The Symantec Data Loss Prevention 15.5 Policy Authoring and Incident Remediation course is intended for DLP policy authors and incident remediators who need to understand how to create, maintain, and refine DLP policies and how to create effective incident remediation workflows to drive toward their organization’s data-loss risk reduction goals.

The hands-on labs include exercises for authoring policies (detection rules and response rules) and performing incident detection, incident response, and incident reporting.

The course assumes that Symantec Data Loss Prevention (DLP) is already implemented in the organization’s environment, and is configured to cover the relevant vectors for the organization: Data in Motion, Data at Rest, and Data in Use, whether on-premises or in the cloud. For this reason, the course does not cover how to implement, maintain, or troubleshoot the servers and cloud components of the DLP product suite, or the technical configuration of individual DLP products beyond policy authoring and incident remediation.

Note: This course is delivered on a Microsoft Windows platform.

Associated certification:

• Exam 250-553: Symantec Data Loss Prevention 15.5 Technical Specialist

You will be able to create policies, and track and remediate incidents in Symantec Data Loss Prevention 15.5.

Module 1: Overview of Risk-Reduction Processes for your Data Loss Prevention Program

• Data-loss risk-reduction frameworks
• Symantec Data Loss Prevention Coverage
• Identifying Confidential data in your organization
• Data Loss Prevention Policy and remediation process

​
Module 2: Identifying and Describing Confidential Data

• Configuring Symantec Data Loss Prevention to recognize confidential data
• Described Content Matching (DCM)
• Exact matching (EDM and EMDI)
• Indexed Document Matching (IDM)
• Vector Machine Learning (VML)
• Sensitive Image Recognition
• Using Policy Templates
• Exporting Policies
• Hands-On Labs: Create policy groups; configure a policy for Personally Identifiable Information (PII) detection; configure a policy for PCI compliance; configure a policy to protect confidential documents; configure a policy to protect source code; configure a policy for Form Recognition; use a template to add a DLP policy; export policies for use at a Disaster Recovery (DR) site; configure Optical Character Recognition (OCR).

​
Module 3: Protecting Confidential Data using your Data-Loss-Prevention Policies

• Using response rules in DLP policies to protect confidential data
• Providing notifications of user policy violations
• Protecting confidential data in motion
• Protecting confidential data in use
• Protecting confidential data at rest
• Hands-On Labs: Configure email notifications; configure onscreen notifications; configure SMTP blocking; configure endpoint User Cancel; scan and quarantine files on a server file share target

​
Module 4: Remediating Data Loss Incidents and Tracking Risk Reduction

• Reviewing risk management frameworks
• Using incident reporting options to identify and assess risk
• Creating tools that support the organization’s risk reduction process
• Communication risk to stakeholders
• Understanding Information Centric Analytics (ICA)
• Hands-On Labs: Configure roles and users, use reports to track risk exposure and reduction, define incident statuses and status groups, configure and use Smart Responses, schedule and send reports, evaluate incidents and modify policies

​
Module 5: Course review

• Review of Risk-Reduction Processes for your Data Loss Prevention Program
• Review of Identifying and Describing Confidential Data in Your Data Loss Prevention Policies
• Review of Protecting Confidential Data using your Data Loss Prevention Policies
• Review of Remedi

• A general understanding of the channels that are covered in your DLP implementation
• An understanding of the types of confidential data your organization wants to protect