DLP dynamics: an exploration of the system

Keywords
No Thumbnail Available
Files
Final Thesis Version.pdf (1.46 MB)
Authors
Issue Date
2020-08-31
Language
en
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
With the increase of business digitisation, the frequency of cyberattacks and severe consequences of losing personal and sensitive information encourage businesses to invest in information security products such as Data Loss Prevention (DLP) solutions. However, and despite the efforts to mitigate the risk of data leakage, organisations still suffer from data breaches and receive fines for data privacy violations. Therefore, both academics and professionals claim that a technological solution is not enough to prevent data leak sufficiently. Instead, a more holistic approach, focussing on the people, process, data, and technological aspects of the data loss prevention ecosystem is necessary to tame this problem. Hence, the objective of this research is to explore the dynamics of the DLP ecosystem in order to understand which policies and to what extent could lead to a more effective data loss prevention by reducing the number of unknown incidents and maximising the number of detected incidents. This research is based on the system dynamics methodology, which is a computer-aided approach to understanding the non-linear behaviour of complex systems. The data used to build the simulation model was obtained through a case study in an organisation operating in the financial service sector, as well as from supporting academic and non-academic literature. The results show that technology-enabled controls aimed at data leak prevention will have a negative effect on business workflow, and in turn on information security, if other parts of the system remain neglected. Therefore, an effective DLP ecosystem requires an interdisciplinary approach to information security focussing on improving employee awareness, data classification, detection quality and scope. This study contributes to information security management literature by providing a holistic approach to the data loss prevention and guides practitioners that aim to implement or improve the DLP ecosystem in their organisations.
Description
Citation
URI
https://theses.ubn.ru.nl/handle/123456789/10775
Supervisor
Faculty
Faculteit der Managementwetenschappen
Programme
Master Business Administration
Specialisation
Business Analysis and Modelling
Collections
Faculteit der Managementwetenschappen