term papers categories

 

  Business

 

Running Head: Data Leakage Protection

Data Leakage Protection

[Author’s Name]

[Institution’s Name]

 

Stemming the Information Leak from Your Business

Data leakage can have a devastating effect on businesses. Designs, marketing strategies, customer lists, active tender proposals – the loss or leakage of such sensitive information can have huge ramifications if this finds its way into the wrong hands. And whilst most companies tend to treat information security as an IT issue, nefarious computer hacking wizards are not the greatest threat.
Instead, the culture and people within an organisation are far more likely to be the source of data leakage. The way in which information is treated within a company and the means by which it flows between the people and systems is the primary risk to data security. Whether deliberately, or more likely, inadvertently, employees are usually more responsible than hackers for breaches of information trust.

However, this risk can be mitigated by controlling the flow of information and access to storage locations, as well as addressing the behaviour of information owners and employees in general. Here we examine the issues surrounding data leakage in the modern work environment and outline measures that can be taken to improve security (Provilla, 2007).

The Impact of Data Breaches

Click to Order a Custom Term Paper Now...

Given the emphasis placed on information in modern markets, it is hardly surprising that data security is becoming an enterprise-wide concern. Information security has become a specialist discipline in its own right, and mailing lists are replete with stories of information leakage on an almost daily basis. The exact impact of such incidents can vary, but they are invariably expensive. In a recent study commissioned by the PGP Corporation and Vontu Inc. into 31 organisations that lost confidential customer information, the average cost of an information security breach was calculated at US$4.8 million. Even the minimum was US$226,000, whilst the most expensive leak had cost US$22 million (Provilla, 2007).

Information Security is bigger than IT Security

Incidents involving dramatic data loss appear frequently in the media. However, most information security experts will agree that despite this publicity, not much is actually done to counter information leakage in organisations. There may be a number of reasons for this. One explanation is that many executives believe ‘information security’ is just another term for ‘IT Security’ and is therefore the responsibility of the IT Manager. This belief might explain why the question ‘Is our information secure?’ is frequently answered with ‘Yes, we have firewalls’ (www.bigfix.com). 

Click to Order a Custom Term Paper Now...

Unfortunately, whilst firewalls might be an appropriate measure against intrusive hacking, information does not reside only in the digital environment. It also ‘lives’ in hardcopy and in the heads of personnel. In fact, information is constantly flowing between these three ‘containers’ when it is not at rest.  These concepts relating to the nature and behaviour of information can be incorporated into a single model that shows generic flows of information in organisations (http://64.233.183.104). 

It therefore follows that information compromises can occur on softcopy, hardcopy or with personnel as well as with any information flow from one container to another (including containers of the same type). Logic dictates that the source of information loss is irrelevant to the resultant impact. Where malicious threat agents are concerned, they are likely to adopt the most convenient avenue of attack and there are many avenues available. Protecting only one type of container (usually the electronic one) is a false economy.
If information security is to be competently implemented, the level of protection afforded to a particular piece of information must be independent of the media it resides on or the means by which it is transmitted. This is at odds with modern organisational trends that focus only on securing IT systems from outside attack and overlook the other two containers.

Click to Order a Custom Term Paper Now...

There is no denying therefore that information security is a complex problem given the large number of potential angles of attack upon assets. However, despite plenty of pessimistic literature pointing out that information security strategies are not preventing leakage, there is also a great deal of positive guidance available on the prevention of security breaches (Ahmad, Ruighaver, 2005).

The Good News

Not all information needs special protection. In fact, in a typical organisation the percentage of information assets that are sensitive is likely to be very small. The kinds of information that do tend to be sensitive include customer lists, insurance policies, financial data, intellectual property, legal documents, executive correspondence and marketing/budget projections. This makes up a very small portion of the volume of information that circulates in modern organisations (www.bigfix.com).

Click to Order a Custom Term Paper Now...

Most kinds of sensitive information do not require extensive circulation, so controlling access becomes simplified. Many items in the above list of information assets tend to be circulated amongst only a small group of employees with a similar job function. For example, legal advice, insurance policies and executive correspondence are not shared throughout the organisation. 

Blanket policies that dictate how information should be handled are doomed to failure if there has been no consideration of established organisational cultures. These need to be investigated before changes are made, so that security measures complement existing practices rather than oppose them. For example, a clean desk policy suddenly implemented in an organisation where the routine pattern of work makes use of large amounts of paper shared between colleagues is unlikely to succeed, and indeed, risks being actively circumvented. Policies need to be tailored to those assets or teams that are most sensitive rather than affecting productivity and morale by instituting sweeping policies that treat all information equally. This is perhaps the most common and fundamental mistake committed by organisations (http://64.233.183.104). 

The information environment is constantly changing, so actively monitoring and adapting to change is mandatory. Although this seems like common sense, it requires spending money over a long period of time and having the personnel to maintain a consistent focus on security. This is a challenge on both fronts as organisations tend to look at security as a technical problem that can be solved by buying a product, as opposed to a management problem that requires an ongoing process. Trends like the increase in remote working, reliance on wireless technologies and the abundance of portable storage devices are just some of the recent issues that need to be constantly monitored for their implications (Ahmad, Ruighaver, 2005).

Click to Order a Custom Term Paper Now...

It is important to recognise that protecting information requires specialised expertise. Identification and assessment of information security risks is a specialised domain and cannot be assigned to general project or engineering risk experts.

Protecting Your Assets

Information Security specialists can take positive steps towards protecting information assets from leakage. There are basically five steps towards information security: (www.bigfix.com)

  • Identify which information assets are ‘sensitive’
  • Identify where sensitive information resides and how it flows 
  • Define how information should be handled in the organization
  • Develop controls and assign responsibility for enforcing handling procedures
  • Train employees to handle information according to policies

Conclusion

Information leakage is certainly not a new problem, however, the introduction of digital systems has fundamentally changed the way organisations function and their culture of information interaction. The introduction of a new information ‘container’ and associated information flows opens up a range of potential vulnerabilities. Unfortunately, the security landscape has become more complicated and many organisations have misunderstood or are reluctant to grapple with the apparent complexity of the problem and tend to focus on IT security only (www.bigfix.com).

Organisations can identify and control sensitive information assets by investigating their culture and adopting a security strategy. Information security specialists can assist as they have methodologies and experience to guide organisations along this challenging journey.

Click to Order a Custom Term Paper Now...

References

Ahmad, A., and Ruighaver, A.B., An Information-Centric    Approach to Data Security in Organizations. In R Harris (ed), Proceedings of Tencon 2005: 2005 IEEE Region 10. 1  5. Melbourne: Swinburne University, 2005

Provilla, Encryption and Data Leak Prevention: Protection for Unauthorized Outsiders and Authorized Insiders, August  24, 2007

http://64.233.183.104/search?q=cache:pO5d-bYsRXAJ:catalyst.burtongroup.com/EU07/MondayWorkshops.pdf+Data+Leakage+Protection&hl=en&ct=clnk&cd=22

http://www.bigfix.com/products/policymodules/dataleakprevention.html
 
 


Disclaimer: These papers are to be used for research/reference purposes only. All papers should be used with proper references.

 

© Copyright 1996-2008 Best Term Paper and Research Papers