Keyword Monitoring

When implementing any data protection system you require a list of keywords or terms that you need to monitor/track in all company documents and across all data transferring channels.

For this operation you should edit the dictionary filter with the name “Glossary of industry terms”, add keywords and expressions from the internal documents of the company. To do this, switch to the “Filters” tab in the administrator interface and go to the filter “Glossary of industry terms”.

../_images/cases_21.png

Добавляем ключевые слова в поле словарь. Например, «Лицензиар», «Лицензиат», «Карточка предприятия» и т.п, выбираем категорию “Инцидент”.

../_images/cases_22.png

Then go to the filter and reduce the number of event types for finding keywords. Click “Save”

../_images/cases_23.png

After creating this type of keyword search, all new events will be checked for matching searching criteria and fall into “Triggered filer -> Incident”

Then you can return to the menu “Triggered filters/Name/Glossary of industry terms” and check the events that are there.

Let’s take an example:

../_images/cases_24.png

Suppose that in our company the user “User11” on the computer “philvoch2”should not have access to these documents. However, we see that this user not only downloaded it to his computer, but also sent it to another user by mail - “ik@staffcop.ru” and copied this document to an external drive. We got two questions that require explanation from the user.

Having analyzed the intercepted file we realize that it doesn’t match the documents from the report system, which means that the document transferred by this employee (who shouldn’t have access to this documents at all) contains changes in agreement and in price for software. This is an open violation of the company’s policy of working with client.

../_images/cases_30.png