A company recently experienced several security breaches that resulted in confidential data being
infiltrated form the network. The forensic investigation revealed that the data breaches were
caused by an insider accessing files that resided in shared folders who then encrypted the data
and sent it to contacts via third party email. Management is concerned that other employees may
also be sending confidential files outside of the company to the same organization. Management
has requested that the IT department implement a solution that will allow them to:
Track access and sue of files marked confidential, provide documentation that can be sued for
investigations, prevent employees from sending confidential data via secure third party email,
identify other employees that may be involved in these activities.
Which of the following would be the best choice to implement to meet the above requirements?
A.
Web content filtering capable of inspe4cting and logging SSL traffic used by third party webmail
providers
B.
Full disk encryption on all computers with centralized event logging and monitoring enabled
C.
Host based firewalls with real time monitoring and logging enabled
D.
Agent-based DLP software with correlations and logging enabled
Another badly written question. English is not my first language but even I can write better than that. The question should read as follows:
A company recently experienced several security breaches that resulted in confidential data being infiltrated form the network.
The forensic investigation revealed that the data breaches were caused by an insider accessing files that resided in shared folders who then encrypted the data and sent it to contacts via third party email.
Management is concerned that other employees may also be sending confidential files outside of the company to the same organization.
Management has requested that the IT department implement a solution that will allow them to:
Track access and of files marked confidential, provide documentation that can be for investigations,
prevent employees from sending confidential data via secure third party email,
identify other employees that may be involved in these activities.
Which of the following would be the best choice to implement to meet the above requirements?
In addition to that, the data is not being “infiltrated”. Quite the opposite: It is being “exfiltrated” as data is not “coming in” but it is rather “going out”
So we have two concepts in here pointing to the correct answer:
1) DATA EXFILTRATION:
• Data exfiltration, also called data extrusion, is the unauthorized transfer of data from a computer.
• Such a transfer may be manual and carried out by someone with physical access to a computer or it may be automated and carried out through malicious programming over a network.
• To prevent data exfiltration, administrators should create strict IT controls for both physical and digital security. Such controls may include the use of data leak/loss prevention (DLP) products to inspect and/or deny egress traffic from carrying unauthorized content beyond the perimeter of the enterprise and policies for role-based access control (RBAC), encryption, consumerization and password hardening.
2) DLP:
• Data loss prevention software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage).
• The terms “data loss” and “data leak” are related and are often used interchangeably.
Data loss incidents turn into data leak incidents in cases where media containing sensitive information is lost and subsequently acquired by an unauthorized party. However, a data leak is possible without losing the data on the originating side. Other terms associated with data leakage prevention are information leak detection and prevention (ILDP), information leak prevention (ILP), content monitoring and filtering (CMF), information protection and control (IPC) and extrusion prevention system (EPS), as opposed to intrusion prevention system.
1
0