I am looking to start a Data Loss Prevention program/project. Can you share any information/guidance on key dependencies prior to starting or that must be dealt with early on in the project/program that are keys to success?  

414 views1 Upvote7 Comments

CIO/CISO in Software, 10,001+ employees
First of all, before selection of any software I would recommend to define\agree realistic scope of the DLP: what data and what type of data to control, where, what actions trying to control, what you would like to block and what to monitor, what employees are in scope (you may have significantly different controls for different type of employees), etc.
Don't forget to involve at least colleagues from Legal, Risk management and HR Compliance.
Software is important, but it is just secondary    
Director of IT in Healthcare and Biotech, 10,001+ employees
At a level, it's going to require extensive preparation, planning, and knowledge of the organization's data ecology. Identifying data to safeguard, detecting possible data departure ports, adopting suitable technical solutions, and establishing a data security culture are essential dependencies.

Balancing data security and operational efficiency is difficult. It's crucial for DLP success and organizational resiliency. 
Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech, Self-employed
Microsoft has a good walkthrough that isn't product dependent. Here's the link https://learn.microsoft.com/en-us/microsoft-365/compliance/dlp-overview-plan-for-dlp?view=o365-worldwide
Principle Consultant in IT Services, Self-employed
One of the first things you need to do it to understand what types of data does your company have, what is the importance of each type of data to the company, where is that data today, where should it be? Then, you can start with the highest importance and the data at the most risk to being exposed.
Senior Director, Information Technology in Software, 1,001 - 5,000 employees
Build a risk matrix of all your organization's data sources, information, and their importance.    Use this inventory to assign and manage risk on data loss.   Numerous products are available to support your project based on the risk matrix and data sources.
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
I would suggest the following steps- 

1. Try to address why your organization want the DLP solution, please go to the granular level.
2. What is your current Tech infra.
3. Security expectancy of the employees
4. ROI,
5. Measurement mechanism 
Senior VP & CISO, 1,001 - 5,000 employees
Dependencies to consider are culture and executive support. After that consider how you execute and track effectiveness. Don't boil the ocean. Start small - no more than 5 use cases 

Content you might like

Strategies to prevent ransomware from impacting data backup & recovery28%

What it will take to restore minimal operations after a compromise56%

How prepared the organization is to engage law enforcement in the event of an attack11%

How prepared it is to engage cybersecurity investigators3%

Other (share below)0%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41.4k views131 Upvotes319 Comments