scholarly journals USING THE ADAPTED DLP SYSTEM FOR BLOCKING INFORMATION LEAKS

2018 ◽  
pp. 52-57
Author(s):  
T. A. Andryianava ◽  
S. B. Salomatin
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Data Type ◽  
Transmission Channel ◽  
System Operation ◽  
Confidential Information ◽  
Staff Members ◽  
Corporate Network ◽  
Event Capture ◽  
Transition Procedure

The importance of using the adapted DLP-system in the «Blocking» mode of leaking confidential information of the company is investigated. The scheme of interception of information security events in the «Copy» mode is given, the analysis of which reflects the main drawback of using this mode – the DLP-system works only with copies of confidential documents, while the originals were delivered to the recipient. Such cases inflict enormous damage on companies, so the transfer of critical information beyond the corporate network is unacceptable.A solution is proposed for transferring the operation of the DLP-system from the «Copy» mode to the «Blocking» mode. It is important that the operation of the DLP-system does not hinder the staff members from performing regular operations and does not hinder business processes. Therefore, it is mandatory to adapt the standard DLP-system to the specifics of the company’s activities. After that the transition of the adapted DLP-system to the «Blocking» mode is carried out.Developed: the transition procedure of the adapted DLP-system from the «Copy» mode to the «Blocking» mode, the scheme of the event capture by the DLP-system for the two modes. The main channels of data leaks were investigated, the main leaks were identified by the data type and by the transmission channel. The analysis of the DLP-system operation in the «Blocking» mode is performed.

scholarly journals DLP: REDUCED RISK OF LEAKAGE OF CONFIDENTIAL INFORMATION OF THE BANK

2017 ◽  
pp. 76-82
Author(s):  
T. A. Andryianava ◽  
S. B. Salomatin
Keyword(s):  
Information Security ◽  
Incident Detection ◽  
Confidential Information ◽  
Research Application ◽  
Critical Information ◽  
Security Officers ◽  
Corporate Network ◽  
Transfer Of Information ◽  
Corporate Information ◽  
Selection Of

Research application of DLP-system for protection of confidential information, a methodology for adapting the DLP-system to the specific activities of the organization, comparative analysis of the results of standard and adapted DLP-systems in the Bank. Developed: a technique for analyzing information security events, algorithm for responding to identified events, methodology and procedures for adapting the standard DLP-system to the specifics of the Bank’s activities. The methodology for adapting a standard DLP-system to the specifics of the Bank’s work consists of the following activities: identification of critical corporate information categories, audit of information systems, description of current risks and their assessment, introduction of rules for Bank’s critical information and setting up a DLP system in accordance with the specifics of the Bank’s work. Modernization of the configuration of a standard DLP-system includes the following procedures: selection of confidential information of the Bank based on membership criteria, setting up detection, creating perimeters and developing an algorithm for responding to identified information security events in the Bank. The algorithm is designed to improve the efficiency of the response of information security officers in cases of incident detection and describes the stages of the subsequent actions. The results of the research prove that using an adapted DLP-system significantly reduces the number of false positives, increasing the accuracy of detecting confidential information and reducing the risk of leakage of critical information outside the corporate network. The application of the adapted DLP-system in the Bank allowed to increase the speed of response of information security specialists to the information security events detected by the DLP-system adapted to the Bank, and also allowed the DLP-system to transition from the copy mode to the blocking mode of illegitimate transfer of information.

The Market Value and Reputational Effects from Lost Confidential Information

2015 ◽  
Vol 5 (4) ◽  
Author(s):  
Joseph K. Tanimura ◽  
Eric W. Wehrly
Keyword(s):  
Information Security ◽  
Market Value ◽  
Direct Costs ◽  
Publicly Traded ◽  
Confidential Information ◽  
Publicly Traded Companies ◽  
Security Breaches ◽  
Customer Information ◽  
Employee Information

According to many business publications, firms that experience information security breaches suffer substantial reputational penalties. This paper examines incidents in which confidential information, for a firms customers or employees, is stolen from or lost by publicly traded companies. Firms that experience such breaches suffer statistically significant losses in the market value of their equity. On the whole, the data indicate that these losses are of similar magnitudes to the direct costs. Thus, direct costs, and not reputational penalties, are the primary deterrents to information security breaches. Contrary to many published assertions, on average, firms that lose customer information do not suffer reputational penalties. However, when firms lose employee information, we find significant reputational penalties.

scholarly journals Improved Algorithm of Steganography Combined with Cryptography

2021 ◽  
Vol 9 (VI) ◽  
pp. 3793-3804
Author(s):  
Anees Banu
Keyword(s):  
Information Security ◽  
Multimedia Information ◽  
Secret Data ◽  
Confidential Information ◽  
Additional Layer ◽  
Confidential Data ◽  
The World ◽  
Cryptographic Algorithms ◽  
Written Form ◽  
Improved Algorithm

When it comes to preventing unauthorised access to, destruction of, or inspection of confidential data, information security has always been a major factor. Multimedia information is now used in every field throughout the world. The confidential information that is used in these areas must be kept secure. There are a variety of methods for keeping data secure. One of these is steganography, which is concealing information within other data into a format that the cover information remains unchanged. Cryptography, an encryption process that scrambles data into a written form that is sometimes referred to as a hash, is an auxiliary approach for securing information. Steganography and cryptography each have their own set of benefits and drawbacks. Even though both technologies give security, it is usually a good practise to combine Cryptographic algorithms to create additional layers of security. When cryptographic with steganography are combined, a multi-layer security paradigm is created. The proposed work's main goal is to add an additional layer of protection by using cryptography and steganography to encrypt and embed secret data conveyed across an insecure channel.

scholarly journals AUTOMATED SYSTEM FOR ESTIMATION-EFFICIENCYSOFTWARE MEANS OF IN-FORMATION PROTECTION

2019 ◽  
Vol 2019 (2) ◽  
pp. 25-32
Author(s):  
Алексей Горлов ◽  
Aleksey Gorlov ◽  
Михаил Рытов ◽  
Mikhail Rytov ◽  
Дмитрий Лысов ◽  
...  
Keyword(s):  
Information Security ◽  
Automated System ◽  
Security Threats ◽  
Information Protection ◽  
Technical Documentation ◽  
Confidential Information ◽  
Hardware System ◽  
Material Costs ◽  
Software And Hardware

This article discusses the process of automating the assessment of the effectiveness of software and hardware information protection by creating an automated system. The main functions of the proposed system are: conducting an audit of information security, forming a model of information security threats, forming recommendations for creating a software and hardware system for protecting information, and creating organizational-technical documentation. The developed automated system for evaluating the effectiveness of software and hardware protection of information allows in an automated way to build a model of information security threats, to form organizational and technical documentation governing the protection of confidential information, and also to make recommendations for improving the software and hardware system for protecting information. The use of this system will significantly reduce the time and material costs of auditing information security and developing additional measures to protect information.

scholarly journals Conceptual principles for ensuring effective protection of information in the context of economic security of the enterprise

2020 ◽  
pp. 84-92
Author(s):  
A.V. Pecheniuk
Keyword(s):  
Information Security ◽  
Information And Communication Technologies ◽  
Security Policy ◽  
Criminal Responsibility ◽  
Economic Security ◽  
Information Policy ◽  
Security System ◽  
Theory And Practice ◽  
Confidential Information ◽  
Information Security Policy

The necessity of formation of an effective information security system of the enterprise is substantiated. It is emphasized that when designing an information policy, the firm must comply with the requirements of the current legislation, take into account the level of technical support, especially the regulation of employees' access to confidential information, etc. It is stated that the costs of organizing information security measures should be appropriate to its value. The article identifies major threats that could be breached by confidential information. The list of the main normative legal acts aimed at bringing to civil, administrative and criminal responsibility for illegal collection, disclosure and use of information constituting a trade secret. The main stages of building an information security policy are summarized, the most common types of information threats related to the use of modern computer technologies are described. The necessity of developing a domestic original accounting (management) program that could be used in the long term by the vast majority of Ukrainian enterprises is pointed out. There are three groups of tools that are applied in the theory and practice of information security of the enterprise (active, passive and combined), emphasizing the need for planning and continuous monitoring in real time of all important processes and conditions that affect data security. It is noted that even if the information security system is built taking into account all modern methods and means of protection, it does not guarantee one hundred percent protection of the information resources of the enterprise, but a well-designed information security policy allows to minimize the corresponding risks. Key words: information security, information policy, information security, confidential information, information threats, information and communication technologies, software.

scholarly journals INFORMATION SECURITY AS A COMPONENT OF THE ECONOMIC SECURITY OF THE ENTERPRISE

2021 ◽  
pp. 119-129
Author(s):  
Vera Shumilina ◽  
Elena Tetunashvili
Keyword(s):  
Information Security ◽  
Information Leakage ◽  
Economic Security ◽  
Confidential Information ◽  
Unauthorized Access ◽  
Modern Enterprise

The article is devoted to the study of information security as an integral part of the economic security of any modern enterprise. Threats are described that can lead to disclosure of confidential information, leakage of confidential information, unauthorized access to protected information, etc. Means and ways of countering the presented threats are also given

scholarly journals Analysis of Information Technology Security Management UKSW SIASAT Using ISO/IEC 27001:2013

2021 ◽  
Vol 5 (2) ◽  
pp. 68
Author(s):  
Andeka Rocky Tanaamah ◽  
Friska Juliana Indira
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Security Management ◽  
Standard Operating Procedure ◽  
Job Descriptions ◽  
Christian University ◽  
Academic Administration ◽  
Access Rights ◽  
Academic Information ◽  
Iec 27001

IT security management is essential for organizations to notice the occurring risks and opportunities because they will profoundly affect the ongoing business processes within the organization. The Satya Wacana Academic Information System, more often called SIASAT, is an IT component playing an essential role in running core business processes at Satya Wacana Christian University under the control of the Information Systems and Technology Bureau. At this time, the implementation of SIASAT has been going well, but there are still some obstacles. Lack of human resources is one of the findings and one it becomes of the most significant risks as it affects the use of infrastructure and information security. This research was conducted using the international standard ISO/IEC 27001:2013, prioritizing information security by taking a planning clause focusing on risk assessment. From the results of this study, there were nine recommendations given. Some of which were the most important, i.e., creating separated standard operating procedure documents for SIASAT, which previously were still affiliated with the Academic Administration Bureau; distributing job descriptions; and providing clear and documented access rights for everyone. It is expected that this research can reduce the occurring risks and can be considered for establishing improvements to enhance academic services in the future.

Database Encryption for Balance Between Performance and Security

2021 ◽  
pp. 1-9
Author(s):  
André Gomes ◽  
Carla Santos ◽  
Cristina Wanzeller ◽  
Pedro Martins
Keyword(s):  
Information Security ◽  
Confidential Information ◽  
Digital World ◽  
Database Encryption ◽  
World Information ◽  
A Company

In an increasingly digital world, information security is a very recurring theme and a growing concern for companies. This involves the protection of data and confidential or non-confidential information of a company, which transit between all its sectors and between the organization and its stakeholders.

Sign in / Sign up

Export Citation Format

Share Document