Data Leak Protection

Data Leak Protection

Many sensitive and valuable information are stored on a server. In the past few years, there are many security breaches and sensitive information have fallen to hands outside of the organization that is supposed or entrusted to protect and secure it.

Sometimes, this data leak might be accidental like a credit card customer service may send credit card details to a wrong person. Sensitive information in the wrong hands might pose a security risk to the person identity or privacy.

Ways of Data Leakage

  • Web Browsing (HTTP)
  • Email
  • Network Printer
  • Endpoint
  • USB Devices
  • Others
  • Internal Mail
  • WebMail
  • IM Tools

Reasons for Data Loss in Organization

  • Hardware Failure
  • Human Error
  • Theft / Malicious Employee
  • Software Failure
  • Virus

Sarbanes-Oxley Act (SOX) is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms.

The bill, which contains eleven sections, was enacted as a reaction to a number of major corporate and accounting scandals, including Enron, and Worldcom. The sections of the bill cover responsibilities of a public corporation’s board of directors, adds criminal penalties for certain misconduct, and required the Securities and Exchange Commission to create regulations to define how public corporations are to comply with the law.

The Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999 and commonly pronounced ″glibba″, (Pub.L. 106–102, 113 Stat. 1338, enacted November 12, 1999) is an act of the 106th United States Congress (1999–2001). It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company. With the bipartisan passage of the Gramm–Leach–Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies. ”The legislation was signed into law by President Bill Clinton.

A year before the law was passed, Citicorp, a commercial bank holding company, merged with the insurance company Travelers Group in 1998 to form the conglomerate Citigroup, a corporation combining banking, securities and insurance services under a house of brands that included Citibank, Smith Barney, Primerica, and Travelers. Because this merger was a violation of the Glass–Steagall Act and the Bank Holding Company Act of 1956, the Federal Reserve gave Citigroup a temporary waiver in September 1998.[2] Less than a year later, GLBA was passed to legalize these types of mergers on a permanent basis. The law also repealed Glass–Steagall’s conflict of interest prohibitions “against simultaneous service by any officer, director, or employee of a securities firm as an officer, director, or employee of any member bank”.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996.

It has been known as the Kennedy–Kassebaum Act or Kassebaum-Kennedy Act after two of its leading sponsors.[1][2] Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card brands including Visa, MasterCard, American Express, Discover, and JCB. Private label cards –those without a logo from a major card brand are not included in the scope of the PCI DSS.

The PCI Standards is mandated by the card brands and run by the Payment Card Industry Security Standards Council, the standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.