Data Loss Prevention

 View Only
  • 1.  Standard Operating Procedure - Where to Start?

    Posted Jan 14, 2013 12:15 PM

    I have been given the responsibility of writing the SOP for the DLP tool and I have no idea where to start. I do however have great working knowledge of the tool. At this time we are only using the Network Incidents tab for PII and PCI.


    If anyone has any tips on where to begin and what to include, I would greatly appreciate it.



  • 2.  RE: Standard Operating Procedure - Where to Start?

    Posted Jan 16, 2013 02:09 PM

    For our environment the following makes sense:

    1.  Procedures for incident handling

    2.  Procedures for policy change

    3.  Procedures for other changes/upgrades

    I know this isnt much to go on, but it should give you a place to start.


  • 3.  RE: Standard Operating Procedure - Where to Start?
    Best Answer

    Posted Feb 07, 2013 03:46 AM

    Hi ,

     I am closely worked for SOP in prevous company, U can do below

    1)start with just monitoring and user awarenes (Escalation and closure with cautioning the users)

    2Incident management (false negative incident identification-escalation-closure with remark)

    3)Preparing inputs for false positive incidents reduction (Whitelist and IP filtering technology) for network and enpoints

    4)Providing diffrent types of vialation report to Information Securty dept for policy review

    5)Stabalization DLP and maturing the policy to block the confidentail data with creation some responce rule

    6)Once policy matured appropriate level start taking action on genuine incidents 

    5) Provideng monthlt/quaterly presentation for progress ti ISG stakeholders.