Chicago (Midwest) Data Loss Prevention User Group

 View Only

EDM and Field Matching - What is valuable?

  • 1.  EDM and Field Matching - What is valuable?

    Posted Mar 02, 2016 04:49 PM

    We are rolling out DLP 14 and leveraging EDM for certain functions within the suite. We have several fields that will be included and it has been suggested that we match on any two of the fields within the EDM data. This is getting somewhat tricky for several reason around the number of source files/data profiles/index files needed to successfully capture this data but reduce false positives. We plan to use the following fields:

    • First Name
    • Last Name
    • SSN - (unique)
    • Card #(s) - (unique)
    • Account #(s)
    • Member/User ID (unique)

    Now while the fields are common the issue I have with matching on 2 of the above is there any value in some of the combos such as first name and card #? Or better yet what about only matching on first OR last name and one of the other values. With the choices of multi token detection and matching on 2 or 3 recommended values it turns into a headache trying to create the right source files and data profiles to be leveraged in policy to match effectively yet efficiently.

    So I ask the forum to pitch in from experience or even simple insight on the topic to help me realize if I'm overthinking this or truly going to have to make all these decisions only based on our needs. I know in the end its our environment but there has to be a best practice for EDM re: how many fields and files and rules.

    Thanks,

    Adam