The Symantec Data Loss Prevention 15.5 Policy Authoring and Incident Remediation course is intended for DLP policy authors and incident remediators who need to understand how to create, maintain, and refine DLP policies and how to create effective incident remediation workflows to drive toward their organization’s data-loss risk reduction goals.

The hands-on labs include exercises for authoring policies (detection rules and response rules) and performing incident detection, incident response, and incident reporting.

The course assumes that Symantec Data Loss

Prevention (DLP) is already implemented in the organization’s environment, and is configured to cover the relevant vectors for the organization: Data in Motion, Data at Rest, and Data in Use, whether on-premises or in the cloud. For this reason, the course does not cover how to implement, maintain, or troubleshoot the servers and cloud components of the DLP product suite, or the technical configuration of individual DLP products beyond policy authoring and incident remediation. 

Note: This course is delivered on a Microsoft Windows platform.

By the end of this course, you will be able to create policies, and track and remediate incidents in Symantec Data Loss Prevention 15.5.

• A general understanding of the channels that are covered in your DLP implementation

An understanding of the types of confidential data your organization wants to protect

Module 1: Overview of Risk-Reduction Processes for your Data Loss Prevention Program

Data-loss risk-reduction frameworks

Symantec Data Loss Prevention Coverage

Identifying Confidential data in your organization

Data Loss Prevention Policy and remediation process

 

Module 2: Identifying and Describing Confidential Data

Configuring Symantec Data Loss Prevention to recognize confidential data

Described Content Matching (DCM)

Exact matching (EDM and EMDI)

Indexed Document Matching (IDM)

Vector Machine Learning (VML)

Sensitive Image Recognition

Using Policy Templates

Exporting Policies

Hands-On Labs:

 Create policy groups; configure a policy for Personally Identifiable Information (PII) detection; configure a policy for PCI compliance; configure a policy to protect confidential documents; configure a policy to protect source code; configure a policy for Form Recognition; use a template to add a DLP policy; export policies for use at a Disaster Recovery (DR) site; configure Optical Character Recognition (OCR).

 

Module 3: Protecting Confidential Data using your Data-Loss-Prevention Policies

Using response rules in DLP policies to protect confidential data

Providing notifications of user policy violations

Protecting confidential data in motion

Protecting confidential data in use

Protecting confidential data at rest

Hands-On Labs:

Configure email notifications; configure onscreen notifications; configure SMTP blocking; configure endpoint User Cancel; scan and quarantine files on a server file share target

　

Module 4: Remediating Data Loss Incidents and Tracking Risk Reduction

Reviewing risk management frameworks

Using incident reporting options to identify and assess risk

Creating tools that support the organization’s risk reduction process

Communication risk to stakeholders

Understanding Information Centric Analytics (ICA)

Hands-On Labs:

Configure roles and users, use reports to track risk exposure and reduction, define incident statuses and status groups, configure and use Smart Responses, schedule and send reports, evaluate incidents and modify policies

 

Module 5: Course review

Review of Risk-Reduction Processes for your Data Loss Prevention Program

Review of Identifying and Describing Confidential Data in Your Data Loss Prevention Policies

Review of Protecting Confidential Data using your Data Loss Prevention Policies

 

• Symantec Data Loss Prevention 15.5 Planning and Implementation

• Symantec Data Loss Prevention 15.5 Administration

250-533: Administration of Symantec Data Loss Prevention 15.5