For stationary and mobile computing threat model are slightly different. For both these types there is a common set of methods of leak of confidential information. For example, the unauthorized printing, copying data to removable storage devices, the consequences of actions of malicious programs (eg, spyware), etc.
With respect to mobile computers add another threat - the risk of accidental physical loss or theft of laptops with sensitive information. In the case of stationary PCs probability of such an event tends to zero (cases steal office with the removal of computer equipment are rare.) Laptop is lost, according to reports in the press, quite regularly. Thus, if the desktops need a DLP-system, which controls all the main channels of data leakage, it is additionally required for mobile encryption of confidential information.
We do not knowingly have mentioned that computers have long been the main channel of leakage of confidential information. According InfoWatch in 2010, they accounted for 37% of all leaks. In 2011 the situation has changed sufficiently. The share of computers in the leakage was reduced to 20.5%, or decreased by more than 1.5 times. SecurIT cites other figures -22.5% in 2010 and 14.5% in 2011. However, the overall downward trend in the share of computers is available. However, and the remaining digits is more than enough to treat the channel with the utmost seriousness.
You can also mention the fact that the percentage of leakage attributable to the mobile computers is gradually reduced (data InfoWatch in 2010, their share has decreased by about 1.5%, and in 2011 - 2.4%). Apparently, numerous publications in the press were not in vain, but because the notebooks were taken more seriously, using encryption.
Another reason, forced to speak about computers as the main channel leaks of confidential information, is the following fact. According to research, they just take a huge proportion of intentional data leakage. According InfoWatch, in 2010 they accounted for 53% (39% on desktops and servers, and 14% for laptops), and in 2011 - 21.2% (15.4% for fixed and 5.8% for mobile computers ) of all such incidents. Meanwhile, the deliberate leakage are the most serious threat and lead to very unpleasant consequences.
If you read the press, it may seem that the removable drives are hardly the main source of all problems. Journalists love to talk about lost or stolen "stick" and mobile drives with sensitive information. But, in fact, removable hard drives are becoming the cause of the incidents are relatively rare. According InfoWatch in 2010 was associated with only 8% of data leaks. The number in the report SecurIT bit more - 12.6%. In 2011, the proportion of removable storage devices has decreased. According SecurIT they had only 6.3%, and according to InfoWatch - 6,2% of the total number of incidents involving leaks of confidential data.
The reason is quite simple. Despite the fact that all kinds of USB-drives are widely used, they are not often used for transport, and even more so, storing sensitive data. In addition, this channel is relatively easy to control. Simply enter the required data encryption at the enterprise "thumb drives" to protect them in case of loss of drive.
Recommendations such as "stick to decline through most of them leaked" pretty arbitrary, since statistics are leaks through the compensatory distributed, for example, according to our estimates, in 2011 the share of leaks via e-mail was significantly reduced from 18 to 3%, but significantly increased the number of incidents associated with the use of various web services, the popularity of which in general is growing exponentially. The approach to data protection must be flexible. First, you need to monitor the constant changes in the structure of threats, and secondly - to strive for comprehensive protection, rather than plugging some holes.
Source: http://orionpookie.blogspot.com/2012/08/computer-channel-leaks-of-confidential.html
ener1 national chocolate cake day epstein joshua komisarjevsky barney frank barney frank rob gronkowski
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.