In this comprehensive course, you will cover policy and classification for data loss prevention. This course centers around the RSA Data Loss Prevention (DLP) Suite of products and helps you to build the knowledge and skills needed to use the tools to detect sensitive content in the most accurate and efficient manner. You will also gain the knowledge and skills necessary to successfully safeguard enterprise content.

What You'll Learn

• Terms, patterns, and contextual evidence within content that identify it as sensitive
• Create queries and rules for detecting sensitive content with industry-leading levels of precision and recall
• Distinguish between high-sensitivity content and low sensitivity content, and create differential policies for both
• Apply these skills to all types of content, including personally identifiable information, payment card industry data, and corporate financials and intellectual property

Who Needs to Attend

Technical professionals and security compliance officers who need to use the RSA Data Loss Prevention Suite of products to protect sensitive enterprise content

Prerequisites

• Functional knowledge of the RSA Data Loss Prevention Suite, Windows, and/or Linux system administration
• Familiarity with web, application, and directory server (LDAP) and/or relational database (RDBMS) technologies
• Familiarity with basic programming and scripting concepts

Follow-On Courses

There are no follow-ons for this course.

Course Outline

1. Search and Categorization

• Search Methodologies
• Measuring Accuracy
• Precision and Recall
• Comparing Ranks and Weights
• Search Features Related to Words, Phrases, Patterns, and Entities
• Using Proximity
• Building an Effective Rule Set

2. Regular Expression Basics

• Using Regular Expressions
• Tools Available to Create and Test Regular Expressions
• Detailed Syntax for Creating Regular Expressions
• Analyzing Sample Regular Expressions
• Creating Regular Expressions to Detect Sensitive Content

3. Building Content Blades

• Types of Content Blades
• Detection Rules
• Compare Describing and Fingerprinting Content
• Building Described Content Blades
• Comparing and Analyzing File and Database Fingerprinting in Detail
• Fingerprinting Frequently Asked Questions
• Building Fingerprinted Content Blades

4. Content Blade Best Practices

• Described Content Blade Best Practices
• Fingerprinted Content Blade Best Practices

5. Building Policies

• Using Policies
• Common Policy Features
• Relationship between Policies and Content Blades
• Using Policies to Identify Sensitive Content
• DLP Network Policy Features
• DLP Endpoint Policy Features
• DLP Datacenter Policy Features
• Configuring Policy-Level Remediation
• Creating and Tuning Policies to Increase Recall and Precision
• Navigating the Policy Template Library

6. Regulatory Compliance

• Existing Regulatory Compliance Policies Available in RSA DLP
• Analyzing FERC-Related Policies
• Analyzing HIPAA-Related Policies

7. Incidents and Events

• Incident Lists
• Customizing Searches for Incidents and Events
• Available Incident Actions
• Analyzing Incident and Event Details

8. Methodologies

• Best Practices for Building Content Blades
• Researching Corporate Policies
• Gathering Test Documents
• Identifying Linguistic Evidence
• Building for Recall
• Tuning for Precision
• Testing for AccuracyDocumenting Detection Rules

Labs

In addition to lecture and demonstrations, this course includes hands-on exercises which are designed to give you practical experience.