A framework for data loss prevention using document semantic signature

Alhindi, Hanan

22 November 2019

The theft and exfiltration of sensitive data (e.g., state secrets, trade secrets, company records, etc.) represent one of the most damaging threats that can be carried out by malicious insiders against institutions and organizations because this could seriously diminish the confidentiality, integrity, and availability of the organization’s data. Data protection and insider threat detection and prevention are significant steps for any organization to enhance its internal security. In the last decade, data loss prevention (DLP) has emerged as one of the key mechanisms currently used by organizations to detect and block unauthorized data transfer from the organization perimeter. However, existing DLP approaches face several practical challenges, such as their relatively low accuracy that in turn affects their prevention capability. Also, current DLP approaches are ineffective in handling unstructured data or searching and comparing content semantically when confronted with evasion tactics where sensitive content is rewritten without changing its semantic. In the current dissertation, we present a new DLP model that tracks sensitive data using a summarized version of the content semantic called document semantic signature (DSS). The DSS can be updated dynamically as the protected content change and it is resilient against evasion tactics, such as content rewriting. We use domain specific ontologies to capture content semantics and track conceptual similarity and relevancy using adequate metrics to identify data leak from sensitive documents. The evaluation of the DSS model on two public datasets of different domain of interests achieved very encouraging results in terms of detection effectiveness. / Graduate

Document Semnatic signature

data loss prevention

semantic similarity

semnatic relevance

Nasazení kontextového DLP systému v rámci zavádění ISMS / Deployment of the Context DLP System within ISMS Implementation

Imrich, Martin

January 2015

This diploma thesis focuses on a DLP implementation within a specific organization. The thesis contains current situation analysis and provides decision for choice of the most suitable DLP based on the analysis findings. Eventually describes a real implementation of the chosen DLP system within the organization.

Telemetry Post-Processing in the Clouds: A Data Security Challenge

Kalibjian, J. R.

10 1900

ITC/USA 2011 Conference Proceedings / The Forty-Seventh Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2011 / Bally's Las Vegas, Las Vegas, Nevada / As organizations move toward cloud [1] computing environments, data security challenges will begin to take precedence over network security issues. This will potentially impact telemetry post processing in a myriad of ways. After reviewing how data security tools like Enterprise Rights Management (ERM), Enterprise Key Management (EKM), Data Loss Prevention (DLP), Database Activity Monitoring (DAM), and tokenization are impacting cloud security, their effect on telemetry post-processing will also be examined. An architecture will be described detailing how these data security tools can be utilized to make telemetry post-processing environments in the cloud more robust.

Data security

network security

cloud computing

Enterprise Rights Management (ERM)

Enterprise Key Management (EKM)

Data Loss Prevention (DLP)

Database Activity Monitoring (DAM)

tokenization

Monitoring a analýza uživatelů systémem DLP / Monitoring and Analysis of Users Using DLP System

Pandoščák, Michal

January 2011

The purpose of this masters thesis is to study issues of monitoring and analysis of users using DLP (Data Loss Prevention) system, the definition of internal and external attacks, the description of the main parts of the DLP system, managing of politic, monitoring user activities and classifying the data content. This paper explains the difference between contextual and content analysis and describes their techniques. It shows the fundamentals of network and endpoint monitoring and describes the process and users activities which may cause a data leakage. Lastly, we have developed endpoint protection agent who serves to the monitoring activities at a terminal station.

Návrh koncepce prevence ztráty dat / Design of conception of data loss prevention

Brejla, Tomáš

January 2011

This work deals with the making of conception of implementation of processes and software tools designed to ensure sensitive data leakage prevention from the organization infrastructure. The structure consists of three key parts. The first one describes theoretical basis of the work. It explains what is the data loss prevention, what it comes from, why it is necessary to deal with it and what its goals are. It also describes how this fits into the whole area of corporate ICT security environment. There are defined all the risks associated with leakage of sensitive data and there are also defined possible solutions and problems that are associated with these solutions. The first part also analyzes the current state of data loss prevention in organizations. They are divided according to their size and for each group there is a list of the most common weaknesses and risks. It is evaluated how the organizations currently solve prevention of data loss and how they cover this issue from both a procedural point of view and in terms of software tools. The second part focuses directly on the software tools. It is characterized the principle of operation of these systems and it is explained their network architecture. There are described and evaluated current trends in the development of the data loss prevention tools and it is outlined possible further development. They are divided into different categories depending on what features they offer and how these categories cover the needs of organizations. At the end of the second part there are compared the software solutions from leading vendors in the market against actual experience, focusing on their strengths and weaknesses. The third part presents the core content. IT joins two previous sections and the result is the creation of the overall concept of the implementation of data loss prevention with focus on breakdown by several different levels -- processes, time and size of the company. At the beginning of this third section it is described what precedes the implementation of data loss prevention, and what the organizations should be careful of. It is defined by how and what the organizations should set their own expectations for the project could be manageable. The main point is the creation of a procedure of data loss prevention implementation by creating a strategy, choice of solutions, to the implementation of this solution and related processes. The end of the third part deals with the legal and personnel issues which are with the implementation of DLP very closely related. There are made recommendations based on analysis of the law standards and these recommendations are added to the framework approach of HR staff. At the very end there are named benefits of implementing data loss prevention, and the created concept is summarized as a list of best practices.

Modul rozšiřující funkcionalitu GDPR řešení / Module Extending Functionality of GDPR Solution

Janeček, Vít

January 2018

The goal of this thesis is to introduced the principles of access control technologies, the General Data Protection Regulation and the software for data leakage protection. An essential part of the work is a draft and implementation of the expansion module for user device authentication including shared storage access authorization. Therefore, this module allows to verify whether a user can access shared corporate resources. It also allows to enable or disable access based on specified attributes, such as the type of the protected service or user permission. The basic verification of the module's functionality is realized through different sets of tests and a virtual environment that simulates the corporate environment. The result of the draft is a module that allows to verify access based on the device, and this module is moreover integrated into the Safetica security platform.