Administration of Data Loss Prevention Services in Higher Education (166265853)

7/29/2019 Administration of Data Loss Prevention Services in Higher Education (166265853)

http://slidepdf.com/reader/full/administration-of-data-loss-prevention-services-in-higher-education-166265853 1/34

Mike ThompsonSystems and Network Security Analyst

The Pennsylvania State University

[email protected]

Kyle Crain Systems and Network Security Analyst

The Pennsylvania State University

[email protected]



OV E RV I E

W

GeneralInformation

• Glossary

• PSU Overview

Planning Your Deployment

• Governance and Compliance

• Who's Responsible

• Training and Documentation

CompromiseInformation

• After A Compromise

• How DLP Comes Into Play

• DLP Effect on Compromised Machines

Summary

• Lessons Learned

• Key Points

• Historical Information

• Where we Started

• Balancing The Needs

• Define Your Scans

• Dealing With Difficult Areas



GENERAL INFORMATION



DO YOU CURRENTLY HAVE A DATA LOSS PREVENTI ON SOLUTION IN PLACE?

Yes, we are actively scanning/implementing a DLP solution

No, but we plan on implementing one

No, and we have no plans to implement



GL O S S A RY • Software that is installed on a computer;

either the client for Windows or MacClient

• A computer on which the DLP client hasbeen installed

Endpoint

• A collection of settings that defines theway scanning is performed

Policy

• Used generically to mean a campus,college, administrative area, department,or work unit

Unit



P S UDE

P L OY ME NT DE

T A I L S

Item Total

Penn State ~23,000

Commonwealth Campuses 24 (Includes a Hospital and Law School)

DLP Unit Contacts 300+

Administrative Roles 131

Registered Endpoints 21,000+

Centrally Managed Installations 1

Independent Installations 5

Highly Skilled Individuals Responsible

for Running Project2 (0, and 2 Imposters?)



DE P L OY ME NT A ND S U

P P ORT

Security Operations andServices

Unit IT Staff

End User

• Manage Project

• Maintain Infrastructure

• Train & Support Unit IT Staff • Maintain Policy Settings

• Create Documentation

• Generate Install Packages

• Train End Users

• Deploy Client Software

• Review Results• Define Scan Schedules

• Remediation of Data



HI S T ORI C A L

Why the Initial Product was Replaced

IT Staff Requested Reports; Parsed Data; Then Sent to End User

For Remediation

No Ability to Track Progress of Remediation

No Mac Client

Cumbersome to Define Exclusion Areas for False Positives

IT Staff Wanted Control in the Process

Initial DLPProductRollout

Late 2008

CurrentProductLicensed

January2010

Chose not toRenew

Late 2009

InitialProductDiscontinued

Use

June 2010

CurrentProduct

Deployed

April 2010



NE E D S A S S E S S ME NT

Delegate Control of Process to Units

Mac Client

Direct remediation to Fall to the Data Owner

• Centrally Hosted Web Based Application• Scheduled Scan Frequency

• Sizable Subset of Computers that Were Not

Being Scanned

• Provides Visibility to Remediation Actions Taken (If Any)

Picture an

Apple logo sowe don’t get

sued.



PLANNING YOUR DEPLOYMENT



IF YOU HAVE DLP DEPLOYED, IS IT PART OF AN OFFICIAL POLICY?

Yes

No



G OV E RN

A N C E A ND C O

MP L I A N C E

College or Unit Level If Top Level is Not Feasible

DLP Policy Model Awareness Balance Training Resistance

Lives At Top Level of Organization

Integrated AndRespects Existing

Policies

Defines How to Scanand What To Scan Per

State and Federal

Laws

Outlines RemediationProcess and

Consequences for

Inaction

CentralDLP Policy



DE F I NE A M ODE L


Central

IT

Group

Campus A

Campus

B

CampusC

Campus A

CampusB

CampusC

Central Model

Distributed Model

Level of Involvement

Central vs. Distributed

Support Model

Infrastructure



DE F I NE A M ODE L

Auditing and Review

Reporting Structure

Who is Responsible For Remediation


End User IT Staff Other



DE F I NE A M ODE L


Week 1

• UnitContacts

Week 2

• EnterpriseSecurityManager

• CISO

Week 3

• VP – IT• Risk

Management

• Unit FO

Week 4

• Dean,Chancellor or

Administrator

• Internal Audit

Week 5

• CFO• Provost

PSU Reporting Structure



IN YOUR ENVIRONMENT, WHO IS BEST SUITED TO PERFORM PII REMEDIATI ON?

End User

IT Staff

Other (Privacy Group, etc.)



DE F I NE A M ODE L

What Do You Want to Scan?


End User

Machines

File Servers

E-Mail

CommonAreas of

Filesystem

ScanDomain

Controllers

Machines

Without

Profiles

LabEquipment

System FileAreas Within

OS

Don’tScan



GE NE RA T E A WA RE NE S

S

Outreach and Awareness

Make the Project Known…


Personally IdentifiableNumber Chart

Document Shredder Program What’s the Virus On MyComputer

“

”



B A L A N C E

T HE NE E D S

Due Diligence

A Routine, Not a Burden




B A L A N C E

T HE NE E D S


Everyone's Responsibility

Executives

Staff

Faculty



T RA I NI N G

A NDD O C UM

E NT A T I ON


Wiki

Articles

• PSU SpecificProcesses

• Technical Articles

End User

Training

Videos

• Mac Client

• Win Client

Unit IT

Staff

Training

• 3 Hour Basic

• 3 Hour Advanced

• Web Based Q&A

Provided

Support

Resources



DO YOU PLAN ON HAVING STRUCTURED USER TRAINING?

IT staff only

End users only

IT staff and end users

No



U S E RP R

I V A C Y C ON C E

RN S

Dealing with Pushback

Isolated Pockets of Acceptance vs. Resistance


Category Count

Total Downloads 350

Unique Downloads (Users) 205

Users on Latest Version 18

Number of Completed Registrations 6

Self Assessment Program: Data



DO YOU FORESEE OR HAVE EXPERIENCED POCKETS OF RES ISTANCE?

Yes, we anticipate from a few areas

Yes, widespread

No, our users will comply



COMPROMISE INFORMATION



C OMP R O

MI S E D C OMP U

T E RP R O C E S S

30 Day Rule

Carrot v Stick

Preserve

Data &Rebuild

ReportFindings

Scan Host

For PII

(30 DayRule)

Compromise

Detected

piedtype.com



DO YOU SCAN AS PART OF YOUR COMPROMISED COMPUTER PROCESS?

Yes

No, LOL

No, but that is a good idea



N OT I F I C A

T I ON C O S T S

Costs Associated with Each Compromise

Staff Resources To Perform

Notifications

“Damage To Reputation” Loss of Funding

Third Party Costs



C OMP R O

MI S E D C OMP U

T E R S T A T I S T I C S

Previous Tool

47%

17% 16%

11%

0%

5%

10%

15%

20%25%

30%

35%

40%

45%50%

2009 2010 2011 2012

Percentage of Compromised Computers with PII by Year



SUMMARY



L E S S ON S

L E A RNE D

Assess Your Needs and Find the Right Product

Know Your Environment

Policies Need to be In Place Prior to Production

Hard to “Force” (proper) Remediation

Generate Awareness for Project

Otherwise, People Have No Idea What's Running



L E S S ON S

L E A RNE D

Define A Model

Support

Remediation

Support for IT Staff Is Ongoing

Takes Up 2 FTE’s Time and Then Some

Training and Documentation Are Not a Replacement

Need to Strike a Balance Between Business Needs and

Usability

If it’s a Hassle, Users Wont Comply



L E S S ON S

L E A RNE D

Plan For Resistance

Separate Process Should Be Last Resort

Integrate DLP Into Compromised Computer Process



THANK YOU!

QUESTIONS?

Date post:	14-Apr-2018
Category:	Documents
Upload:	educause
View:	215 times
Download:	0 times

Administration of Data Loss Prevention Services in Higher Education (166265853)

Documents