Methodology for Data Loss Prevention Technology Evaluation for Protecting Sensitive Information

##plugins.themes.bootstrap3.article.main##

Gabriel Lopez

Neil Richardson

Jorge Carvajal



Resumen

Resumen: El presente trabajo de investigación propone una metodología para la evaluación de un sistema que previene la fuga de información sensible para una organización. La metodología posee un ámbito para abarcar tanto software libre como comercial en instituciones públicas o privadas. La propuesta de metodología está basada en buenas prácticas de la ISO 27001, investigaciones relacionadas, y características de tecnología líder en prevención de fuga de información. El propósito principal de artículo académico es cubrir el faltante de una investigación que proponga una evaluación integral de la tecnología de DLP utilizando el método científico, y además relacionarlo con las leyes ecuatorianas referentes a la privacidad y la nueva matriz productiva del buen vivir de la República del Ecuador.

Abstract: This investigation proposes a methodology for the evaluation of Data Loss Prevention Systems in order to secure sensitive information for the organizations. The methodology will be able to cover open source and commercial software in public or private institutions. The methodology proposal is based on the recommendations of the ISO 27001, related investigations, and characteristics of leading technology in data loss prevention (DLP). The main contribution of the academic paper is to cover the flaw of the state of the art in DLP technology evaluation, since no other investigation related specifically to this topic has used the scientific method. Also, the criteria used to develop the proposed methodology in this paper is based on the Ecuadorian laws related to information privacy and the new productive matrix of the Republic of Ecuador.

 

Descargas

Descargas

Los datos de descargas todavía no están disponibles.

Detalles del artículo

Biografías de los autores/as

Gabriel Lopez, Escuela Politécnica Nacional, Facultad de Ingeniería Eléctrica y Electrónica

Docente de la Escuela Politécnica Nacional

Neil Richardson, Sheffield Hallam University, Faculty of Arts, Computing, Engineering and Sciences

Docente de Sheffield Hallam University

Jorge Carvajal, Escuela Politécnica Nacional, Facultad de Ingeniería Eléctrica y Electrónica

Docente Escuela Politécnica Nacional

Citas

GHOSH, Mahuya (2010). Telecoms fraud. [online]. Computer fraud & security, 2010 (7), 14-17. [online]. Last accessed 01 October 2014.

BS ISO/IEC 27001:2013: Information technology. security techniques. information security management systems. requirements. (2013).

WIKILEAKS (2014). Latest Releases/WikiLeaks Archives. [online]. Last accessed 01 October 2014 at: https://www.wikileaks.org/.

THEGUARDIAN (2013). Edward Snowden: the whistleblower behind the NSA surveillance revelations. [online]. Last accessed 01 October 2014 at: http://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance.

BLAKELY Benjamin, and EVANS Nate (2009). Perimeter DLP tools require fine tuning to effectively block 'bad' data from escaping the network [online]. Network World, Inc. Network World, Last accessed 01 October 2014 at: http://www.networkworld.com/article/2259775/security/best-data-loss-prevention-tools.html

BLAKELY Benjamin, RABE Mark AND DUFFY Justin (2009). Block data leaks at the endpoint; TrendMicro, websense offer effective protection against insider security breaches. [online]. Network World, Inc. Network World, 44 Last accessed 09 April 2014 at: http://shu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwXV1BCgIxDAziCxb0F5U2aUl7Fpd9wH6gSVpv_v9oFjyo54QcZyYMzAAQ3mL4wwRXGcxRLc5pXWrLiF3G4epkMi7yE2PwBfDrAqfxusC-Pvb7Fj79AOHJlAI3S9P51Fnb79XeWlElTWiaxReObCkSw65silYKDWnqg1rTyK40rnD2F3u8AZEOKqU.

BLAKELY Benjamin, RABE Mark AND DUFFY Justin (2010). McAfee, Sophos shine in test of data loss prevention tools that can do it all [online]. Network World, Inc. Network World, Last accessed 01 October 2014 at: http://www.networkworld.com/article/2205740/network-security/data-loss-prevention-comes-of-age.html

MOGULL Rich (2010). Understanding and Selecting a Data Loss Prevention Solution. [online]. Websense. Last accessed 01 October 2014 at: https://securosis.com/assets/library/reports/Understanding_and_Selecting_DLP.V2_.Final_.pdf

KANAGASINGHAM Prathaben (2008). Data Loss Prevention. [online]. SANS Institute. Last accessed 09 April 2014 at: https://www.sans.org/reading-room/whitepapers/dlp/data-loss-prevention-32883

LEFEBVRE, William (1999). Regular expressions. Performance computing, 17 (11), 49-51. . [online]. Last accessed 06 October 2014 at: http://search.proquest.com.lcproxy.shu.ac.uk/docview/237179854/abstract?accountid=13827#

Loachamín, D. S. G., & Lanchas, V. M. (2014). Arquitectura Distribuida para la Respuesta Automática a Intrusiones en un IRS Basado en Ontologías. Revista Politécnica, 33(1).

BEALE, Jay (2007). Snort IDS and IPS toolkit. Burlington, MA, Syngress Publishing, Inc.

MICROSOFT (2014). Data Loss Prevention. [online]. Last accessed 07 October 2014 at: http://technet.microsoft.com/en-gb/library/jj150527(v=exchg.150).aspx

MyDLP (2013). MyDLP Administration Guide. [online]. Last accessed 07 October 2014 at: http://www.mydlp.com/wp-content/uploads/Myministration-Guide.pdf

BUNKER, Guy and FRASER-KING, Gareth (2009). Data leaks for dummies. Chichester; Hoboken, N.J, Wiley Publishing, Inc.

DSPACE (2014). About DSpace. . [online]. Last accessed 07 October 2014 at: http://www.dspace.org/introducing

ALFRESCO SOFTWARE. (2014). About Alfresco. [online]. Last accessed 02 October 2014 at: http://www.alfresco.com/

Secure Computing (2008). Secure Computing in Leaders Quadrant. [online]. Last accessed 09 October 2014 at: http://www.securecomputing.com/magicquadrantweb2008-gartner.cfm

Ecuador. (2002). Ley de comercio electrónico, firmas electrónicas y mensajes de datos. Corporación de Estudios y Publicaciones.

UPP, Victor (2006). The sage dictionary of social research methods. [online]. Thousand Oaks, Calif; London, SAGE Publications. at: http://shu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwY2AwNtIz0EUrE8zMDRLTjExTzRItDVNA2lKTkyySzBJBywKTDZLTUI4xQCrg3YQYmFLzRBlk3FxDnD10izNK46HDGvFJhuagtjuwQy7GwJsIWg6eVwLeNpYiwaCQamZpkWieZJpqYZZiYmKelJgCrBkNUlOBzfUky2Rzc0kGUaxmAQD2fjIP.

GILL, John, JOHNSON, Phil and CLARK, Murray (2010). Research methods for managers. [online]. Los Angeles, [Calif.]; London, SAGE. at: http://shu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwY2AwNtIz0EUrEwyNkpONQFWLUZqBmUFiSqqBkWVqinmaZQrosBLwmUmIYwyQCng3IQam1DxRBhk31xBnD93ijNJ46LBGfJKhqTn4LBEjMQbeRNBy8LwS8LaxFAkGBYNksyRw5yUxKc0kKcnMIi3F2Ngy2TLZ1MLMNNHETJJBFKtZADGjMKk.

León, M. (2009). Cambiar la economía para cambiar la vida. El Buen Vivir. Una vía para el desarrollo, 63-74.

SAUNDERS, Mark, LEWIS, Philip and THORNHILL, Adrian (2012). Research methods for business students. [online]. Harlow, Pearson. at: http://shu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwY2AwNtIz0EUrE9KSUszMDZNMDZINkoyNUgxMTdNSjIzTLBJT08wNktLMUI4xQCrg3YQYmFLzRBlk3FxDnD10izNK46HDGvFJhuagzgOw_hZj4E0ELQfPKwFvG0uRYFCwTAW2w5PTksyNTRJNDC0MEtPSzFOTkgxNLcwMDVOT0yQZRLGaBQDHiTH4.

GHAURI, Pervez N. and GRØNHAUG, Kjell (2010). Research methods in business studies. [online]. Harlow, Financial Times Prentice Hall. at: http://shu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwY2AwNtIz0EUrEyxTjQzTEtOSDE1SUkySTJKSjZJT04BN5VQLSzPDJMNklGMMkAp4NyEGptQ8UQYZN9cQZw_d4ozSeOiwRnySoTnoXFtgHSTGwJsIWg6eVwLeNpYiwaBgnmpiYZlsYJxkCayDzFOTEoH9jrQ0i9REC9C-lERDSQZRrGYBANisMZU.

COLLIS, Jill and HUSSEY, Roger (2014). Business research: A practical guide for undergraduate and postgraduate students. [online]. Basingstoke, Hampshire, Palgrave Macmillan. at: http://shu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwY2AwNtIz0EUrE8ySU9KATYE086TkVFMDs1TLlJTkZKO0NMOkxLREY8ilEfBjDJAKeDchBqbUPFEGGTfXEGcP3eKM0njosEZ8kqG5hQmwg2VhJMbAmwhaDp5XAt42liLBoGBpnmxskWRumGhikWYC2u1pbGRgnpYGtNTQzCjNJFWSQRSrWQANaDIS.

File Extensions (2014). Microsoft Office File Extensions. [online]. Last accessed 07 October 2014 at: http://www.file-extensions.org/filetype/extension/name/microsoft-office-files

SCHNEIER, Bruce (1996). Applied cryptography: Protocols, algorithms and source code in C. [online]. Wiley. at: http://shu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwY2AwNtIz0EUrEyxSUwzSUk3NEpNTgGnM0tQ0DbTpMTHJwDgx1dIUPLKNOMYAqYB3E2JgSs0TZZBxcw1x9tAtziiNhw5rxCcBayZDc2B1aiTGwJsIWg6eVwLeNpYiwaBgmJScaATadGlkmmaSkgIsg43N0kyAjXfQr

PAVLOV (2014). 7-Zip. [online]. Last accessed 06 October 2014 at: http://www.7-zip.org/

OpenDLP (2012). OpenDLP 0.5.1 README. [online]. Last accessed 06 October 2014 at: https://code.google.com/p/opendlp/downloads/detail?name=README-0.5.1&can=2&q=

MyDLP (2013). MyDLP Administration Guide. [online]. Last accessed 07 October 2014 at: http://www.mydlp.com/wp-content/uploads/Myministration-Guide.pdf

De Transparencia, L. (2004). acceso a la información pública. Registro Oficial, 337.

ORACLE (2014). MySQL. [online]. Last accessed 05 October 2014 at: http://www.mysql.com/