One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8575237 |
| Date de publication | 2024-09-12 06:00:33 (vue: 2024-09-12 13:17:16) |
| Titre | 5 étapes pour construire un programme de risque d'initié 5 Steps to Building an Insider Risk Program |
| Texte | Imagine this scenario: Your company experienced an insider threat. Fortunately, the insider was stopped before there was material damage. It was a common insider threat use case, too. An employee gave their notice so that they could take a job with one of your competitors. But before they left, they started downloading sensitive strategy documents to take with them. Given this close call, insider risk now has C-level visibility within your organization, which is something you have been advocating for. That\'s the good news-and the bad news. You have the executive support, the technology and the people that you need. But now what? How do you make it all come together? Whether you are starting an insider risk program (IRM) from scratch or you are looking to take you organization to the next level of effectiveness, this blog provides the insights and best practices you\'ll need to make your program successful. Why is an insider risk program so important? Before we describe the steps for an effective insider risk program, it is important to discuss why it is so important to have a program at all. Here are the three top reasons. You shift to a proactive approach. When you\'re proactive, you can prevent insider events from happening rather than reacting to them, helping to avoid financial and brand damage. You understand your risky users and data better. When you understand who your risky users are and what data and systems are most important to your business, you can ensure that security controls are in place to protect critical information and systems. You can improve your response times. With defined processes and procedures, you can improve your response times. Clearly outlining what needs to happen when and by whom helps save time when it is needed most-especially when a cross-functional response is required. Building your program: 5 key steps Here are the five steps to follow to get started with an insider risk program or to enhance your current program. Step 1: Assemble the team A successful IRM program includes designating an executive champion, identifying a steering committee, and building a cross-functional and working team. IRM is often referred to as a “team sport” because it gets people involved from across the business, including legal, human resources (HR), compliance, line-of-business leaders, executives and even the board of directors. Every group should work together toward the common goal of decreasing organizational risk. The executive sponsor is a critical role that supports and champions the program and aids in overcoming blockers. Step 2: Define your objectives The goal of an IRM program is to prevent an insider risk from becoming an insider threat. A risk becomes a threat when an individual in a position of trust harms the business, intentionally or unintentionally. Start by outlining what makes your organization vulnerable. This includes: Identifying risky insiders. Risky insiders can include employees with privileged access, contractors, Very Attacked People™, executives, employees on a performance plan and many others. (Note: Risky users will differ by organization.) Defining sensitive data. If you don\'t know what sensitive data you have, you can\'t secure it. Outlining compliance requirements. Certain laws and compliance rules are best met through a holistic IRM program that ensures privacy requirements are adhered to. Balancing business needs. Find the balance between business needs, security controls like data loss prevention, and end user productivity. Step 3: Identify your capabilities Before you can plan your program, you need to understand your current state. Your starting point is a critical assessment of your current capabilities, investments and insider risk program effectiveness level. This process can help you answer key questions like: Do we |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | about accepts access acknowledges across actions adhered advocating agreed aids all analysts analytics answer approach are assemble assessment attacked automate avoid bad balance balancing base based because becomes becoming been before behavior being below best better between blockers blog board brand build building business businesses but call can capabilities capabilities case centric certain champion champions channels clearly close cloud combat come committee common company competitors compliance comprehensive continuously contractors controls core could coverage critical cross current damage data decreasing define defined defining describe design designating detection develop differ directors discuss documents don downloading drive effective effectiveness efficiencies efforts email employee employees end endpoint enhance ensure ensures escalate escalation especially establish even events every evolve executive executives existing experienced expertise financial find five follow fortunately framework from functional gain gaps gave get gets given goal goals good group grow growth guidance happen happening harms has have help help helping helps here holistic house how human identify identifying imagine implement important improve include includes includes: including individual information insider insiders insights instead intentionally investigation investments involved irm iterate iterate job journey key know laws leaders leadership learn left legal level like like: limitations line looking loss make makes manage many material may met metrics milestones mitigation monitoring more most need needed needs news next note: notice now objectives often once one operational operationalize operations organization organizational others out outlining overcoming pain people people™ performance place plan playbooks point points position practices predefined prevent prevention privacy privileged proactive procedures process processes productivity program program: programs proofpoint protect protection provide provides questions rather react reacting reactively ready reasons referred remediation required requirements resources response risk risky role roll rules save scale scenario: scratch secure security sensitive shift should something specific sponsor sport” stakeholders start started starting state steering step steps steps stopped strategy successful support supports sure systems take taking tap team team technology than that them threat three through throughout time time times together too top toward triage trust understand unintentionally upon use user users very visibility vulnerable want web what when where whether which who whom why will within work working you your “team |
| Tags | Threat Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.