Data Classification and Data Loss Prevention (DLP)

Subject: Management
Pages: 2
Words: 723
Reading time:
3 min
Study level: Bachelor

Summary

The success of a contemporary business largely depends on what data the company has and how it uses it. At the same time, ensuring their security and confidentiality plays an essential role in managing data. This assumption can be applied to companies of various types – some must protect their intellectual work and ideas, and other data of their customers. It is also critical to consider that organizations are represented by the people working in them. Thus, competently sharing roles and responsibilities among them is another crucial component of success. Despite some difficulty in distributing tasks among employees, tools such as the RACI matrix help improve this process.

Suggested RACI Matrix

Task CEO Chief Information Security Officer (CISO) Providers/IT Security Department Departments’
Managers
Employees
Generating information RI R R R RA R
Using information I C C AR
Classifying information AI RC C R R
Managing DLP technologies A RC R C
Using DLP technologies RI RI ARC R R R
Implementing DLP technologies I A RC C

When planning any processes, it is crucial to distribute roles and responsibilities among employees. The RACI matrix is a tool for planning the degree of participation of different employees in the process (Performance Improvement Council (PIC), n.d.). The following designations serve as keys to understanding the matrix:

  • R – Responsible for the task.
  • A – Accountable for employee actions in completing the task.
  • C – Consulted before task execution.
  • I – Informed about achieving a specific task.

Generating Information

Employees performing work in their departments are the primary generators of information used in the company. Departments’ managers are accountable for what information their staff has created. In turn, the most important of the collected data reaches the company’s CEO. It is important to note that information that needs protection is also generated in business communication at various levels; therefore, all stakeholders are marked as responsible.

Using information

Heads of departments receive information from their staff and instructions from the administration. They apply the information received and their knowledge to achieve the goals set by the organization. Managers can get advice from security and IT professionals on how to use data in the most secure way. CEO receives reports from managers to be informed on how any information was applied and its impact.

Classifying information

Classification of data is an integral part of DLP and involves the division of information into specific categories. This tool provides appropriate decisions and guidelines for each type for the best protection (Tierney, 2020). Classification can be carried out by both other departments’ staff and by the IT within the DLP (“Data loss prevention combined,” n.d.). At the same time, managers also play an important role in classification, so three groups are defined as responsible (“Data classification policy,” n.d.). IT and security provide classification advice, and CISO is accountable and informed.

Managing DLP technologies

Responsibility for DLP technology management is shared between IT and security. This distribution of duties will help to avoid abuse of the system (Chheda, 2019). In particular, security personnel can develop a policy for using DLP, and IT manages the technical side. Moreover, departmental managers provide advice on the organization of the DLP in a manner that would not interfere with the work of their staff.

Using DLP technologies

The effectiveness of preventive measures largely depends on the actions of workers. Since information generation occurs at all levels in the organization, all its employees must use DLP (“Data loss prevention combined,” n.d.). The IT department should also familiarize all employees with the peculiarities of using the system and be accountable. Specialists also inform CISO and the CEO of the employees’ success of DLP usage.

Implementing DLP technologies

Installing DLP technologies is the responsibility of the IT department (or hired providers), as they have the necessary knowledge and skills. Before implementation, they, together with the security department, provide the company with consultation on how to do everything for better effectiveness. Finally, the CEO is informed of how the implementation is proceeding, and CISO is accountable; other employees are not involved in this process.

References

Chheda, R. (2019). What is DLP and how to implement it in your organization? Exabeam. Web.

Data classification policy example (n.d.). Netwrix. Web.

Data loss prevention combined with data classification – business benefits. (n.d.). Stinet. Web.

Performance Improvement Council (PIC). (n.d.). RACI Chart Overview [PowerPoint slides]. Web.

Tierney, M. (2020). The importance of data classification for data loss prevention. Netwrix. Web.