Back

Include the data loss prevention strategy as part of the data loss prevention program.


CONTROL ID
13051
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a data loss prevention program., CC ID: 13050

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The FI should develop a comprehensive data loss prevention strategy to protect sensitive or confidential information, taking into consideration the following specifications: (§ 9.1.2, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • The FI should develop comprehensive data loss prevention policies and adopt measures to detect and prevent unauthorised access, modification, copying, or transmission of its confidential data, taking into consideration the following: (§ 11.1.1, Technology Risk Management Guidelines, January 2021)
  • Use a data loss prevention (DLP) strategy to categorize sensitive data, identify data formats indicative of personal identifiable information (PII), and restrict exfiltration of sensitive data.(Citation: PurpleSec Data Loss Prevention) (M1057 Data Loss Prevention, MITRE ATT&CK®, Enterprise Mitigations, Version 13.1)