Data Loss and Theft Policies – CompTIA Security+ SY0-401: 2.3

Our data is some of the most important assets in our organization. In this video, you’ll learn about the implementation of data loss and data theft policies.

<< Previous Video: Security AuditsNext: Data Loss Prevention >>

One of the challenges we have with risk mitigation is making sure that we don’t lose resources. If we have data loss, if we have theft, it’s becoming a big concern. And it’s getting bigger and bigger all the time, because we have more and more data on the network than we’ve ever had before.

So this is from a physical perspective a relatively easy set of policies to put in place. There’s usually processes and procedures. When somebody who is a visitor walks into your building, what are the processes in place? Is there a card lock? Are they able to get in? Do they need a badge? Is it someone we’re going to make sure is escorted any time they’re inside of our building? There’s absolutely things we can put in place to prevent some of these things where people are walking in the door and walking out with a laptop. That should not be occurring. And it’s a relatively simple process to put in place.

From a data perspective it becomes a little bit more of a challenge, because it’s so easy to carry data around these days. We can copy data to our MP3 players, a USB key. It’s so simple to plug things in, take a CD-ROM, walk out of the building. It’s in those situations we run into that are sometimes more of a challenge, because it’s very, very difficult to watch what’s going on.

Maybe we’re putting additional policies in place to see when people copy data, when they have access to data, and at least be able to go back over time and figure out what happened when that particular situation occurred. There are threats internally. There are threats externally. We can’t just look at one of those. We need to look at both, and make sure that our policies are set up not just for people that we don’t know, but also people inside of our environment.

Unfortunately, it’s very often the people that we trust inside of our environment that unfortunately are creating problems with loss of data and loss of property. This is, as I mentioned, a bigger and bigger threat every day. We’re putting more and more data on our networks, and more and more information. We need to make sure that we have all of the right policies ready to go should any of these types of data loss or physical loss ever occur.