Microsoft Purview - Insider Risk Management - Final Part Two

Insider Risk Management - What it does? - Activities intended to detect and/or prevent a person from using authorized access to the organization’s assets—either maliciously or unintentionally—in a way that negatively affects the organization.

BTW - here is Part 1 of Insider Risk Management post - https://www.blogger.com/blog/post/edit/474784438622669562/6058210346412545481 

 

There are two main types of insider risk we found: inadvertent and malicious.

 Inadvertent: An employee unintentionally causes harm -  unsafe actions, misuses resources, causes accidental data leakage

 Malicious: An employee sets out to cause harm - data stole, IP theft, Unauthorized disclosure

 Malicious cases, while less common, can be more costly.

  

Question is how does a company help mitigate all these risk factors and free from all these bad things and concentrate on Organizational growth only. This is most sensitive program, and person who lead or part of this program should have multiple skills apart from IT skills like people management, understand situation and sensitivity level, foresee the upcoming threat/risks, decision making capabilities etc.

 To mitigate the risk, sometimes we proactive measures insider events like employee morale events, ongoing data security training progress etc. These are positive deterrents engage in a productive and preemptive way with the source of risk.

 Negative deterrents are practices that check on and constrain employee behavior. Here we use Microsoft Purview heavily that block users from doing sabotage, accessing or sharing content, publishing un authorized content etc.

 

 As I mentioned earlier, this journey started recently and Organization slowly started nurturing this subject.

 Organization recognizes the need for an insider risk program and might already have one or are building toward it, but might be misaligned on success measures.

 Few organizations realize the importance of employees to an insider risk program, but might need to place greater emphasis on improving the work environment.

 

 Key Points

 94% of the holistic companies noted that a key element to program success is finding a balance between employee privacy and company security.



Level of concern for negative consequences of insider risk management.


More than 90% of holistic organizations agree that privacy controls should be used in the early stages of investigations program.



Tools deemed critical to insider risk management.



Best practices for building a holistic insider risk management program

  • Empower your people and make privacy a priority
  • Embrace collaboration across your leadership
  • Address insider risk from multiple lenses

Managing insider risks is part of a comprehensive data protection strategy. Ensuring that organization have the right people, processes, training, and tools in place which can help them to better address the risks and challenges.

The above data entirely collected from Microsoft and their research and study on insider risk management. Hope this will help my viewers to understand insider risk management a better way.

Remember, happy people never go for sabotage.

Keep safe and be Happy!

Comments

Post a Comment

Popular posts from this blog

How to fix Azure DevOps error MSB4126

Image
Setting up build and release pipeline always tedious and we face many build related issues. Here is one common error I face couple of times while setting app Web or windows apps in Azure DevOps After placing the code in repos, and creating the build pipeline and run it, you can face the following error ##[error]D:\a\8\s\<your solution file>.sln.metaproj(0,0): Error MSB4126: The specified solution configuration "release|$(BuildPlatform)" is invalid. Please specify a valid solution configuration using the Configuration and Platform properties (e.g. MSBuild.exe Solution.sln /p:Configuration=Debug /p:Platform="Any CPU") or leave those properties blank to use the default solution configuration. To understand what is target platform defined in your project you need to visit or open the solution(.sln) file and review the following sections. In my case, this has been defined as x86 as target platform.                   GlobalSecti
Read more

SharePoint Admin Center

Image
 SharePoint Admin Center allows you to view your organization's SharePoint site including communication sites, channel sites, and sites that belong to Microsoft 365 group. This is same like Site Admin in earlier days of SharePoint versions. You can search organizational site, sort them or filter sites the way you want. Easy way to find and apply/change site settings. Under Policies, click on Sharing - This will allow you to create rules/ set control sharing at the organization level in SharePoint and OneDrive Here, in this page, you can apply settings to restrict how users are allowed to access content in SharePoint and OneDrive. Term store, the word getting populated from SharePoint 2010. You can feed metadata of metadata information of your organization level, program level, project level in Term store. helps your organization's knowledge better.  AI soon will play a vital role here and using AI, you can acyually find collect and process and finally yoour organization's d
Read more

How to create Custom Visuals in Power BI – Initial few Steps

Image
This post will help you to know the steps to create custom visuals in PowerBI. Microsoft defined them as well at https://docs.microsoft.com/en-us/power-bi/service-custom-visuals-getting-started-with-developer-tools . First things first, and you need to download and install NodeJS , in case if you do not have npm setup in your machine.  Second step is to run couple of npm commands to install Power BI Visual Tools and create & publish the cert. Finally, create your own package and upload with the help of npm. 1.       npm install -g powerbi-visuals-tools 2.       pbiviz --create-cert pbiviz --install-cert 3.       pbiviz new My Visual name – This will create the file under the name of your visual file. 4.      pbiviz start – You need to go to the folder where your custom visual  resides, and run this command. You can change a few things in your pbiviz.json file, like author, display name, icon, style etc. Finally, package your
Read more