Data Loss Prevention (DLP) focuses on preventing the unauthorised sharing, movement, or loss of sensitive data within an organisation. DLP solutions monitor, detect, and block the transfer of critical information across networks, endpoints, and devices. The goal is to safeguard sensitive data from being inadvertently or maliciously exposed, and to ensure compliance with data protection regulations such as the GDPR, HIPAA, or the Data Protection Act.

———————————————————————————————————

Level 1 Certification

———————————————————————————————————

Measure 16.1: Implement Basic DLP Tools and Monitoring

Does your enterprise have basic DLP tools in place to monitor and prevent unauthorised access or transfer of sensitive data?
Example: Use basic DLP tools such as Windows Information Protection (WIP) or a simple endpoint DLP solution to monitor sensitive data on local devices and prevent its unauthorised transfer to external locations like email or USB drives.

Measure 16.2: Define and Classify Sensitive Data

Does your enterprise have a clear understanding of what data is considered sensitive or critical?
Example: Categorise sensitive data within the business, such as customer personal information, financial records, or intellectual property. Clearly define what data needs to be protected and ensure all employees are aware of these classifications.

Measure 16.3: Educate Employees on Data Handling Best Practices

Does your enterprise provide basic training to employees on how to handle and protect sensitive data?
Example: Provide training on how to safely store, transfer, and share sensitive data, ensuring that employees understand the risks of emailing confidential information or using unsecured file-sharing services.

Measure 16.4: Restrict USB and External Storage Devices

Does your enterprise control the use of external devices to prevent unauthorised data transfers?
Example: Implement controls to limit the use of USB drives and external storage devices, ensuring that only authorised personnel can access sensitive data on removable media.

———————————————————————————————————

Level 2 Certificaton

To achieve Level 2: Level 1 must also be achieved.

———————————————————————————————————

Measure 16.5: Deploy Advanced DLP Solutions Across Endpoints

Does your enterprise use advanced DLP tools that provide comprehensive protection for endpoints, emails, and network traffic?
Example: Deploy enterprise-level DLP solutions such as Symantec DLP or Digital Guardian across all endpoints and communication channels to monitor and block unauthorised access or sharing of sensitive data in real-time.

Measure 16.6: Monitor and Control Data Transfers Across Networks

Does your enterprise monitor data transfers within your network to detect and block unauthorised transmissions of sensitive information?
Example: Use DLP solutions to monitor email, instant messaging, and file-sharing applications for sensitive data being sent outside the organisation, and configure these solutions to block such transfers.

Measure 16.7: Implement Role-Based Access Control (RBAC)

Does your enterprise implement role-based access to ensure that only authorised personnel can access or handle sensitive data?
Example: Configure your network and DLP tools to restrict access to sensitive information based on job roles. For instance, only employees in the finance department may access financial records or customer payment information.

Measure 16.8: Regularly Audit Data Access and Transfers

Does your enterprise perform regular audits to identify any unauthorised attempts to access or transfer sensitive data?
Example: Implement periodic audits of your DLP logs to detect any unusual or unauthorised data access or transfers. Investigate any incidents to ensure compliance and identify potential vulnerabilities.

Measure 16.9: Educate Employees on DLP and Compliance Policies

Does your enterprise provide regular training to employees on DLP policies and compliance regulations?
Example: Conduct regular workshops or online training sessions to educate staff on DLP tools, data security practices, and the regulatory requirements for data protection such as GDPR.

———————————————————————————————————

Level 3 Certificaton

To achieve Level 3: Level 2 and Level 1 must also be achieved.

———————————————————————————————————

Measure 16.10: Implement Companywide DLP Solutions with Integration

Does your enterprise deploy a comprehensive, integrated DLP solution that spans endpoints, email, cloud storage, and network traffic?
Example: Implement an enterprise-wide DLP solution such as Forcepoint or McAfee Total Protection, ensuring all areas of your organisation, including email, cloud storage, and endpoint devices, are protected from unauthorised data sharing or loss.

Measure 16.11: Automate Incident Response for DLP Alerts

Does your enterprise automate the response to DLP alerts to ensure timely action is taken when a breach is detected?
Example: Set up automated workflows within your DLP system to notify security teams of critical incidents, such as large data transfers or attempts to send sensitive data outside of the network. Include automated responses such as blocking data transfers or locking down user accounts.

Measure 16.12: Conduct Ongoing Risk Assessments and Testing

Does your enterprise perform regular risk assessments and penetration testing to identify and mitigate DLP vulnerabilities?
Example: Conduct annual security assessments and penetration testing to simulate real-world attacks, identifying any weaknesses in your DLP controls. Use the results to improve your system and refine your security policies.

Measure 16.13: Integrate DLP with Other Security Tools

Does your enterprise integrate DLP solutions with other security systems, such as firewalls, endpoint protection, and SIEM?
Example: Integrate your DLP tools with your Security Information and Event Management (SIEM) system for a comprehensive view of your organisation’s security landscape. This enables real-time monitoring and quicker detection of threats related to data loss.

Measure 16.14: Enforce Data Encryption and Secure Access Control for Sensitive Data

Does your enterprise enforce encryption for sensitive data at rest and in transit, and control access using strong authentication?
Example: Ensure that all sensitive data, whether stored on internal systems or being transferred across the network, is encrypted using strong encryption methods. Implement multi-factor authentication (MFA) to secure access to sensitive data.

———————————————————————————————————