From the course: Microsoft Information Security Administrator Associate (SC-401) Cert Prep by Microsoft Press

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Design DLP policies based on an organization’s requirements

Design DLP policies based on an organization’s requirements - Microsoft 365 Tutorial

From the course: Microsoft Information Security Administrator Associate (SC-401) Cert Prep by Microsoft Press

Start my 1-month free trial Buy for my team

Design DLP policies based on an organization’s requirements

Before you create DLP policies, you first have to determine what data must be protected and why. So we already touched on this when we were talking about sensitive information. So really, realistically, you would probably do all of these things together. So you would start reviewing all the compliance regulations your organization falls under, So maybe GDPR for personal data, PCI DSS for credit card data. And those laws and rules are going to define the specific categories of sensitive information that you have to include in your DLP coverage. In parallel, you should be talking to your internal stakeholders. Talk to legal about confidentiality requirements. You can talk to HR about employee data, finance about your financial records. They can tell you which information is considered sensitive, and how is it used? As you gather this information, you can create an inventory of sensitive data types and locations. And then you can map out where that data's stored or transmitted. And for…

Contents