Data leakage is a significant concern for organizations and can result in loss of intellectual property, loss of competitive advantage, social or political repercussions, and the like. Data leakage can stem from various sources, such as rogue behaviours of trusted individuals, unauthorized access of data by a person either inside or outside the organization, or accidental leakage. Data leakage may relate to a data breach, security breach, data loss, data theft, hacking event, unintentional information disclosure, or the like. One definition states that a data breach may correspond to a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
Various approaches to guarding against and mitigating data leakage events involve establishing a secure data environment in which only trusted individuals are able to access sensitive data. However, some individuals are accorded more trust than they merit. In addition, outsiders may still on occasion exploit security flaws to access the secure data environment, often using the credentials of trusted individuals. As organizations grow in size and complexity, it becomes more difficult to monitor interactions with a secure data environment in order to maintain security. Furthermore, even if data leakage events are reliably detected as they occur, they may not necessarily be preventable. It is more desirable to predict data leakage events before they occur, so that preventive measures can be taken.
Therefore there is a need for a method and system for analyzing risks associated with potential data leakage that is not subject to one or more limitations of the prior art.
This background information is provided for the purpose of making known information believed by the applicant to be of possible relevance to the present invention. No admission is necessarily intended, nor should be construed, that any of the preceding information constitutes prior art against the present invention.