The InfoSec Blog

Does ISO 27001 compliance need a data leakage prevention policy?

Posted by Anton Aylward

On one of the ISO-27000 lists I subscribe to I commented that one should have a policy to determine the need for and the criteria for choosing a Data Loss Prevention mechanism.

The DLP Logo

I get criticised occasionally for long and detailed posts that some readers complain treat them like beginners, but sadly if I don't I get comments such as this in reply

 Anton
  Data Loss is something you prevent; you enforce controls to prevent data
  leakage, DLP can be a programme, but , I find very difficult to support
  with a policy.

Does one have visions of chasing escaping data over the net with a three-ring binder labelled "Policy"?

Let me try again.

Fly Away

Policy comes first.
Without policy giving direction, purpose and justification, supplying the basis for measurement, quality and applicability (never mind issues such as configuration) then you are working on an ad-hoc basis.

Tagged as: , , , , , , , , , , , , , , , Continue reading
   

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

Categories

Archives

Calendar of Posts

July 2017
M T W T F S S
« Nov    
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Meta

Security Links