Design of internal information leakage detection system considering the privacy violation

摘要

Nowadays, companies are monitoring their employee's behavior using the DLP (Data Loss Prevention) solution to protect their information assets from internal attackers. During the monitoring the behaviors of employees, it is inevitable disclosing the private information to recognize the violation of internal regulation about handling of companies critical information. Actually there is trade-off relationship between privacy protection and data loss protection in company's information management. The trade-off relationship implies that there may be privacy violation if we are trying to prevent the internal information leakage strictly. In this paper, we are suggesting a data loss prevention method considering the privacy violation level. Especially, we are considering a method of quantifying the degree of privacy violation based on the data units which are exposed when the employee's data handling is monitored. At the same time, we are suggesting a method of quantifying the degree of importance of data units which are monitored.