Microsoft Purview - Insider Risk Management - Final Part Two

Insider Risk Management - What it does? - Activities intended to detect and/or prevent a person from using authorized access to the organization’s assets—either maliciously or unintentionally—in a way that negatively affects the organization.

BTW - here is Part 1 of Insider Risk Management post - https://www.blogger.com/blog/post/edit/474784438622669562/6058210346412545481 

 

There are two main types of insider risk we found: inadvertent and malicious.

 Inadvertent: An employee unintentionally causes harm -  unsafe actions, misuses resources, causes accidental data leakage

 Malicious: An employee sets out to cause harm - data stole, IP theft, Unauthorized disclosure

 Malicious cases, while less common, can be more costly.

  

Question is how does a company help mitigate all these risk factors and free from all these bad things and concentrate on Organizational growth only. This is most sensitive program, and person who lead or part of this program should have multiple skills apart from IT skills like people management, understand situation and sensitivity level, foresee the upcoming threat/risks, decision making capabilities etc.

 To mitigate the risk, sometimes we proactive measures insider events like employee morale events, ongoing data security training progress etc. These are positive deterrents engage in a productive and preemptive way with the source of risk.

 Negative deterrents are practices that check on and constrain employee behavior. Here we use Microsoft Purview heavily that block users from doing sabotage, accessing or sharing content, publishing un authorized content etc.

 

 As I mentioned earlier, this journey started recently and Organization slowly started nurturing this subject.

 Organization recognizes the need for an insider risk program and might already have one or are building toward it, but might be misaligned on success measures.

 Few organizations realize the importance of employees to an insider risk program, but might need to place greater emphasis on improving the work environment.

 

 Key Points

 94% of the holistic companies noted that a key element to program success is finding a balance between employee privacy and company security.



Level of concern for negative consequences of insider risk management.


More than 90% of holistic organizations agree that privacy controls should be used in the early stages of investigations program.



Tools deemed critical to insider risk management.



Best practices for building a holistic insider risk management program

  • Empower your people and make privacy a priority
  • Embrace collaboration across your leadership
  • Address insider risk from multiple lenses

Managing insider risks is part of a comprehensive data protection strategy. Ensuring that organization have the right people, processes, training, and tools in place which can help them to better address the risks and challenges.

The above data entirely collected from Microsoft and their research and study on insider risk management. Hope this will help my viewers to understand insider risk management a better way.

Remember, happy people never go for sabotage.

Keep safe and be Happy!

Comments

Popular posts from this blog

How to fix Azure DevOps error MSB4126

How to create Custom Visuals in Power BI – Initial few Steps

SharePoint Admin Center