Data and Information Leakage Prevention Within the Scope of Information Security

Incidents involving data breaches are ever-present in the media since several years. In order to overcome this threat, organizations apply enterprise content-aware data leakage prevention (DLP) solutions to monitor and control data access and usage. However, this paper argues that current solutions are not able to reliably protect information assets. The analyses of data breaches reported in 2014 reveal a significant number of data leakage incidents that are not within the focus of the DLP solutions. Furthermore, these analyses indicate that the classification of the provided data breach records is not qualified for detailed investigations. Therefore, advanced criteria for characterizing data leakage incidents are introduced, and the reported records are extended. The resulting analyses illustrate that DLP and information leakage prevention (ILP) demand various information security (IS) measures to be established in order to reduce the risk of technologically based data breaches. Furthermore, the effectiveness of DLP and information leakage prevention (ILP) measures is significantly influenced by non-technological aspects, such as the human factor. Therefore, this paper presents a concept for establishing DLP and ILP within the scope of IS.