Often, companies pay more attention to external threats: spam and phishing attacks, viruses (Trojan software, worms), website spoofing, spyware and adware, and social engineering. But in fact, internal threats can cause a company much more serious damage than intruders from the outside.
In principle, any employee of the company can be a potential insider and put information security at risk. No one is safe from malicious intent or simple mistakes: from the lowest-level employee to top managers.
The operating principle of the DLP system is simple, and consists of analysis of all information: outgoing, incoming, and circulating within the company. Using algorithms, the system identifies the type of information, whether it is critical, and if it goes where it is not supposed to go, the system blocks the transmission and/or notifies the responsible employee about it.
The basis of DLP is a set of rules. They can be of any complexity and relate to various aspects of the work. If someone violates them, the responsible person(s) receive a notification.
IT Partner responsibilities #
- Together with the client, determine the types of data and resources that need to be included in the policy, as well as the parameters of the policy itself
- Create the statement of work describing DLP configuration requirements
- Configure the necessary policies according to the document
Client responsibilities #
- Coordinate Client resources and staff schedules
- Provide a dedicated point of contact responsible for working with IT Partner
- Report requirements for DLP settings and participate in the preparation of the statement of work for DLP settings
- Coordinate any outside vendor resources and schedules
- Configure all network equipment, such as load balancers, routers, firewalls, and switches
- Review and approve engagement deliverables in a timely manner
Additional cost items not provided by the project #
Upon completion of the project, we will provide a project closeout report. This document will indicate the final project status including acceptance criteria matching, outstanding issues, and the final budget. If you require more extensive documentation, it can be provided for an additional fee.
Office 365 subscription with one of the following services:
The plan may vary depending on your needs.
- Kickoff meeting
- Preliminary data collection
- Statement of work preparation and approval
- Creation of policies and their application
- Verification and fixing issues
Success Criteria #
- The statement of work describing the requirements for DLP settings is prepared
- DLP policies are configured according to the statement of work
IT systems monitoring is an integral part of enterprise information infrastructure managing, which consists of constant control and periodic analysis of IT infrastructure components by tracking the dynamics of changes occurring with them. The key objective of IT monitoring systems is to obtain, store, and analyze information about the state of the controlled elements of the company IT structure. A special program allows you to quickly respond to problems in the work of IT services, as well as effectively prevent malfunctions.
Information rights management is a technology that allows you to limit the transfer, copying, printing, and other unauthorized actions on data by prohibiting them in protected documents and email messages. This allows you to avoid unauthorized access to messages that have confidential data, both in case of accidental information leak to third parties and intentional information disclosure attempts.