Beginning of this year in RSA Microsoft announced launching Insider Risk Management solution. I thought I should share some information if you were not aware of it.
Insider risk management is a solution in Microsoft 365 that helps minimize internal risks by enabling you to detect, investigate, and take action on risky activities in your organization. Custom policies allow you to detect and take action on malicious and inadvertent risk activities in an organization, including escalating cases to Microsoft Advanced e-Discovery if needed. Risk analysts in an organization can quickly take appropriate actions to make sure users are compliant with organization’s compliance standards.
Today’s Modern risk pain points:
- Leaks of sensitive data and data spillage
- Confidentiality violations
- Intellectual property (IP) theft
- Insider trading
Regulatory compliance violations
Insider risk management is centered around the following principles:
- Transparency: Balance employee privacy versus organization risk with privacy-by-design architecture.
- Configurable: Configurable policies based on industry, geographical, and business groups.
- Integrated: Integrated workflow across Microsoft 365 compliance solutions.
- Actionable: Provides insights to enable employee notifications, data investigations, and employee investigations.
I have attached Building an Insider Risk Program document for your reference. You can download from here – Building-an-insider-risk-management-program
- This paper is a joint production of Microsoft and PricewaterhouseCoopers Advisory Services LLC and is designed to outline the journey that organizations will need to embark on to manage their insider risk.
Some blog links to read – https://techcommunity.microsoft.com/t5/security-privacy-and-compliance/leveraging-ai-and-automation-to-quickly-identify-and-investigate/ba-p/917145