Aaron Porter
 Community Champion
IT Director| Blade HQ
Payson, UT, United States
I don't have a sample plan, but even if I did have one from a previous employer, it might not help you, as DLP is more than just a tool. For example, are you dealing with the following (don't answer me, I don't want a response on a public forum):
- PII, PHI, PCI, or other compliance regulations
- Intellectual property
- the need to track data on endpoints, networks, and the cloud
- the need to identify and protect data at rest
- internal threats, external threats, or both
These all involve one or more tools, but there are culture change considerations if your culture isn't already addressing these areas. If your data is in multiple locations, you'll need to identify those locations and determine a strategy for each. Do you need alerts, encryption, physical security, 2FA, more restrictive security controls, etc...?
I may be getting ahead of myself, but your plan should also consider how to respond to data loss, which could vary depending on the type of data. You'll want to document a plan for auditing and responding to audits. When it comes to using technology, you might also want a tool that supports your company's data retention policies (when and how to delete information you no longer need to store) and consumer privacy requirements (GDPR, CCPA, etc...).
Getting back to culture change, if you're implementing new tools and new processes, be aware of where and when you're creating new work. How people feel about new project work can have an impact on the outcome of the project. How people feel about additional workload after the project is over can affect how long it takes to make effective use of what the project delivered.
If you have a complex technology stack, prepare yourself for a lot of analysis to define the affected systems and processes.
Saving Changes...
|
|
