FierceFinanceFierceFinanceITFierceComplianceIT   FierceCIO

No small task: Aligning DLP and GRC

August 6, 2009 — 9:42am ET | By Jim Kim

When it comes to internal security, we've noted the rise of a relatively new discipline, data loss protection (DLP). Ideally, DLP processes "examine, block and report on unauthorized transmission of data which protects an organization against loss of sensitive and confidential information," notes Information Security Magazine, which also notes that at many companies, two rival camps are forming. The DLP crowd is in one corner and the GRC crowd, which sets the overall strategy and security standards, is in the other. 

Too often, the DLP processes are seen as stop-gap measures that are not necessarily in synch with the overall GRC effort. This is a tough situation for any company, and the compliance and IT folks would be wise to head it off. Here are some basic questions to help you determine if you've got a problem: Does your company have defined security standard process? Is your company under constant attack from the outside? Who owns security? What is the resource to area of coverage ratio?

For more:
- here's the Information Security Magazine essay

Related Articles:
Data loss prevention technology basics
Are you up to speed on data loss prevention?
NYSE data found on public server
Internal auditors vs. info security: Still an issue?

SHARE WITH:
Email Twitter Facebook LinkedIn StumbleUpon
Get Your FREE FierceComplianceIT Email Newsletter:
Be the first to comment

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.