SlideShare une entreprise Scribd logo

IRJET- Data Leak Prevention System: A Survey

IRJET Journal
IRJET Journal

https://www.irjet.net/archives/V6/i10/IRJET-V6I1038.pdf

Ingénierie
1  sur  3
Télécharger pour lire hors ligne
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 10 | Oct 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 197 Data Leak Prevention System: A Survey Prasad Jadhav1, P. M. Chawan2 1M. Tech Student, Department of Computer Engineering and IT, VJTI College, Maharashtra, India 2Associate Professor, Department of Computer Engineering and IT, VJTI College, Maharashtra, India ---------------------------------------------------------------------***---------------------------------------------------------------------- Abstract - In recent years, manycompaniesandinstitutions tend to keep most of their data in digital format. There is a large specter of information stored by such entities, like medical records, contracts, internal procedures, etc. that can be considered as being confidential, thus protecting them is a great concern. Since employees have access to such information, either by negligence or bad intention, they could leak the information. Hence, information security has become a big concern for the organizations. In this article we propose a software architecture known as Data Leak Prevention System that can achieve the goals of information security of the organizations. This architecture is designed to highly regulate access to private data, and furthermore, to identify which parts of the system can be subjected to external hacking or inside attacks. The proposed architecture focuses mainly on preventing massive data leaks. The architecture guarantees that any access to sensitive data is logged into an external system which cannot be affected by the attackers. Key Words: Data Leak Prevention 1. INTRODUCTION This Currently, security hasbecomeanessential factorin our day to day life. Security is required in Industrial sector as well as government sector. A malicious attacker can use various methods to access the private information. To avoid this is one of the goals of the information security. As we know that we require security in our daily life, similarly we need to implement various strategies to secure the information. Data leak is the unauthorized exchange of data between an organization and an external destination or recipient.Adata breach or data leak is the release of confidential or sensitive information to the unauthorized users.Data leak canhappen because of a programmer assault, intentional leak by employees of the organization, or unintentional loss or exposure of data. It implies that the data is transferred electronically or physically. Data leak usually occurs via the web and email. It can also occur via mobile data storage devices such as optical media, USB keys, and laptops. Data leak is also known as data theft and is a huge problem for data security. Regardless of size or industry, it can cause serious damage to any organization. Any organization will want to protect themselves from threats like declining revenue, tarnished reputation, massivefinancial penaltiesor lawsuits. There are many different types of data leak like Accidental Breach, Disgruntled or Ill-Intentioned Employee, Electronic Communications with Malicious Intent, etc.andit is important to understand that the problem can be initiated via an internal or external source.Thefollowingarecommon causes of data loss. 1. Natural Disaster: Your hard drive can be damaged due to fire, flood or some other unforeseen disasters. However, the data can still be retrievedin such situations. 2. Accidental Damage: If a drive or disk is mishandled or accidentally dropped,thismaycause trauma and loss of data. Data recovery is also possible in this case. 3. Accidental drive format: Sometimes users accidentally format their drives and this results in instant loss of data. However, it is possible to recover your data in a situation like this. Users can get help from the experts. 4. Accidental Deletionof Data:Therearetimeswhen you accidentally delete a file or a program from your hard drive. This is an unintentional deletion which may go unnoticed for a long time. Administrative errors also fall under this category. The best way is to think carefully before you delete any data or program. 5. Intentional Deletion of Data: You may have deleted a file intentionally from your system and later decided you wanted the file back. You can still recover your data from the recycle bin. If you have emptied your recycle bin, you can use software recover deleted recycle bin files. 6. Corrupted Data: If your file system or database is corrupted, then it will inevitablyleadtolossdata.At the same time, it is possible to recover data from a corrupt file system using an appropriate software tool. 7. Power Failure: If you experience power failure before you have the opportunity to save your work, you may lose valuable data. It is better to keep saving as your work. 8. Software Failure: When the application software suddenly crashes orfreezeswhileworking,thismay result in severe damage to the hard drive. This causes the program close suddenly and all unsaved work is lost.
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 10 | Oct 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 198 9. Virus Attack: If a machine is deeply infected by viruses and worms, spyware, adware and some deadly computer parasites, this can lead to total corruption and loss of data. Installing a very good anti-virus program will reduce the possibility of having a fatal virus attack. 10. Malicious Attack: Professional hackers or competitors can invade into the systemanddestroy it. This will obviously lead to loss of data. Data Leak Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data. Organizations use DLP to protect their data and comply with regulations and policies. The term DLP refers to defending organizationsagainstboth data loss and data leak prevention. The term data leak refers to an event in which important information to the organization is leaked to the unauthorized environment. Data leak prevention focuses on preventing illicit transfer of data outside the institutional boundaries. Figure 1. DLP: Data Leak Prevention Model Data Leak Prevention (DLP) systems are increasingly being implemented by various organizations. Unlike the standard security mechanisms such as firewalls and intrusion detection systems (IDS), the DLP systems are designated systems which are used to protect in use, in transit and at rest data. DLP system analytically uses the content and surrounding context of confidential data to detect and prevent unauthorized access to confidential data. DLP system that use content analysis techniques are largely dependent upon regular expressions, data fingerprinting, and statistical analysis to detect data leaks. 2. LITRATURE REVIEW The following are various methods to implement Data Leak Prevention System: 1. Implementation of a single centralized DLPprogram: Many enterprises and business units implement inconsistent and ad hoc DLP systems. This inconsistency results in lack of visibility into data assets and weak data security. Also, the employees tend to ignore department DLP programs that the rest of the organization does not support. 2. Evaluation of Internal Resources: To create and implement a DLP system, an organization needs skilled personnel with DLP technical expertise, including DLP riskanalysis,dataleakresponseandreporting, data protection laws, and DLP training and awareness. Some government regulations and policies make it mandatory for the organizations to either employ internal staff or retain external consultants with data protection knowledge. 3. Conducting an Inventory and Assessment: An evaluation of the types of data and their value to the organization serve as prerequisites in implementation of a DLP program. This involves identification of relevant data, determining the locationofdata,andwhetheritisintellectual property, confidential information, or data that regulations address. DLP products like McAfee DLP are capable of identifying the information assets by scanning the metadata of files and cataloging the result, or by opening the files to analyze the content. The next step is the evaluation of risk associated with each type of data. In additiontothis,dataexit pointsand the cost to the organization in case of datalossare also considered. 4. Implementation in Phases: Implementation of DLP is a long-term process. The best way is to implement DLP in stages. The most effective approach is to prioritizethetypesofdataandcommunication channels. Likewise, implementation of DLP software components or modules as needed, based on the organization's priorities should be considered rather than implementing it all at once. 5. Creating a Classification System: Before an organization can create and implement DLP policies, it needsadataclassificationframeworkortaxonomy for both unstructured and structured data. Data security can be classified as confidential, internal, public, personally identifiable information (PII), financial data, regulated data, intellectual property, and others. DLP productscanscandata using various methods, which helps the organization to identify the key categories of data. The DLP software automates classification and users can select and customize the categories. Content owners can also visually evaluate certain types of contentthatcannotbeidentifiedusingsimple keywords or phrases. 6. Establishment of Data Handling and Remediation Policies: After creating the classification framework for data, the next step is to create policies for handling various types of data. The DLP policies for handling sensitive data are specified by the Government requirements. DLP solutions typically apply policies based on various regulations like HIPAA or GDPR. The policies as per the needs of the organization are customized by the DLP staff. The DLP enforcement products monitor outgoingchannels(likeemail and web chat) and provide options for handling potential security breaches in order to administer the policies. For
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 10 | Oct 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 199 example, if an employee is about to send an email with a sensitive attachment, hemightreceiveapop-upthatsuggests encrypting the message. The system can block it completely or redirect it to the line manager. The response is based on rules and policies established by the organization. 7. Education and Training of Employees: Employee awareness and acceptance of security policies is essential for DLP system. Online training, classes, periodic emails, and posters can improve employee understanding of the importance of data security and enhance their ability to follow recommended best DLP approach 3. DLP ARCHITECTURE Figure 2. Data Leak Prevention System Architecture The data in an organization is classified into three security classes as top secret, restricted and unrestricted. Whenever the user wants to send data over the internet, this information will be monitored by the DLP system. The system will calculate the semantic similarity and check whether the data is top secret, restricted or unrestricted. If the data is unrestricted, the user can send the information. If it is restricted or top secret, the user will not be allowed to send this information as it may lead to intentional or unintentional data leak. The organizations can set policies for the users based on which the DLP system will monitor their activities. Since the information is classified into security classes, documents which are restricted can be detected and remedial actions such as blocks, alerts, and quarantines can be undertaken. 4. CONCLUSIONS In this paper, a Data Leak Prevention System is proposed to detect and prevent the data from the leak, thereby achieving the security goals of an organization. The proposed technique has been tested against different scenarios in which the DLP system dealt with various types of data. This technique is simple, easy to implement, and can beuseful for many organizations. REFERENCES [1] S. Czerwinski, R. Fromm, and T. Hodes, “Digital Music Distribution and Audio Watermarking, ”http://www.scientificcommons.org/43025658,2007. Available at: www.researchpublications.org NCAICN- 2013, PRMITR,Badnera 399 [2] Y. Li, V. Swarup, and S. Jajodia, “Fingerprinting Relational Databases: Schemes and Specialties,” IEEE Trans. Dependable and Secure Computing, vol. 2, no. 1, pp. 34-45, Jan.-Mar. 2015. [3] Y. Cui and J. Widom, “Lineage Tracing for General Data Warehouse Transformations,” The VLDB J., vol. 12, pp. 41-58, 2014. [4] Panagiotis Papadimitriou and Hector Garcia-Molina, “Data Leakage Detection,” IEEE Trans, Knowledge and Data Engineering, vol. 23, no. 1, January 2013. [5] P. Bonatti, S.D.C. di Vimercati, and P. Samarati, “An Algebra for Composing Access Control Policies,” ACM Trans. Information and System Security, vol. 5, no. 1, pp.1-35, 2011. BIOGRAPHIES Prasad Jadhav is currently persuing M. Tech from VJTI COE, Mumbai. He has done his B.E.(IT) from Sardar Patel Institute of Technology Pramila M. Chawan is working as an Associate Professor in the ComputerEngineeringDepartment of VJTI, Mumbai. She has done her B. E.(Computer Engg.) and M.E (Computer Engineering) from VJTI COE, Mumbai University. She has 27 years of teaching experience and has guided 75+ M. Tech. projects and 100+ B. Tech. projects. She has published 99 papers in the International Journals, 21 papers in the National/Internationalconferences /symposiums. She has worked as an Organizing Committee member for 13 International Conferences, one National Conference and 4 AICTE workshops. She has worked as NBA coordinator of Computer Engineering Department of VJTI for 5 years. She had written proposal for VJTI under TEQIP-I in June 2004 for creating Central Computing Facility at VJTI. Rs. Eight Crore (Rs. 8,00,00,000/-) were sanctioned by the World Bank on this proposal.

Recommandé

Dlp notes
Dlp notesDlp notes
Dlp notes
anuepcet
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
LindaWatson19
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET Journal
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10
jpmccormack
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
PrescottLunt384
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.com
amaranthbeg52
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
IJERA Editor
 
A Survey On Data Leakage Detection
A Survey On Data Leakage DetectionA Survey On Data Leakage Detection
A Survey On Data Leakage Detection
IJERA Editor
 

Recommandé

Dlp notes
Dlp notesDlp notes
Dlp notes
anuepcet
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
LindaWatson19
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET Journal
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10
jpmccormack
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
PrescottLunt384
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.com
amaranthbeg52
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
IJERA Editor
 
A Survey On Data Leakage Detection
A Survey On Data Leakage DetectionA Survey On Data Leakage Detection
A Survey On Data Leakage Detection
IJERA Editor
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
ALI ANWAR, OCP®
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.com
amaranthbeg55
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based Approach
Global Business Events - the Heart of your Network.
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
Jeff Lemmermann
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
PrescottLunt386
 
The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...
Vincent O'Neil
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company
Abdulrahman Alamri
 
IRJET- Detecting Data Leakage and Implementing Security Measures in Cloud Com...
IRJET- Detecting Data Leakage and Implementing Security Measures in Cloud Com...IRJET- Detecting Data Leakage and Implementing Security Measures in Cloud Com...
IRJET- Detecting Data Leakage and Implementing Security Measures in Cloud Com...
IRJET Journal
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORK
ijcsit
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
SecurityMetrics
 
Data Encryption Is Hard To Do Fiberlink
Data Encryption Is Hard To Do FiberlinkData Encryption Is Hard To Do Fiberlink
Data Encryption Is Hard To Do Fiberlink
Product Marketing Services
 
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyIT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
James Konderla
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET Journal
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
SecurityMetrics
 
Strategies for Data Leakage Prevention
Strategies for Data Leakage PreventionStrategies for Data Leakage Prevention
Strategies for Data Leakage Prevention
IRJET Journal
 
data-leakage-prevention
data-leakage-prevention data-leakage-prevention
data-leakage-prevention
anuepcet
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
Digital Guardian
 
A System for Detection and Prevention of Data Leak
A System for Detection and Prevention of Data LeakA System for Detection and Prevention of Data Leak
A System for Detection and Prevention of Data Leak
IRJET Journal
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
Patty Buckley
 
626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools
Splitty
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
toltonkendal
 

Contenu connexe

Tendances

The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...
Vincent O'Neil
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORK
ijcsit
 
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyIT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
James Konderla
 

Tendances (14)

Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.com
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based Approach
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company
 
IRJET- Detecting Data Leakage and Implementing Security Measures in Cloud Com...
IRJET- Detecting Data Leakage and Implementing Security Measures in Cloud Com...IRJET- Detecting Data Leakage and Implementing Security Measures in Cloud Com...
IRJET- Detecting Data Leakage and Implementing Security Measures in Cloud Com...
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORK
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
Data Encryption Is Hard To Do Fiberlink
Data Encryption Is Hard To Do FiberlinkData Encryption Is Hard To Do Fiberlink
Data Encryption Is Hard To Do Fiberlink
 
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyIT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
 
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 

Similaire à IRJET- Data Leak Prevention System: A Survey

Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
Patty Buckley
 
626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools
Splitty
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
toltonkendal
 
Search Inform DLP
Search Inform DLPSearch Inform DLP
Search Inform DLP
Sergei Yavchenko
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdata
Online Business
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
mistryritesh
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
IlonaThornburg83
 
Final review m score
Final review m scoreFinal review m score
Final review m score
azhar4010
 

Similaire à IRJET- Data Leak Prevention System: A Survey (20)

Strategies for Data Leakage Prevention
Strategies for Data Leakage PreventionStrategies for Data Leakage Prevention
Strategies for Data Leakage Prevention
 
data-leakage-prevention
data-leakage-prevention data-leakage-prevention
data-leakage-prevention
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
 
A System for Detection and Prevention of Data Leak
A System for Detection and Prevention of Data LeakA System for Detection and Prevention of Data Leak
A System for Detection and Prevention of Data Leak
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
Search Inform DLP
Search Inform DLPSearch Inform DLP
Search Inform DLP
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdata
 
Computer security
Computer securityComputer security
Computer security
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External Attacks
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
Final review m score
Final review m scoreFinal review m score
Final review m score
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 

Plus de IRJET Journal

Plus de IRJET Journal (20)

TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
 
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURESTUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
 
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
 
Effect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil CharacteristicsEffect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil Characteristics
 
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
 
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
 
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
 
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
 
A REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADASA REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADAS
 
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
 
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD ProP.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
 
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
 
Survey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare SystemSurvey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare System
 
Review on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridgesReview on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridges
 
React based fullstack edtech web application
React based fullstack edtech web applicationReact based fullstack edtech web application
React based fullstack edtech web application
 
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
 
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
 
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
 
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic DesignMultistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
 
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
 

Dernier

Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
HenryBriggs2
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Call Girls Mumbai
 

Dernier (20)

Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Bridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxBridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptx
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Rums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdfRums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdf
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
 

IRJET- Data Leak Prevention System: A Survey

  • 1. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 10 | Oct 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 197 Data Leak Prevention System: A Survey Prasad Jadhav1, P. M. Chawan2 1M. Tech Student, Department of Computer Engineering and IT, VJTI College, Maharashtra, India 2Associate Professor, Department of Computer Engineering and IT, VJTI College, Maharashtra, India ---------------------------------------------------------------------***---------------------------------------------------------------------- Abstract - In recent years, manycompaniesandinstitutions tend to keep most of their data in digital format. There is a large specter of information stored by such entities, like medical records, contracts, internal procedures, etc. that can be considered as being confidential, thus protecting them is a great concern. Since employees have access to such information, either by negligence or bad intention, they could leak the information. Hence, information security has become a big concern for the organizations. In this article we propose a software architecture known as Data Leak Prevention System that can achieve the goals of information security of the organizations. This architecture is designed to highly regulate access to private data, and furthermore, to identify which parts of the system can be subjected to external hacking or inside attacks. The proposed architecture focuses mainly on preventing massive data leaks. The architecture guarantees that any access to sensitive data is logged into an external system which cannot be affected by the attackers. Key Words: Data Leak Prevention 1. INTRODUCTION This Currently, security hasbecomeanessential factorin our day to day life. Security is required in Industrial sector as well as government sector. A malicious attacker can use various methods to access the private information. To avoid this is one of the goals of the information security. As we know that we require security in our daily life, similarly we need to implement various strategies to secure the information. Data leak is the unauthorized exchange of data between an organization and an external destination or recipient.Adata breach or data leak is the release of confidential or sensitive information to the unauthorized users.Data leak canhappen because of a programmer assault, intentional leak by employees of the organization, or unintentional loss or exposure of data. It implies that the data is transferred electronically or physically. Data leak usually occurs via the web and email. It can also occur via mobile data storage devices such as optical media, USB keys, and laptops. Data leak is also known as data theft and is a huge problem for data security. Regardless of size or industry, it can cause serious damage to any organization. Any organization will want to protect themselves from threats like declining revenue, tarnished reputation, massivefinancial penaltiesor lawsuits. There are many different types of data leak like Accidental Breach, Disgruntled or Ill-Intentioned Employee, Electronic Communications with Malicious Intent, etc.andit is important to understand that the problem can be initiated via an internal or external source.Thefollowingarecommon causes of data loss. 1. Natural Disaster: Your hard drive can be damaged due to fire, flood or some other unforeseen disasters. However, the data can still be retrievedin such situations. 2. Accidental Damage: If a drive or disk is mishandled or accidentally dropped,thismaycause trauma and loss of data. Data recovery is also possible in this case. 3. Accidental drive format: Sometimes users accidentally format their drives and this results in instant loss of data. However, it is possible to recover your data in a situation like this. Users can get help from the experts. 4. Accidental Deletionof Data:Therearetimeswhen you accidentally delete a file or a program from your hard drive. This is an unintentional deletion which may go unnoticed for a long time. Administrative errors also fall under this category. The best way is to think carefully before you delete any data or program. 5. Intentional Deletion of Data: You may have deleted a file intentionally from your system and later decided you wanted the file back. You can still recover your data from the recycle bin. If you have emptied your recycle bin, you can use software recover deleted recycle bin files. 6. Corrupted Data: If your file system or database is corrupted, then it will inevitablyleadtolossdata.At the same time, it is possible to recover data from a corrupt file system using an appropriate software tool. 7. Power Failure: If you experience power failure before you have the opportunity to save your work, you may lose valuable data. It is better to keep saving as your work. 8. Software Failure: When the application software suddenly crashes orfreezeswhileworking,thismay result in severe damage to the hard drive. This causes the program close suddenly and all unsaved work is lost.
  • 2. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 10 | Oct 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 198 9. Virus Attack: If a machine is deeply infected by viruses and worms, spyware, adware and some deadly computer parasites, this can lead to total corruption and loss of data. Installing a very good anti-virus program will reduce the possibility of having a fatal virus attack. 10. Malicious Attack: Professional hackers or competitors can invade into the systemanddestroy it. This will obviously lead to loss of data. Data Leak Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data. Organizations use DLP to protect their data and comply with regulations and policies. The term DLP refers to defending organizationsagainstboth data loss and data leak prevention. The term data leak refers to an event in which important information to the organization is leaked to the unauthorized environment. Data leak prevention focuses on preventing illicit transfer of data outside the institutional boundaries. Figure 1. DLP: Data Leak Prevention Model Data Leak Prevention (DLP) systems are increasingly being implemented by various organizations. Unlike the standard security mechanisms such as firewalls and intrusion detection systems (IDS), the DLP systems are designated systems which are used to protect in use, in transit and at rest data. DLP system analytically uses the content and surrounding context of confidential data to detect and prevent unauthorized access to confidential data. DLP system that use content analysis techniques are largely dependent upon regular expressions, data fingerprinting, and statistical analysis to detect data leaks. 2. LITRATURE REVIEW The following are various methods to implement Data Leak Prevention System: 1. Implementation of a single centralized DLPprogram: Many enterprises and business units implement inconsistent and ad hoc DLP systems. This inconsistency results in lack of visibility into data assets and weak data security. Also, the employees tend to ignore department DLP programs that the rest of the organization does not support. 2. Evaluation of Internal Resources: To create and implement a DLP system, an organization needs skilled personnel with DLP technical expertise, including DLP riskanalysis,dataleakresponseandreporting, data protection laws, and DLP training and awareness. Some government regulations and policies make it mandatory for the organizations to either employ internal staff or retain external consultants with data protection knowledge. 3. Conducting an Inventory and Assessment: An evaluation of the types of data and their value to the organization serve as prerequisites in implementation of a DLP program. This involves identification of relevant data, determining the locationofdata,andwhetheritisintellectual property, confidential information, or data that regulations address. DLP products like McAfee DLP are capable of identifying the information assets by scanning the metadata of files and cataloging the result, or by opening the files to analyze the content. The next step is the evaluation of risk associated with each type of data. In additiontothis,dataexit pointsand the cost to the organization in case of datalossare also considered. 4. Implementation in Phases: Implementation of DLP is a long-term process. The best way is to implement DLP in stages. The most effective approach is to prioritizethetypesofdataandcommunication channels. Likewise, implementation of DLP software components or modules as needed, based on the organization's priorities should be considered rather than implementing it all at once. 5. Creating a Classification System: Before an organization can create and implement DLP policies, it needsadataclassificationframeworkortaxonomy for both unstructured and structured data. Data security can be classified as confidential, internal, public, personally identifiable information (PII), financial data, regulated data, intellectual property, and others. DLP productscanscandata using various methods, which helps the organization to identify the key categories of data. The DLP software automates classification and users can select and customize the categories. Content owners can also visually evaluate certain types of contentthatcannotbeidentifiedusingsimple keywords or phrases. 6. Establishment of Data Handling and Remediation Policies: After creating the classification framework for data, the next step is to create policies for handling various types of data. The DLP policies for handling sensitive data are specified by the Government requirements. DLP solutions typically apply policies based on various regulations like HIPAA or GDPR. The policies as per the needs of the organization are customized by the DLP staff. The DLP enforcement products monitor outgoingchannels(likeemail and web chat) and provide options for handling potential security breaches in order to administer the policies. For
  • 3. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 10 | Oct 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 199 example, if an employee is about to send an email with a sensitive attachment, hemightreceiveapop-upthatsuggests encrypting the message. The system can block it completely or redirect it to the line manager. The response is based on rules and policies established by the organization. 7. Education and Training of Employees: Employee awareness and acceptance of security policies is essential for DLP system. Online training, classes, periodic emails, and posters can improve employee understanding of the importance of data security and enhance their ability to follow recommended best DLP approach 3. DLP ARCHITECTURE Figure 2. Data Leak Prevention System Architecture The data in an organization is classified into three security classes as top secret, restricted and unrestricted. Whenever the user wants to send data over the internet, this information will be monitored by the DLP system. The system will calculate the semantic similarity and check whether the data is top secret, restricted or unrestricted. If the data is unrestricted, the user can send the information. If it is restricted or top secret, the user will not be allowed to send this information as it may lead to intentional or unintentional data leak. The organizations can set policies for the users based on which the DLP system will monitor their activities. Since the information is classified into security classes, documents which are restricted can be detected and remedial actions such as blocks, alerts, and quarantines can be undertaken. 4. CONCLUSIONS In this paper, a Data Leak Prevention System is proposed to detect and prevent the data from the leak, thereby achieving the security goals of an organization. The proposed technique has been tested against different scenarios in which the DLP system dealt with various types of data. This technique is simple, easy to implement, and can beuseful for many organizations. REFERENCES [1] S. Czerwinski, R. Fromm, and T. Hodes, “Digital Music Distribution and Audio Watermarking, ”http://www.scientificcommons.org/43025658,2007. Available at: www.researchpublications.org NCAICN- 2013, PRMITR,Badnera 399 [2] Y. Li, V. Swarup, and S. Jajodia, “Fingerprinting Relational Databases: Schemes and Specialties,” IEEE Trans. Dependable and Secure Computing, vol. 2, no. 1, pp. 34-45, Jan.-Mar. 2015. [3] Y. Cui and J. Widom, “Lineage Tracing for General Data Warehouse Transformations,” The VLDB J., vol. 12, pp. 41-58, 2014. [4] Panagiotis Papadimitriou and Hector Garcia-Molina, “Data Leakage Detection,” IEEE Trans, Knowledge and Data Engineering, vol. 23, no. 1, January 2013. [5] P. Bonatti, S.D.C. di Vimercati, and P. Samarati, “An Algebra for Composing Access Control Policies,” ACM Trans. Information and System Security, vol. 5, no. 1, pp.1-35, 2011. BIOGRAPHIES Prasad Jadhav is currently persuing M. Tech from VJTI COE, Mumbai. He has done his B.E.(IT) from Sardar Patel Institute of Technology Pramila M. Chawan is working as an Associate Professor in the ComputerEngineeringDepartment of VJTI, Mumbai. She has done her B. E.(Computer Engg.) and M.E (Computer Engineering) from VJTI COE, Mumbai University. She has 27 years of teaching experience and has guided 75+ M. Tech. projects and 100+ B. Tech. projects. She has published 99 papers in the International Journals, 21 papers in the National/Internationalconferences /symposiums. She has worked as an Organizing Committee member for 13 International Conferences, one National Conference and 4 AICTE workshops. She has worked as NBA coordinator of Computer Engineering Department of VJTI for 5 years. She had written proposal for VJTI under TEQIP-I in June 2004 for creating Central Computing Facility at VJTI. Rs. Eight Crore (Rs. 8,00,00,000/-) were sanctioned by the World Bank on this proposal.