Most organisations focus on protecting data where it is stored.
But CISSP asks a more important question:
What happens when data moves?
Because that is where control is often lost.
Why This Matters
Data breaches are not always the result of sophisticated attacks.
In many cases, data leaves the organisation through:
✔ Email
✔ File transfers
✔ USB devices
✔ Cloud uploads
✔ User actions
The problem is not just access.
It is movement.
The Core Principle
✔ Control data movement
✔ Prevent unauthorized data flow
This is the purpose of Data Loss Prevention (DLP).
What is DLP?
Data Loss Prevention (DLP) is a control mechanism that:
✔ Identifies sensitive data
✔ Monitors how it moves
✔ Prevents unauthorized sharing
DLP ensures that data stays where it is supposed to be.
The DLP Control Flow
DLP works as a continuous process:
Identify
Understand what data is sensitive.
✔ Based on classification
✔ Content inspection
✔ Context awareness
If you cannot identify sensitive data, you cannot protect it.
Monitor
Track how data is used and moved.
✔ User behaviour
✔ Data transfers
✔ System interactions
This provides visibility into risk.
Prevent
Stop unauthorized data movement.
✔ Block transfers
✔ Restrict actions
✔ Apply policies
This is where DLP actively enforces security.
Enforce & Review
Continuously improve controls.
✔ Audit events
✔ Tune policies
✔ Adapt to new risks
DLP is not static. It evolves with the environment.
Types of DLP
DLP is implemented across multiple layers:
Network DLP
✔ Monitors data in transit
✔ Controls email, web traffic, and file transfers
Endpoint DLP
✔ Monitors user devices
✔ Controls USB, local file movement, and user actions
Cloud DLP
✔ Monitors cloud platforms
✔ Controls SaaS and cloud storage data sharing
Where Organisations Fail
Common gaps include:
✔ No clear data classification
✔ Poor policy definition
✔ Over-reliance on detection without prevention
✔ Lack of monitoring and tuning
DLP fails when it is treated as just a tool.
CISSP Exam Perspective
CISSP will test scenarios such as:
✔ Data leaving via email → Network DLP
✔ Data copied to USB → Endpoint DLP
✔ Data exposed in cloud → Cloud DLP
Correct approach:
✔ Identify data movement
✔ Identify the channel
✔ Apply the appropriate DLP control
Key Takeaway
✔ Data is not lost when it is accessed
✔ Data is lost when it leaves without control
Listen to the Podcast
This article is part of the CISSP Blogpost and Podcast Series.
The podcast explains how DLP controls data movement across real-world environments.
Search on Spotify: PK’s Chronicles
Final Thought
Security is not just about preventing access.
It is about preventing uncontrolled movement.
Because in cybersecurity—
If data leaves unnoticed, it is already lost.
Think movement.
Think control.
Think like a CISSP.
