Data and Information Leakage Prevention Within the Scope of Information Security

Incidents involving data breaches are ever-present in the media since several years. In order to overcome this threat, organizations apply enterprise content-aware data leakage prevention (DLP) solutions to monitor and control data access and usage. However, this paper argues that current solutions are not able to reliably protect information assets. The analyses of data breaches reported in 2014 reveal a significant number of data leakage incidents that are not within the focus of the DLP solutions. Furthermore, these analyses indicate that the classification of the provided data breach records is not qualified for detailed investigations. Therefore, advanced criteria for characterizing data leakage incidents are introduced, and the reported records are extended. The resulting analyses illustrate that DLP and information leakage prevention (ILP) demand various information security (IS) measures to be established in order to reduce the risk of technologically based data breaches. Furthermore, the effectiveness of DLP and information leakage prevention (ILP) measures is significantly influenced by non-technological aspects, such as the human factor. Therefore, this paper presents a concept for establishing DLP and ILP within the scope of IS.

[1]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .

[2]  Gustavus J. Simmons,et al.  The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.

[3]  M. E. Maron,et al.  Automatic Indexing: An Experimental Inquiry , 1961, JACM.

[4]  Bernhard Ager,et al.  Can Content-Based Data Loss Prevention Solutions Prevent Data Leakage in Web Traffic? , 2015, IEEE Security & Privacy.

[5]  Lior Rokach,et al.  A Survey of Data Leakage Detection and Prevention Solutions , 2012, SpringerBriefs in Computer Science.

[6]  Pau-Chen Cheng,et al.  An experimental study on the measurement of data sensitivity , 2011, BADGERS '11.

[7]  R. A. Grant,et al.  Computerized performance monitors: factors affecting acceptance , 1991 .

[8]  K. North Wissensorientierte Unternehmensführung : Wertschöpfung durch Wissen , 2005 .

[9]  Omar F. El-Gayar,et al.  Security Policy Compliance: User Acceptance Perspective , 2012, 2012 45th Hawaii International Conference on System Sciences.

[10]  Mordechai Guri,et al.  BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[11]  A. Turing On Computable Numbers, with an Application to the Entscheidungsproblem. , 1937 .

[12]  Vincent H. Berk,et al.  Data exfiltration and covert channels , 2006, SPIE Defense + Commercial Sensing.

[13]  É. Ouellet Magic Quadrant for Content-Aware Data Loss Prevention , 2010 .

[14]  Ping An Wang Information security knowledge and behavior: An adapted model of technology acceptance , 2010, 2010 2nd International Conference on Education Technology and Computer.

[15]  Barbara Hauer Data Leakage Prevention - A Position to State-of-the-Art Capabilities and Remaining Risk , 2014, ICEIS.

[16]  Rob Johnson,et al.  Text Classification for Data Loss Prevention , 2011, PETS.

[17]  K. Gödel Über formal unentscheidbare Sätze der Principia Mathematica und verwandter Systeme I , 1931 .

[18]  Jennifer E. Rowley,et al.  The wisdom hierarchy: representations of the DIKW hierarchy , 2007, J. Inf. Sci..