6.13 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled

Information

This guideline is highly specific to an organization. While blocking of credit card or Social Security numbers will not occur with the recommended settings below, careful tuning is also recommended.

Rationale:

Credit card and Social Security numbers are sensitive, and should never traverse an organization's Internet connection in clear text. Passing sensitive data within an organization should also be avoided whenever possible. Detecting and blocking known sensitive information is a basic protection against a data breach or data loss. Not implementing these defenses can lead to loss of regulatory accreditation (such as PCI, HIPAA etc), or can lead to legal action from injured parties or regulatory bodies.

Solution

Navigate to Objects > Custom Objects > Data Patterns.
Create an appropriate Data Pattern that accounts for sensitive information within your organization. In most cases this will include Credit Card Numbers, and your jurisdiction's equivalent of Social Insurance Numbers. In many cases these can simply be picked from the list of Predefined Patterns.
Navigate to Objects > Security Profiles > Data Filtering.
Create appropriate Data Filtering Profile, using the created Data Patterns. Ensure that an Alert Threshold is set that generates alerts appropriately. A typical starting value for Alert Threshold is 20, but this should be adjusted after appropriate testing.

Default Value:

Not Configured

See Also

https://workbench.cisecurity.org/benchmarks/17915