Data loss prevention (DLP) software monitors, detects, and blocks sensitive data in use, in motion, and at rest to stop data from exfiltration. Which of the following measures is least commonly employed in DLP?
A. Encryption
B. Intrusion prevention
C. User activity monitoring
D. Rule and regular expression matching
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Intrusion prevention.
Intrusion prevention is about detecting and preventing inbound traffic or attacks, while DLP works on outbound traffic or data breach.
Data loss prevention (DLP) software detects and prevents personnel who are authorized to access sensitive information from any intentional or unintentional data breach. For example, to prevent an unintentional breach because of sending an email with classified attachments without encryption or watermark that violates the security policy.
- Rule and regular expression matching analyze if classified documents are involved.
- User activity monitoring detects classified documents are attached in the email.
- DLP prohibits the user from sending unencrypted emails
According to Wikipedia, the technological means employed for dealing with data leakage incidents can be divided into categories as follows, although only the latter category (Designated DLP systems) is currently thought of as DLP today.
- Standard security measures, such as firewalls, intrusion detection systems (IDSs), and antivirus software.
- Advanced/intelligent security measures, such as machine learning and temporal reasoning algorithms, honeypots, and user activity monitoring.
- Access control and Encryption
- Designated DLP systems
Reference
- Data loss prevention software
- Data exfiltration
- 10 Best Data Loss Prevention Software in 2020
- Technology Overview – Symantec Data Loss Prevention (DLP)
- WHAT ARE DATA LOSS PREVENTION (DLP) BEST PRACTICES?
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
數據丟失防護(DLP)軟件監視、檢測和阻止正在使用,移動和靜止狀態下的敏感數據,以防止數據洩漏(exfiltration)。 DLP中最不常用以下哪種措施?
A. 加密
B. 預防入侵 (Intrusion prevention)
C. 用戶活動監控
D. 規則和正則表達式(regular expression)匹配
D