If you missed our Microsoft State & Local Government Compliance Webinar series episode on February 2nd, have no fear! You can catch the recording here on our Microsoft SLG YouTube channel.

"What is Insider Risk Management/Incident Response, and why should we spend time on it?"

Andrea Fisher & Richard Beserra demonstrate how you can effectively protect your digital data estate from insider threats leveraging Microsoft's security and compliance tools.

https://www.youtube.com/watch?v=7hMoTRY6AyE

#compliance #insiderrisk #MicrosoftPurview #microsoftsentinel #microsoftdefender #Microsoft365

Because not all the potential insider risks become incidents or breaches, quickly identifying the most critical insider risks and prioritizing resources to investigate and mitigate them is crucial to reducing impact from incidents. #Purview #insiderrisk #Microsoft365 #compliancemanagement https://techcommunity.microsoft.com/t5/security-compliance-and-identity/uncover-hidden-risks-and-accelerate-time-to-action-with-new/ba-p/3731512

LATEST CYBERTHREATS AND ADVISORIES - JANUARY 13, 2023 - Cybercriminals attack schools, the FCC looks to change data breach rules and artif... https://blog.isc2.org/isc2_blog/2023/01/latest-cyberthreats-and-advisories-january-13-2023.html #insiderrisk #ransomware

Loose and Work In Progress Thoughts Related to #insiderrisk #insiderthreats in the context of #infosec / #cybersecurity / #risk :

Insider Threats are not solely an effect of remote work, but the advent of remote work compounds them. There is no turning back to in-office only work, so how can organizations protect themselves from Insider Threats in what has become a larger attack surface?

Collaboration Tools: A fragmented landscape including multiple cloud tools and services including Google Drive, iCloud, Box, Dropbox, and OneDrive. The problem is not the spirit of collaboration or the tools. It’s the approach to managing sensitive data and having visibility of it. Traditional Information security relies on blocking access. While sometimes effective, locked-down employees are not productive employees. Organizations need collaboration tools to stay ahead, and they also need them to maintain employee satisfaction in a highly competitive labor market.

The nature of work for digital creatives has fundamentally changed. There is no predictable time intervals when all workers are online or supposed to be online. This makes traditional approaches of static behavior matching obsolete. The rise of cloud collaboration technologies expands the risk surface and makes “expected” behavior more ambiguous than ever. Complete visibility into behavior is now needed across platforms but continues to be centered around the behaviors triggered by an endpoint or workstation.

Traditional Approaches
- Blocking: This leads to exceptions and is intrusive for a collaborative culture.
- Static Ringfencing of Data and Digital Assets is no longer Possible
- Constant re-org
- Distributed nature
- Complexity and Dynamism of Required Access Controls
- Classification: Can’t keep up with the dynamism of an organization. Requires significant up-front effort for initial classification and ongoing overhead to maintain the state.

If you are directly or tangentially working on these problems would love to connect and learn more from your experiences in the space.

What's Next for Cybersecurity in 2022? - What does next year have in store for the cybersecurity industry? The “Top Five Cy... https://blog.isc2.org/isc2_blog/2022/01/whats-next-for-cybersecurity-in-2022.html #cybersecurityworkforce #cybersecuritytraining #cloudsecurity #insiderrisk #government #ransomware

#ISC2CONGRESS - Lisa Forte Keynote: Insider Threats A Bigger Challenge Than Ever - In one of the most sobering presentations about the current state of security deli... http://feedproxy.google.com/~r/isc2Blog/~3/0h7GNUEWl0Q/isc2congress-lisa-forte.html #(isc)²events #insiderrisk

Exceptions to Security Policy - What are and how to deal with them? - By Yuri Braz, CISSP, CRISC, PMP
Information Security, or cybersecurity, has become more relevant ev... http://feedproxy.google.com/~r/isc2Blog/~3/qROZq_axjCY/exceptions-to-security-policy.html #networksecurity #insiderrisk

Security Predictions for 2021from the (ISC)² Community of Security Professionals (PART 1) - By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP, John Martin, CISSP-ISSAP, and Richard Nealo... http://feedproxy.google.com/~r/isc2Blog/~3/HPf5JWrEYws/security-predictions-for-2021-pt1.html #cybersecurityworkforce #insiderrisk #ransomware #privacy

The Human Element of Zero Trust - One weak link in a chain is all that’s needed to topple a cyberdefense. Sometimes this comes down to... http://feedproxy.google.com/~r/isc2Blog/~3/zP_hwWUxunI/the-human-element-of-zero-trust.html #cybersecurityworkforce #cloudsecurity #insiderrisk #itsecurity

The First Line of Defense: Are Humans Doing a Good Enough Job? - As published in the March/April 2020 edition of InfoSecurity Professional Magazine
By Crystal Bedell... more: http://feedproxy.google.com/~r/isc2Blog/~3/vgMMiQPlAbc/the-first-line-of-defense-are-humans-doing-a-good-enough-job.html #insiderrisk #itsecurity