Datasheet
26
Part I: Building the Background
you’ve considered all the options. A much wider approach is needed, taking
into account such vital data-management activities as these:
✓ Creating data-protection policies
✓ Classifying your data
✓ Organizing data storage into tiers
✓ Archiving your data
✓ Encrypting your data
✓ Digital rights management
✓ Discovery of confidential data
✓ Applying data policies consistently
Technology by itself can prevent small-scale stuff — say, keep an engineer
from copying confidential CAD diagrams to a USB stick, or prevent a call-
center representative from inappropriately copying the customer database
to a CD-ROM or DVD. Technology can even manage offline machines and
remote office systems. And it can give on-screen warnings and notifications
to employees who attempt to violate a company’s data-leak prevention (DLP)
policies. What it can’t do is manage the growth and development of the
cyber-criminal’s arsenal, or catch and correct the inconsistent practices of
the end-user.
Much of what we do that’s called “user error” happens simply because we
don’t know what we’re doing wrong. One more thing technology can’t do:
Write the policies and procedures in the first place.
A mind map of data loss
The subject of data leaks is huge. You might think it impossible to put on
a single page — but we have: Figure 1-4 shows a mind map that provides
a bird’s-eye view of data loss. In essence, this diagram shows all the major
components that make up the data-loss problem. Each area is then subdi-
vided further. It’s an example of a holistic view — a Big Picture.
05_388433-ch01.indd 2605_388433-ch01.indd 26 1/23/09 9:36:08 PM1/23/09 9:36:08 PM