DLP provides various auditing tools: automatic notifications to data owners when transmission of protected data was attempted; user notifications and self-handling portal; tracking and logging, event details, charts, graphs, filtered lists, and reports from the Logs & Monitor view.
Before you begin your audit, configure your DLP policy. First, define Data Types.
To create and refine the DLP policy:
Become familiar with the wide range of provided Data Types. Enable and disable the rules in the DLP policy that suit your needs.
Enforce confidentiality guidelines of your organization. Ensure that information belonging to Data Owners stays within their control. Enforce data protection by using your Data Types in DLP rules.
The DLP gateway catches attempted transmissions of protected data and logs incidents. You can see these incidents in the Logs & Monitor Logs view. You will decide, with the Data Owners, what incidents also require notification to the Data Owners. As you monitor the incidents, create guidelines to fine tune the DLP policy.
When an email or FTP upload is held because it matches a rule in the Data Loss Prevention policy, it disrupts users. Sometimes this is the best preventative action, but in other situations it is unnecessary. Monitor user actions to see whether users agree that the data should not have been sent or that users have reasons for the transmissions.
Generate Data Owner reports and audit user actions. Look at the logs that the Logs & Monitor Logs view provides and make sure the DLP policy works smoothly and prevents transmission of protected data.
You can assign a DLP administrator full DLP permissions or a subset of permissions.
With full permissions, a DLP administrator can:
An alternative to assigning a full set of permissions is to configure a subset. This gives you the flexibility to assign only some of the permissions. For example, permissions to only see the fields of the logs but not to see the captured data or send or discard quarantined emails.
To configure full permissions:
The Administrator Properties window opens, and shows the General page.
The Permissions Profile Properties window opens.
To configure a subset of permissions for the DLP administrator:
The Administrator Properties window opens, and shows the General page.
The Permissions Profile Properties window opens.
Note - If you select all of these options with Write permissions, the administrator has full DLP permissions.