USING THE ADAPTED DLP SYSTEM FOR BLOCKING INFORMATION LEAKS

The importance of using the adapted DLP-system in the «Blocking» mode of leaking confidential information of the company is investigated. The scheme of interception of information security events in the «Copy» mode is given, the analysis of which reflects the main drawback of using this mode – the DLP-system works only with copies of confidential documents, while the originals were delivered to the recipient. Such cases inflict enormous damage on companies, so the transfer of critical information beyond the corporate network is unacceptable. A solution is proposed for transferring the operation of the DLP-system from the «Copy» mode to the «Blocking» mode. It is important that the operation of the DLP-system does not hinder the staff members from performing regular operations and does not hinder business processes. Therefore, it is mandatory to adapt the standard DLP-system to the specifics of the company’s activities. After that the transition of the adapted DLP-system to the «Blocking» mode is carried out. Developed: the transition procedure of the adapted DLP-system from the «Copy» mode to the «Blocking» mode, the scheme of the event capture by the DLP-system for the two modes. The main channels of data leaks were investigated, the main leaks were identified by the data type and by the transmission channel. The analysis of the DLP-system operation in the «Blocking» mode is performed.