Discussion on Data Security in Enterprise Security Construction

Foreword

Discussion on Data Security in Enterprise Security Construction. Data leak prevention in every company is a big headache, leaks of all sizes are always unexpected. This article combined my experience with the use of the common data leakage prevention techniques.

Definition of core data assets

Data leakage prevention is a very complicated project. It does not take too much effort to invest in human resources. However, the security manpower of Internet companies is often very limited. Therefore, Big Snakes fight seven inches, and we need to first define clearly what is the core data asset. Common understanding will include the following major categories:

The above is only an example, the specific company situation is not the same, need to combine with the actual oneself. For example, recruitment companies, resumes is a very important asset.

The life cycle of data protection

Data leak prevention needs to be protected against the full life cycle of the core data that is defined.

Data anti-leak protocol stack:

This is not a strict division, just to facilitate the division of different data leakage prevention products and programs.

Equipment level

0 × 01 device encryption

Device anti-loss, mainly to prevent data loss caused by the loss of equipment, the most common is the U disk and other removable storage, Jingdong search a large piece.

Fingerprint protection:

Password protected:

Although the protection is not the same, but the underlying data encryption are basically AES128 or 256, can increase the threshold for data loss after device loss, for the master can still get.

For the hard drive, there are some solutions.

Hard disk password:

Bios can be set inside the hard disk password, so every time you need to enter the hard disk password.

0 × 02 hard disk encryption

If Guan Xi teachers see this estimate will blame me writing late. . . Mac's own hard disk encryption:

Hard disk encryption technology is very mature, commercial products are numerous, I must mention is truecrypt, it is said that one of the top four domestic security requires employees to use this.

truecrypt supports Windows Vista, 7 / XP, Mac OS X, Linux and other operating systems. TrueCrypt does not need to generate any file to create a virtual disk on the hard disk, we can follow the drive letter to visit all the files on the virtual disk are automatically encrypted, you need to access the password. TrueCrypt offers a variety of encryption algorithms, including AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish. Other features include FAT32 and NTFS partitions, hidden tags, The key is free. However, truecrypt flaw in the existence of security vulnerabilities, its developers also admit the existence of security problems, whether or not to use the specific weight we use according to the actual situation.