Data loss prevention (DLP) is
|“||[a] set of procedures and mechanisms to stop sensitive data from leaving a security boundary.||”|
|“||the identification and safeguarding of information that should have controlled or limited distribution, that is, data that should not be in the public domain.||”|
|“||refers to software which monitors and detects data being written to external media or transferred out of an organization (e.g., e-mail).||”|
Example data types that should be covered by data loss prevention efforts include (but are not limited to)
- Information formally classified by the U.S. Government as confidential, secret, or top secret;
- Information not formally classified, but which has been labeled for limited distribution (For Official Use Only, Sensitive But Unclassified, and similar terms);
- Information covered by the Privacy Act of 1974 or other Personally Identifiable Information (PII) designated as not for public release;
- Proprietary vendor information — information released by contractors and other entities to the Federal government for its internal use only.
DLP is the umbrella term used for efforts to ensure that limited distribution data is only available as authorized. Controls on limited distribution data include both data at rest (data temporarily or permanently stored in any way, including but not limited to physical drives and non-volatile or volatile memory), data in motion (data being transmitted within a device or between devices by any means), and data in processing (data being acted on by a process).
Mobile devices Edit
Mobile infrastructure data loss prevention focuses on preventing restricted information from being transmitted to mobile devices, or from mobile devices to unauthorized locations outside the organization. A DLP solution monitors all traffic flowing to mobile devices from the organizational infrastructure, validating the traffic against a set of pre-defined words, phrases, images, and patterns that are considered too sensitive to leave the enterprise boundary. DLP solutions may also be configured to monitor traffic sent from mobile devices to entities outside the enterprise boundary. Traffic that contains sensitive information is either blocked or logged for future investigation.
- ↑ NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
- ↑ Mobile Security Reference Architecture (document), at 87.
- ↑ DHS Information Sharing and Safeguard Strategy, at 13 n.19.
- "Overview" section: Mobile Security Reference Architecture (document), at 87.
- "Mobile devices" section: Id. at 11.