Information Security and Digital Forensics. First International Conference, ISDF 2009, London, United Kingdom, September 7-9, 2009, Revised Selected Papers

Research Article

A Security Architecture to Protect Against Data Loss

Download
377 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-11530-1_12,
        author={Clive Blackwell},
        title={A Security Architecture to Protect Against Data Loss},
        proceedings={Information Security and Digital Forensics. First International Conference, ISDF 2009, London, United Kingdom, September 7-9, 2009, Revised Selected Papers},
        proceedings_a={ISDF},
        year={2012},
        month={5},
        keywords={Data loss security architecture Searchlight model attack and data loss classification},
        doi={10.1007/978-3-642-11530-1_12}
    }
    
  • Clive Blackwell
    Year: 2012
    A Security Architecture to Protect Against Data Loss
    ISDF
    Springer
    DOI: 10.1007/978-3-642-11530-1_12
Clive Blackwell1,*
  • 1: University of London
*Contact email: C.Blackwell@rhul.ac.uk

Abstract

Data loss poses a significant and increasing problem for organisations. This is shown by the regular stories of data loss reported daily in the media, such as the mailing of 2 CDs containing 25 million personal records by the Revenue and Customs in the UK. There is a need to provide systematic protection to data in all its forms and locations however it is accessed. We have developed Searchlight, a three-layer security architecture containing the physical, logical and social levels, which we use to analyse data loss holistically to prevent, detect and recover from exposure. We examine deliberate and accidental data loss by employees, but the same analysis can be straightforwardly applied to external attacks. Our practical security model appears to have widespread application to other problem domains such as critical infrastructure, the insider threat and financial systems, as it allows the analysis of systems in their entirety including human and physical factors, not just as technical systems.