Battle Against Sensitive Data Leakage
8 - 11 Nov 2010 at UNC Cause

UNC Cause Security and Compliance Presentation on the Battle Against Data Leakage. Security programs at universities and in most organizations concentrate on protecting sensitive data from external malicious attacks. Such protection relies heavily on technical controls that might include perimeter security, network/wireless security controls and monitoring, application and software security management and intrusion prevention and detection systems. Such technologies are needed and quite effective.

But we all must be equally concerned about those inadvertent data leaks, like a steady drip from a leaking faucet, that go unnoticed until a data security breach makes the headlines! Data leaks as a result of sensitive data that is e-mailed to users’ home computers, downloaded to flash drives, copied to unencrypted laptops, stored in shadow databases on local computers or improperly destroyed or disposed when no longer needed.

To protect the universities’ sensitive data, we must plan a data-centric approach to our security programs to protect against data leaks. We can never prevent all sensitive data leaks, but steps can be taken to minimize such leaks. This presentation discusses some of the steps taken at East Carolina University to minimize sensitive data leakage, our continual efforts in this battle and explore future options to address this issue.