BÜYÜK ORTAMLARDA VERİ KAYBINI ÖNLEME PROJELERİNİN UYGULANMASI

Yıl 2021, Cilt: 7 Sayı: 1, 61 - 78, 07.07.2021

Yenal Arslan

Öz

Veri sızıntısı, veri kaybı önleme (DLP), bilgi sızıntısı önleme (ILP), bilgi koruma ve kontrol (IPC) teknolojisi, verilerin kasıtlı veya kazara dışarı sızmasını önlemek için geliştirilmiştir. Veri kaybı önleme sistemleri, adanmışlık ve proaktiflik açısından güvenlik duvarları veya saldırı tespit sistemleri (IDS) gibi geleneksel güvenlik kontrollerinden farklıdır. Geleneksel güvenlik kontrolleri, verilerin mevcut içeriğine daha az odaklanırlar.
Literatürde bazı akademik DLP çalışmaları olmasına rağmen endüstriyel çözümler konusunda çok az çalışma bulunmaktadır. Bu çalışma, Türkiye'deki Sosyal Güvenlik Kurumu (SGK) için kurulan DLP sistemini ele almaktadır. SGK, 28.000 çalışanı ile Türkiye'nin en büyük kurumlarından biridir. Kurulum yöntemleri ve yaşanan sorunlar objektif olarak dikkate alınmış ve endüstriyel DLP sistemlerinin büyük kurumlarda uygulanmasıyla ilgili önemli konulara dikkat çekilmiştir.

Anahtar Kelimeler

siber güvenlik, veri kaybı önleme, veri sızıntısı, siber güvenlik yönetimi

DEPLOYING DATA LOSS PREVENTION PROJECTS IN BIG ENVIRONMENTS

Öz

Data Leakage or Loss Prevention (DLP) or information leak prevention (ILP) or information protection and control (IPC) technology has been developed to prevent data from intentionally or accidentally leaking out. Data loss prevention systems differ from conventional security controls such as firewalls or intrusion detection systems (IDS) in terms of dedication and proactivity. Conventional security controls have less dedication to the actual content of the data.
Although there are some academic DLP studies in the literature, very few studies on industrial solutions. This study established a DLP system for the Social Security Institution (Sosyal Güvenlik Kurumu, SGK) of Turkey. SGK is Turkey's one of the biggest institutions with 28,000 employees. Installation methods and experienced problems were noted objectively. And important things about the implementation of industrial DLP systems in large institutions have been marked.

Anahtar Kelimeler

cyber security, data loss prevention, data leakage, cyber security management

Kaynakça

• Alneyadi, S., Sithirasenan, E., and Muthukkumarasamy, V. (2016, February). A survey on data leakage prevention systems. Journal of Network and Computer Applications, 62, 137–152.
• Alhindi, H., Traore, I., and Woungang, I. (2019). Preventing Data Leak through Semantic Analysis. Internet of Things, 100073.
• Costante, E., Fauri, D., Etalle, S., Hartog, J. Den, and Zannone, N. (2016). A Hybrid Framework for Data Loss Prevention and Detection. Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016, 324–333.
• Faiz, M.F., Arshad, J., Alazab, M., and Shalaginov, A. (2020). Predicting likelihood of legitimate data loss in email DLP. Future Generation Computer Systems, 110, 744–757.
• Gordon, P. (2007). Data Leakage - Threats and Mitigation. SANS Institute, Tech. Rep.
• Guevara, C., Santos, M., and López, V. (2017). Data leakage detection algorithm based on task sequences and probabilities. Knowledge-Based Systems, 120, 236–246.
• Hooson, S. (2015). Smarten your data security before new EU legislation or risk corporate loss. Network Security, 63, 366-375.
• Huth, C.L., Chadwick, D.W., Claycomb, W.R., and You, I. (2013). Guest editorial: A brief overview of data leakage and insider threats. Information Systems Frontiers, 15(1): 1–4.
• IBM/ObserveIT (2020). Cost of insider threats 2020 report.
• Liu, S. and Kuhn, R. (2010). Data loss prevention. IT Professional, 12(2):10–13.
• Magic Quadrant for Endpoint Protection Platforms, Gartner, Jan. 2016.
• Protecting Corporate Information in the Cloud; WSJ Custom Studios.
• Rogowski, W. (2013). The right approach to data loss prevention. Computer Fraud and Security, 8 (2013), 5–7.
• Symantec™ Data Loss Prevention System Requirements and Compatibility Guide – v14.6(2017).
• Tahboub, R. and Saleh, Y. (2014). Data leakage/loss prevention systems (DLP). 2014 World Congress on Computer Applications and Information Systems, WCCAIS 2014.
• Van der Kleij, R., Wijn, R., and Hof, T. (2020, October). An application and empirical test of the Capability Opportunity Motivation-Behaviour model to data leakage prevention in financial organizations. Computers and Security, 97.
• Wüchner, T. and Pretschner, A. (2012). Data loss prevention based on data-driven usage control. Proceedings - International Symposium on Software Reliability Engineering, ISSRE, 151–160.