IMPLEMENTATION OF SECURITY SYSTEMS FOR PREVENTION OF LOSS OF INFORMATION AT ORGANIZATIONS OF HIGHER EDUCATION The 12th International Conference on Information Technology: New Generations (ITNG 2015), April 13-15, 2015, Las Vegas, Nevada, USA Askar Boranbayev Nazarbayev University 53 Kabanbay Batyr Ave, 010000 Astana, Kazakhstan aboranbayev@nu.edu.kz Mikhail Mazhitov Nazarbayev University 53 Kabanbay Batyr Ave, 010000 Astana, Kazakhstan Zhanat Kakhanov Nazarbayev University 53 Kabanbay Batyr Ave, 010000 Astana, Kazakhstan Abstract— In this paper we discuss our experience of implementation of Data Loss Prevention (DLP) system at our University. The DLP system helps to analyze, control, monitor, block and protect data at the University. With the help of the DLP system and encryption we are able to protect and control the confidential data about our clients, HR data, intellectual ownership data, legal and financial documentation, official letter exchanges with partners and clients, academic and research data, etc... Keywords — information security; data loss prevention; software; information system; data. I. INTRODUCTION Before the decision about implementing the DLP system at our University was made, it was actively discussed whether it will be useful for the University and whether it would be worth the money spent. Universities are usually open organizations of education and have open-doors policy, where people should feel free to work, receive education, conduct research, and exchange knowledge without being intimidated by anything. However, the University and its affiliated organizations, have a sufficient amount of official, confidential and restricted data, which must be protected. Loss or dissemination of confidential information could result in property damage, financial loss, loss of reputation of the University, insolvency or eventually lead to the unprofitability. Up until recent times the dissemination of information could be controlled by the existing institutional and administrative means, technological means using group policies, allowing access only to a limited number of persons. Now, during the growing market in information technology, we need to worry about the leakage of confidential information, because attackers similarly seek to use the latest tools in the field of information technologies and methods to achieve their selfish goals. In accordance with The Law of Republic of Kazakhstan “On Personal Data and Its Protection”, aimed at ensuring privacy and protection of personal and family secrets, and increased state regulation in this area, for non-compliance by the owner, the operator or a third party of measures to protect personal data (the Law of the Republic of Kazakhstan dated May 21, 2013  95-V «On amendments and additions to some legislative acts of the Republic of Kazakhstan on issues of personal data and protection") - sanctions will be applied on entrepreneurs, organizations and all the legal entities or physical entities. With substantial harm to the rights and legitimate interests of individuals for this is provided and criminal liability. In order to ensure the necessary level of information security of the University it was decided to implement a system of Data Loss Prevention (DLP). DLP system helps to analyze, monitor, track, lock and protect our data. Jointly using encryption and system DLP, we can protect a wide range of information: customer data, intellectual property, legal and financial records, correspondence with customers and partners, and so on. The University has acquired McAfee DLP system, which has the necessary technical and functional capabilities, broad development prospects and excellent integration with various McAfee solutions under a single toolkit. We would like to note that McAfee solutions today are widely used in a number of major institutions in Kazakhstan. Let’s look at the DLP and reveal the theme. How it is going to be used at the University? Which directions were chosen and what specific modules were implemented? II. ABOUT THE SYSTEM There are certain areas that we think are particularly in need of protection. These areas include: 2015 12th International Conference on Information Technology - New Generations 978-1-4799-8828-0/15 $31.00 © 2015 IEEE DOI 10.1109/ITNG.2015.147 802