Research Article
PDF EndNote BibTex RIS Cite

BÜYÜK ORTAMLARDA VERİ KAYBINI ÖNLEME PROJELERİNİN UYGULANMASI

Year 2021, Volume 7, Issue 1, 61 - 78, 07.07.2021

Abstract

Veri sızıntısı, veri kaybı önleme (DLP), bilgi sızıntısı önleme (ILP), bilgi koruma ve kontrol (IPC) teknolojisi, verilerin kasıtlı veya kazara dışarı sızmasını önlemek için geliştirilmiştir. Veri kaybı önleme sistemleri, adanmışlık ve proaktiflik açısından güvenlik duvarları veya saldırı tespit sistemleri (IDS) gibi geleneksel güvenlik kontrollerinden farklıdır. Geleneksel güvenlik kontrolleri, verilerin mevcut içeriğine daha az odaklanırlar. Literatürde bazı akademik DLP çalışmaları olmasına rağmen endüstriyel çözümler konusunda çok az çalışma bulunmaktadır. Bu çalışma, Türkiye'deki Sosyal Güvenlik Kurumu (SGK) için kurulan DLP sistemini ele almaktadır. SGK, 28.000 çalışanı ile Türkiye'nin en büyük kurumlarından biridir. Kurulum yöntemleri ve yaşanan sorunlar objektif olarak dikkate alınmış ve endüstriyel DLP sistemlerinin büyük kurumlarda uygulanmasıyla ilgili önemli konulara dikkat çekilmiştir.

References

  • Alneyadi, S., Sithirasenan, E., and Muthukkumarasamy, V. (2016, February). A survey on data leakage prevention systems. Journal of Network and Computer Applications, 62, 137–152.
  • Alhindi, H., Traore, I., and Woungang, I. (2019). Preventing Data Leak through Semantic Analysis. Internet of Things, 100073.
  • Costante, E., Fauri, D., Etalle, S., Hartog, J. Den, and Zannone, N. (2016). A Hybrid Framework for Data Loss Prevention and Detection. Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016, 324–333.
  • Faiz, M.F., Arshad, J., Alazab, M., and Shalaginov, A. (2020). Predicting likelihood of legitimate data loss in email DLP. Future Generation Computer Systems, 110, 744–757.
  • Gordon, P. (2007). Data Leakage - Threats and Mitigation. SANS Institute, Tech. Rep.
  • Guevara, C., Santos, M., and López, V. (2017). Data leakage detection algorithm based on task sequences and probabilities. Knowledge-Based Systems, 120, 236–246.
  • Hooson, S. (2015). Smarten your data security before new EU legislation or risk corporate loss. Network Security, 63, 366-375.
  • Huth, C.L., Chadwick, D.W., Claycomb, W.R., and You, I. (2013). Guest editorial: A brief overview of data leakage and insider threats. Information Systems Frontiers, 15(1): 1–4.
  • IBM/ObserveIT (2020). Cost of insider threats 2020 report.
  • Liu, S. and Kuhn, R. (2010). Data loss prevention. IT Professional, 12(2):10–13.
  • Magic Quadrant for Endpoint Protection Platforms, Gartner, Jan. 2016.
  • Protecting Corporate Information in the Cloud; WSJ Custom Studios.
  • Rogowski, W. (2013). The right approach to data loss prevention. Computer Fraud and Security, 8 (2013), 5–7.
  • Symantec™ Data Loss Prevention System Requirements and Compatibility Guide – v14.6(2017).
  • Tahboub, R. and Saleh, Y. (2014). Data leakage/loss prevention systems (DLP). 2014 World Congress on Computer Applications and Information Systems, WCCAIS 2014.
  • Van der Kleij, R., Wijn, R., and Hof, T. (2020, October). An application and empirical test of the Capability Opportunity Motivation-Behaviour model to data leakage prevention in financial organizations. Computers and Security, 97.
  • Wüchner, T. and Pretschner, A. (2012). Data loss prevention based on data-driven usage control. Proceedings - International Symposium on Software Reliability Engineering, ISSRE, 151–160.

DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS

Year 2021, Volume 7, Issue 1, 61 - 78, 07.07.2021

Abstract

Data Leakage or Loss Prevention (DLP) or information leak prevention (ILP) or information protection and control (IPC) technology has been developed to prevent data from intentionally or accidentally leaking out. Data loss prevention systems differ from conventional security controls such as firewalls or intrusion detection systems (IDS) in terms of dedication and proactivity. Conventional security controls have less dedication to the actual content of the data. Although there are some academic DLP studies in the literature, very few studies on industrial solutions. This study established a DLP system for the Social Security Institution (Sosyal Güvenlik Kurumu, SGK) of Turkey. SGK is Turkey's one of the biggest institutions with 28,000 employees. Installation methods and experienced problems were noted objectively. And important things about the implementation of industrial DLP systems in large institutions have been marked.

References

  • Alneyadi, S., Sithirasenan, E., and Muthukkumarasamy, V. (2016, February). A survey on data leakage prevention systems. Journal of Network and Computer Applications, 62, 137–152.
  • Alhindi, H., Traore, I., and Woungang, I. (2019). Preventing Data Leak through Semantic Analysis. Internet of Things, 100073.
  • Costante, E., Fauri, D., Etalle, S., Hartog, J. Den, and Zannone, N. (2016). A Hybrid Framework for Data Loss Prevention and Detection. Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016, 324–333.
  • Faiz, M.F., Arshad, J., Alazab, M., and Shalaginov, A. (2020). Predicting likelihood of legitimate data loss in email DLP. Future Generation Computer Systems, 110, 744–757.
  • Gordon, P. (2007). Data Leakage - Threats and Mitigation. SANS Institute, Tech. Rep.
  • Guevara, C., Santos, M., and López, V. (2017). Data leakage detection algorithm based on task sequences and probabilities. Knowledge-Based Systems, 120, 236–246.
  • Hooson, S. (2015). Smarten your data security before new EU legislation or risk corporate loss. Network Security, 63, 366-375.
  • Huth, C.L., Chadwick, D.W., Claycomb, W.R., and You, I. (2013). Guest editorial: A brief overview of data leakage and insider threats. Information Systems Frontiers, 15(1): 1–4.
  • IBM/ObserveIT (2020). Cost of insider threats 2020 report.
  • Liu, S. and Kuhn, R. (2010). Data loss prevention. IT Professional, 12(2):10–13.
  • Magic Quadrant for Endpoint Protection Platforms, Gartner, Jan. 2016.
  • Protecting Corporate Information in the Cloud; WSJ Custom Studios.
  • Rogowski, W. (2013). The right approach to data loss prevention. Computer Fraud and Security, 8 (2013), 5–7.
  • Symantec™ Data Loss Prevention System Requirements and Compatibility Guide – v14.6(2017).
  • Tahboub, R. and Saleh, Y. (2014). Data leakage/loss prevention systems (DLP). 2014 World Congress on Computer Applications and Information Systems, WCCAIS 2014.
  • Van der Kleij, R., Wijn, R., and Hof, T. (2020, October). An application and empirical test of the Capability Opportunity Motivation-Behaviour model to data leakage prevention in financial organizations. Computers and Security, 97.
  • Wüchner, T. and Pretschner, A. (2012). Data loss prevention based on data-driven usage control. Proceedings - International Symposium on Software Reliability Engineering, ISSRE, 151–160.

Details

Primary Language English
Subjects Social
Journal Section Articles
Authors

Yenal ARSLAN> (Primary Author)
Sosyal Güvenlik Kurumu SGK
0000-0002-1776-6091
Türkiye

Early Pub Date July 8, 2021
Publication Date July 7, 2021
Published in Issue Year 2021, Volume 7, Issue 1

Cite

Bibtex @research article { ybs876190, journal = {Yönetim Bilişim Sistemleri Dergisi}, issn = {2630-550X}, eissn = {2630-550X}, address = {}, publisher = {Vahap TECİM}, year = {2021}, volume = {7}, number = {1}, pages = {61 - 78}, title = {DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS}, key = {cite}, author = {Arslan, Yenal} }
APA Arslan, Y. (2021). DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS . Yönetim Bilişim Sistemleri Dergisi , 7 (1) , 61-78 . Retrieved from https://dergipark.org.tr/en/pub/ybs/issue/63606/876190
MLA Arslan, Y. "DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS" . Yönetim Bilişim Sistemleri Dergisi 7 (2021 ): 61-78 <https://dergipark.org.tr/en/pub/ybs/issue/63606/876190>
Chicago Arslan, Y. "DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS". Yönetim Bilişim Sistemleri Dergisi 7 (2021 ): 61-78
RIS TY - JOUR T1 - DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS AU - YenalArslan Y1 - 2021 PY - 2021 N1 - DO - T2 - Yönetim Bilişim Sistemleri Dergisi JF - Journal JO - JOR SP - 61 EP - 78 VL - 7 IS - 1 SN - 2630-550X-2630-550X M3 - UR - Y2 - 2021 ER -
EndNote %0 Yönetim Bilişim Sistemleri Dergisi DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS %A Yenal Arslan %T DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS %D 2021 %J Yönetim Bilişim Sistemleri Dergisi %P 2630-550X-2630-550X %V 7 %N 1 %R %U
ISNAD Arslan, Yenal . "DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS". Yönetim Bilişim Sistemleri Dergisi 7 / 1 (July 2021): 61-78 .
AMA Arslan Y. DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS. Yönetim Bilişim Sistemleri Dergisi. 2021; 7(1): 61-78.
Vancouver Arslan Y. DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS. Yönetim Bilişim Sistemleri Dergisi. 2021; 7(1): 61-78.
IEEE Y. Arslan , "DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS", Yönetim Bilişim Sistemleri Dergisi, vol. 7, no. 1, pp. 61-78, Jul. 2021