One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8644242 |
| Date de publication | 2025-01-29 06:42:08 (vue: 2025-01-29 11:07:49) |
| Titre | A Guide for Insider Risk Teams: 10 Tips for Monitoring User Activity While Protecting Privacy |
| Texte | As security teams, we often face a tough dilemma: how can we monitor users for risky activity without compromising their privacy? It\'s a delicate balance. There\'s a fine line between ensuring security while also respecting the confidentiality of sensitive employee data. However, achieving this balance isn\'t only possible, it\'s essential. It must be part of any insider risk program for it to be both trustworthy and effective. In honor of Data Privacy Week, in this blog post I\'ll walk you through 10 best practices to help you build a robust insider risk program that meets both your data privacy and security needs. 1: Involve privacy and legal stakeholders early From the very beginning, you should invite the right people to the table. During the program\'s design phase, reach out to privacy councils or worker councils to get them involved. This will ensure that important privacy aspects are addressed right from the start. These councils can offer invaluable insights into the ethical and legal considerations that must be taken into account. Once involved, keep these stakeholders close throughout the journey. Regular updates about the program\'s goals, scope and processes will help foster trust between security teams and privacy advocates. In fact, demonstrating that privacy has been top of mind all along, the insider risk team will equally be the face of privacy advocacy. Example If you\'re rolling out an insider risk management program, involve your privacy officer in the planning stages. This will ensure that your program is compliant with GDPR and other data protection regulations. When privacy concerns are addressed proactively, personally identifiable information (PII) won\'t be used in ways that could lead to violations. 2: Define program scope and reporting thresholds One of the most critical components of any insider risk program is clear boundaries. Define what constitutes risky activity, which is typically aligned to existing conduct, compliance or security policies. It is also important to clearly define what behaviors result in a certain risk level as well as at which point risky behaviors require a deeper inquiry or investigation. Not only does this help reduce the likelihood of overreach, but it also ensures that monitoring stays proportionate to the risk. Keep in mind that although organizational policies are defined and shared broadly, thresholds and detection capabilities should only be shared with those with a need-to know. Example Let\'s say your program detects users downloading large amounts of sensitive data. Set a threshold that only triggers an alert when someone downloads more than their typical number of files. Other thresholds might be when they are considered a flight risk or when they are circumventing a security control. This keeps the scope narrow, and it provides a much lower possibility that an analyst will review innocuous behavior. There\'s never a complete guarantee that this won\'t happen in the world of risk mitigation. However, that is why implementing the next eight best practices is so critical. 3: Be transparent, but guide the message thoughtfully In many organizations, the insider risk program is often shrouded in mystery. Unfortunately, this can breed rumors and distrust. Avoid this issue by communicating transparently and proactively where you can. Doing so sends a clear message that the program aligns with your organization\'s goals and its core values. It\'s also crucial to share stores about your program\'s positive impact. And make sure to remind everyone about privacy mechanisms that are in place as well as the overall purpose of your program. Transparency helps demystify the process and reassures employees that their privacy is being respected. While transparency is important, so is discretion. The details about triggered alerts and investigation details should not be shared beyond designated groups. This will ensure that your program isn\'t undermined and prevent people from circumventing controls. Example When your program starts t |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 10: abac ability able about abusing acceptable access account accountability achieving across active activity addressed adhering adjust admin advocacy advocates after aggregate alert alerts align aligned aligns all allows along also although amounts analyses analysis analyst analysts analyze angles annual anonymization anonymize anonymized another any anyone apart applies approach approved approving are aspects assigned attention attribute audit audits avoid avoids aware awareness balance balanced balances based been before beginning behavior behaviors being benchmarks best between beyond bias biases blog bolsters both boundaries breach breaches breed broadly build building built but bystanders calendars can capabilities capture careful carefully case cases categories certain change changes circumventing classify clear clearly close clouding cognitive colleague collected collection collects comes commitment communicating companies complete compliance compliant components compromised compromising concerns conduct confident confidential confidentiality conflict conflicts consequences consider: considerations considered constitutes continuously control controls core could councils court create created critical crucial customizable damage damaging data day dedicate deeper defending define defined defining delicate demonstrating demystify depth design designated detailed details detect detection detects development different dilemma: discretion discuss distrust documents does doesn doing done downloading downloads due during dynamically earlier early effective effectively eight either/or eliminate else employee employees enables enabling encryption end enforced enforcing enhanced enough ensure ensures ensuring entrusted environment equally escalated especially essential establish ethical even event everyone example exception excessive excluded exempt existing explicitly exposed exposing exposure extremely face fact factual fair feature features feel files financial finding fine flexibility flight flow flows focus following formal foster fosters from full fundamental gdpr generated geographic get give giving goal goals good groups guarantee guide hand handle handling handoff happen hard has have help helped helps here high highest highlight honor how however huge idea identifiable identifier identify immediately impact impartial implement implementing important incident include includes including incorporate individual inefficiencies inevitable information infringement ingested initiatives innocuous input inquiries inquiry insider insights instance instead integral integrating interest internal internally invaluable invasive investigate investigating investigation investigations invite involve involved isn issue items itm its jobs journey just justification keep keeps key know large larger laws layered lead leads leaks learn legal let level levels like likelihood likely limits line log logging logs lower made maintain make malicious management many may means mechanisms medical meeting meetings meets message metadata metrics might mind minimally mistrust misunderstanding misuse mitigate mitigated mitigation monitor monitored monitoring monitors more most much must mystery name narrow nature necessary need needs never next not notes number objectivity off offer officer often once one only operations organization organizational organizations other out outcome outside over overall overreach oversight own part particular partner partners people performing personal personally perspective phase picture pii place plan planning plays point policies policy positive possibility possible post potential practices presented presents prevent prevents prior privacy privileged proactively procedures process processes program programs proofpoint proportionate protect protecting protection protects provides pseudonymization purpose rather reach reassures redacted reduce referenced refine regions regular regulations reinforces related rely remain remediated remediation remember remind remove reported reporting reputation reputational require requ |
| Tags | Tool Threat Studies Medical Technical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.