1 - gnm 1st year.pptx
Priyanshu Anand
 
Introduction to pediatric nursing in 5th Sem..pptx
AneetaSharma15
 
Module 2: Public Health History [Tutorial Slides]
JonathanHallett4
 
Five Point Someone – Chetan Bhagat | Book Summary & Analysis by Bhupesh Kushwaha
Bhupesh Kushwaha
 

Information Leakage & DLP

  • 1. Information Leakage & Data Loss Prevention ACC626 Presented by: Carol Qianyun Lu July 23rd, 2013
  • 2. Agenda What is Information Leakage? How and when it occurs? Impact on organizations Frameworks & DLP tools Implications for CA Conclusion
  • 3. What is Information Leakage? Information leakage is an alternate term for information exposure Information exposure is the intentional or unintentional disclosure of information to a party that does not have access to that information (CWE, 2008) Common form of data loss Severity range widely depending on type of information that is revealed
  • 4. How and when it occurs? External hack to organization’s confidential information Occur during outsourcing Acts of consultants who works for different firms concurrently Relevant to CAs who works as consultants and C-Suite Executive Between alliances and collaborating companies Leak from inside by employees
  • 5. Leak from Inside Ways information can be leaked: Flash drives , USB devices, Other “lifestyle” devices iPods Bring-Your-Own-Device Former employees – Internal Control Deficiency Cyberspace Online Storage (e.g. Google – Gmail) Instant messages, emails, blogs
  • 6. Impact on Organizations Financial and reputational loss Small leaks accumulate to big loss Loss of customer and employee private information Loss of competitive position Lawsuits or regulatory consequences
  • 7. Frameworks The Privacy Act of 1974 – U.S. The Payment Card Industry Data Security Standards – U.S. Sarbanes-Oxley Act (SOX) – U.S. Federal Information Security Management Act (FISMA) – U.S.
  • 8. DLP Tools Full DLP suites McAfee Data Loss Prevention - Commercial email security platform Controls for emails Websense TruWeb DLP, CISCO IronPort email and Google – Postini Stand-alone DLP products Code Green Networks, intrusion Inc., Workshare
  • 9. Additional DLP Tools Internal Security Control Digital forensic techniques Network Security Solution E.g. Fidelis Security System’s XPS Deploy DLP tools as part of larger security suite
  • 10. Implication on CA Safe environment for internet accounting information system Relevant to accounting profession Third party specialized auditor to appraise system Effective network security audit
  • 11. Conclusion Extremely important for C-Suite executives to: understand information leakage Realize impact on organizations Utilize DLP tools Continuous effort to protect confidential information Combination of effective DLP implementation and best management practices
  • 12. Work Cited Alawneh, M. & Abbadi I. (2008). “Preventing Information Leakage Between Collaborating Organizations”. Proceedings of the 10th International Conference on Electronic Commerce. No. 38. Pp. 1-10. Retrieved June 1, 2013, from ACM Digital Library: http://dl.acm.org.proxy.lib.uwaterloo.ca/results.cfm?h=1&cfid=221214407&cftoken=69627990 Baek, E. & Kim. Y. & Sung L. & Lee, S. (2008). “The design of framework for detecting an insider’s leak of confidential information”. 1st international conference on forensic applications and techniques in telecommunications, information, and multimedia and workshop. No.14. pp. 1-4. Retrieved June 1, 2013, from ACM Digital Library:http://dl.acm.org.proxy.lib.uwaterloo.ca/citation.cfm?id=1363217.1363236&coll=portal&dl=ACM Chen, A. & Chu, H. (2012). “Against the breaches: data loss prevention for online travelling services”. Information Security and Intelligence Control (ISIC). Pp.282-285. Retrieved June 1, 2013, from IEEE Xplore Digital Library:http://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=6449761&queryText%3DAgai nst+the+breaches%3A+data+loss+prevention+for+online+travelling+services CWE-200. (2008). “Information Leak (Information Disclosure)”. Common Weakness Enumeration. Retrieved June 1, 2013, from CWE: http://cwe.mitre.org/data/definitions/200.html Garretson, C. (2008). “Data-leak Prevention: Pros and Cons”. Network World. 25.1. pp. 1-39, Retrieved June 1, 2013, from ABI/Inform Global Database:http://search.proquest.com.proxy.lib.uwaterloo.ca/docview/215991675/13E68CFFDE85758648A/1?accountid=14906
  • 13. Work Cited He, Q. & Chen, G. (2011). “Research of security audit of enterprise group accounting information system under internet environment”. Second international conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC). Pp. 516-519. Retrieved June 1, 2013, from IEEE Xplore:http://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=6010453&queryText%3DResearch+of+Sec urity+Audit+of+Enterprise+Group+Accounting+Information+System+under+Internet+Environment Hoecht, A. & Trott, P. (2006). “Outsourcing, information leakage and the risk of losing technology-based competencies”. European Business Review, Vol. 18 Iss:5. Pp.395-412. Retrieved June 1, 2013, from Emerald: http://www.emeraldinsight.com/journals.htm?issn=0955- 534X&volume=18&issue=5&articleid=1567303&show=abstract Irwin, K. & Yu, T. & Winsborough, WH. (2008). “Avoiding information leakage in security-policy-aware planning”. 7th ACM workshop on Privacy in the electronic society. Pp. 85-94. Retrieved June 1, 2013, from ACM Digital Library:http://dl.acm.org.proxy.lib.uwaterloo.ca/citation.cfm?id=1456403.1456418&coll=portal&dl=ACM Lawton, G. (2008). “New Technology Prevents Data Leakage”. Computer. Vol. 41 Iss: 9. Pp. 14-17. Retrieved June 1, 2013, from IEEE Xplore Digital Libraryhttp://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=4623215&queryText%3DNew+Technology+ Prevents+Data+Leakage: Lee, H-J. & Won, D. (2011). “Protection profile for data leakage protection system”. Proceedings of the Third international conference on Future Generation Information Technology. Pp. 316-326. Retrieved June 1, 2013, from ACM Digital Library:http://dl.acm.org.proxy.lib.uwaterloo.ca/citation.cfm?id=2183807.2183844&coll=DL&dl=GUIDE&CFID=221237978&CFTOKEN=52641 256 Liu, S. & Kuhn, R. (2010), “Data Loss Prevention”. IT Professionals, Vol. 12 No.2. pp. 10-13. Retrieved June 1, 2013, from IEEE Xplore Digital Library:http://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=5439507&queryText%3Ddata+loss+preven tion
  • 14. Work Cited Murphy, J. (2008). “Data Loss Prevention: An Elixir for Privacy Compliance Headache?”. The EDP Audit, Control and Security Newsletter. Vol. XXXVIII, No. 6. Pp. 1-7. Retrieved June 1, 2013, from Scholars Portal:http://journals1.scholarsportal.info.proxy.lib.uwaterloo.ca/details-sfx.xqy?uri=/07366981/v38i0006/10_dlpaefpch.xml Norman, P. (2004), “Knowledge acquisition, knowledge loss and satisfaction in high technology alliances”, Journal of Business Research, Vol. 57 No. 6, pp. 610-9. Retrieved June 1, 2013, from ABI/Inform Global Database:http://search.proquest.com.proxy.lib.uwaterloo.ca/docview/232104520/fulltext/13E68DCF766941C339/1?accountid=1 4906# Oxley, J. and Sampson, R. (2004), “The scope and governance of international R&D alliances”, Strategic Management Journal, Vol. 25 Nos 8/9, pp. 723-49. Retrieved June 28, 2013, from Deep Blue: http://deepblue.lib.umich.edu/bitstream/handle/2027.42/34617/391_ftp.pdf?sequence=1 S-Koromina,V. et al., (2012). “Insider threats in corporate environments: a case study for data leakage prevention”. Proceedings of the Fifth Balkan Conference in Informatics, pp.271-274. Retrieved June 1, 2013, from ACM Digital Library:http://dl.acm.org.proxy.lib.uwaterloo.ca/citation.cfm?id=2371316.2371374&coll=DL&dl=ACM&CFID=221237978&CFTOK EN=52641256 Wuchner, T. & Pretschner, A. (2012). “Data Loss Prevention based on data-driven Usage Control”. IEEE 23rd International Symposium on Software Reliability Engineering. Pp. 151-160. Retrieved June 1, 2013, from IEEE Xplore Digital Library:http://ieeexplore.ieee.org.proxy.lib.uwaterloo.ca/xpl/articleDetails.jsp?tp=&arnumber=6405363&queryText%3DData +Loss+Prevention+based+on+data-driven+Usage+Control Zinkewicz, P. (2009). “Dealing with Data Leakage”. Rough Notes, 152(4), 82-83. Retrieved June 1,2013, from Proquest: http://search.proquest.com.proxy.lib.uwaterloo.ca/docview/200371198?accountid=14906