Definitions Edit

Data loss prevention (DLP) is

[a] set of procedures and mechanisms to stop sensitive data from leaving a security boundary.[1]
the identification and safeguarding of information that should have controlled or limited distribution, that is, data that should not be in the public domain.[2]

Data loss prevention (DLP)

refers to software which monitors and detects data being written to external media or transferred out of an organization (e.g., e-mail).[3]

Overview Edit

Example data types that should be covered by data loss prevention efforts include (but are not limited to)

DLP is the umbrella term used for efforts to ensure that limited distribution data is only available as authorized. Controls on limited distribution data include both data at rest (data temporarily or permanently stored in any way, including but not limited to physical drives and non-volatile or volatile memory), data in motion (data being transmitted within a device or between devices by any means), and data in processing (data being acted on by a process).

Mobile devices Edit

Mobile infrastructure data loss prevention focuses on preventing restricted information from being transmitted to mobile devices, or from mobile devices to unauthorized locations outside the organization. A DLP solution monitors all traffic flowing to mobile devices from the organizational infrastructure, validating the traffic against a set of pre-defined words, phrases, images, and patterns that are considered too sensitive to leave the enterprise boundary. DLP solutions may also be configured to monitor traffic sent from mobile devices to entities outside the enterprise boundary. Traffic that contains sensitive information is either blocked or logged for future investigation.

References Edit

  1. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  2. Mobile Security Reference Architecture (document), at 87.
  3. DHS Information Sharing and Safeguard Strategy, at 13 n.19.

Sources Edit

See also Edit