Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources

January 2013 • Technical Note

George Silowash, Christopher King

In this report, the authors present methods for controlling removable media devices in a MS Windows environment.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2013-TN-002

DOI (Digital Object Identifier):

10.1184/R1/6574457.v1

Subjects

Insider ThreatInsider Threat

Abstract

Removable media, such as universal serial bus (USB) flash drives, present unique problems to the enterprise since insiders can use such media to remove proprietary information from company systems. Insiders may do this for legitimate reasons, such as to work on material at home, or they may do so for malicious reasons, such as to steal intellectual property.

Organizations must establish and implement effective methods and processes to prevent unauthorized use of removable media while still allowing users with a genuine business need to access and remove such media. In addition, organizations should establish sound methods to track critical electronic assets so that they may better protect them.

This report focuses on the theft of intellectual property using removable media, in particular, USB devices. We present methods to control removable media devices in a Microsoft Windows environment using Group Policy within an Active Directory environment. We also explore OpenDLP, an open source tool for identifying where sensitive data resides on organizational systems.

Download PDF

Cite This Report

SEI

Silowash, George; & King, Christopher. Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources. CMU/SEI-2013-TN-002. Software Engineering Institute, Carnegie Mellon University. 2013. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=34008

IEEE

Silowash. George, and King. Christopher, "Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2013-TN-002, 2013. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=34008

APA

Silowash, George., & King, Christopher. (2013). Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources (CMU/SEI-2013-TN-002). Retrieved June 05, 2023, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=34008

CHI

George Silowash, & Christopher King. Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources (CMU/SEI-2013-TN-002). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2013. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=34008

MLA

Silowash, George., & King, Christopher. 2013. Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources (Technical Report CMU/SEI-2013-TN-002). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=34008

BibTex

@techreport{SilowashInsiderThreat2013,
title={Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources},
author={George Silowash and Christopher King},
year={2013},
number={CMU/SEI-2013-TN-002},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=34008} }

Ask a question about this Technical Note

Software Engineering Institute