CIS HelpDesk


Versions Compared

Old Version 12

changes.mady.by.user Duguay, Gerard

Saved on

compared with

New Version Current

changes.mady.by.user Kanehen, Josh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed the Override functionality documentation as we are no longer in the piloting phase and that functionality has been removed


Info

Audience: This FAQ is directed to University faculty and staff so that they can be prepared for the new Data Loss Prevention policies that will be applied to all SPU accounts shortly.


What is DLP?

Data Loss Prevention ("DLP") is a feature designed to prevent the sharing of sensitive information via insecure methods and/or to unauthorized individuals. The overall goal of DLP policy enforcement is to protect the University, its data, reputation, and constituents from accidental (or intentional) disclosure of sensitive and restricted information.

SPU is in the early stages of DLP policy development. Current DLP policies focus solely on information being shared via email from University email accounts to non-SPU recipients. However, additional tools and features exist that CIS will continue to explore.


Table of Contents

Table of Contents

How does DLP work?

DLP looks at the Recipients (To/CC/BCC), subject line, message body, and the contents of attachments in real-time as a message is being composed for any of the following:

  • Credit Card Numbers
  • Social Security Numbers
  • Bank Account Numbers
  • Driver's License Numbers

If DLP detects one of the above, and one or more message recipients are to non-SPU email addresses, Email DLP Notification occurs.



Email DLP Notification

A "Policy Tip" is presented above the "To:" line in the message being composed. This Policy Tip provides several details concerning the draft message:

  1. The Policy Tips citation itself  (see image at right)
  2. Verification of the external email recipient in question (in this case, felixthecat@...)
  3. A temporary option to Override the policy alert.


Once a DLP Policy alert is triggered, the email will be blocked from being sent (unless the override is invoked). When this happens, the external recipient will receive NO notification that the email was blocked, whereas, the sender will receive the following email notification:

Expand
titleThe full text of that message reads:

This email message appears to contain sensitive and protected information that would have been sent over the public internet, as such the email has been blocked. Email is not a secure method of transmitting this kind of information. Please share this information with it's intended recipient in a secure fashion.

https://wiki.spu.edu/display/POL/Regulated+Data+Chart

If you need assistance in determining the best way to share this information, please email cis-bst@spu.edu.

If you believe this email message does not contain sensitive information, you may click "Override" and provide more information to your system administrator.



What if DLP is wrong?

Sometimes an individual may decide that there is a sound business justification as to why the email should be permitted. At other times, DLP may flag on strings of data that are not sensitive in nature - what we call a "false positive." For such cases,

the Policy Tip provides the ability to "Override" the policy alert. 

To Override the DLP policy, click the override link and explain why this action is justified. See steps to the right.

CIS will review these overrides:

For business justifications, a member of the Business Systems Team (

please contact the Business Systems Team for assistance: cis-bst@spu.edu

)

. We will

contact you to determine if there is a more secure method of sending this data for the given business process.
  • For messages that don't contain sensitive data, a CIS Staff member may contact you for more information about what data may have triggered DLP.

    • To Override DLP

    1. Click the "override" text in the Policy Tip

    Image Removed

    2. Fill out the form and click "Override"

    Image Removed

    work to either find an alternate method of delivering the information in the email to the recipient and/or review how DLP was triggered, to find a way to deliver the information securely.


    What else do I need to know?

    CIS continues to refine and improve the tools available for effective and efficient sharing of information, and appreciates your help by ensuring your business processes share information securely.

    If you have any questions or concerns, please contact the CIS Help Desk at 206-281-2982 or help@spu.edu.