From the course: Microsoft Information Security Administrator Associate (SC-401) Cert Prep by Microsoft Press

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Manage Insider Risk Management workflow, including notice templates

Manage Insider Risk Management workflow, including notice templates - Microsoft 365 Tutorial

From the course: Microsoft Information Security Administrator Associate (SC-401) Cert Prep by Microsoft Press

Start my 1-month free trial Buy for my team

Manage Insider Risk Management workflow, including notice templates

Managing insider risk isn't purely a technical implementation, it requires an established workflow and cooperation amongst various departments. Let's talk about how to structure the program and workflow beyond the tool implementation. To start with, define your stakeholders and roles up front. Typically, an insider risk management program has stakeholders from security and IT, HR, legal, and sometimes also from compliance or specific business units. It's important to form an insider risk committee or at least identify key contacts in each domain. For example, have a named HR representative for insider risk cases and a named legal counsel. We already set roles in the tool, analyst, investigator, approver, et cetera, to ensure those map to the right people and from these departments. For instance, HR might hold the investigator role for misconduct cases. IT security might hold it for data theft technical cases. Agree on these divisions of responsibility. It's also really important that…

Contents