A Data Centric Security Cycle Model for Data Loss Prevention of Custodial Data and Company Intellectual Property

摘要

Review of data breach trends in the last five years reveal that data at rest, in use, and in motion, inside and over the extended network, is being increasingly affected. While organisations primarily focus on protecting sensitive customer financial information, the protection of custodial data and company secrets has been a back burner issue. Moreover, errors, mistakes and accidents on the part of the employees working/travelling/residing onsite and off-site with company media/data, have worsened the situation such that current technical and socio-technical controls are not adequate in preventing theft of media or the accidental or intentional misuse/loss of portable data. To overcome this issue, the security action cycle model of Straub and Welke (based on the general deterrence theory) is used as a theoretical lens to build a data centric security cycle model to safeguard the data that are "at rest, in motion and in use". Finally, the paper discusses how the model can be further empirically validated using the up-dated IS success model of DeLone and McLean.