# Data Loss Prevention (DLP) One-sentence definition: Controls that detect and block unauthorized transmission or use of sensitive data on endpoints, networks, and cloud apps. ## Key Facts - Channels: email, web uploads, removable media, print, SaaS apps. - Techniques: content inspection, regex/ML classifiers, context rules. - Integrate with labeling, CASB, and EDR for response. - Balance detection with false positives; tune policies iteratively. - Provide user coaching/justification prompts to change behavior. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Select DLP placement to stop a specific leak path. **Mnemonic:** “See it, stop it.” ## Mini Scenario Q: Users emailing spreadsheets to personal accounts—control? A: Email DLP + justification + blocking for Restricted data. ## Revision Checklist - List 3 channels and a control per channel. - Explain tuning to reduce false positives. - Tie DLP to labels. ## Related [[Data Labeling and Marking]] · [[CASB and SSPM/CSPM Overview]] · [[Endpoint Data Protections (FDE, EDR, Port Controls)]] · [[Cloud Data Protection (SaaS, PaaS, IaaS)]] · [[Printing and Hardcopy Data Controls]] · [[Domain 2 - Index]]