A TECH REPORT FROM EDWARD AMOROSO, TAG CYBER
Fresh from our time at the Gartner Security & Risk Management Summit, this tech report from Ed Amoroso, Tag Cyber couldn’t be more timely. As noted, there has been a lot of discussion around Insider Risk Management (IRM) of late. Yet, questions remain about IRM.
- Is Insider Risk different from Insider Threat? – The security industry often uses the terms insider threat and insider risk synonymously, but it helps to review the important differences that exist between these underlying data protection concepts.
- Does IRM present “big brother” scenarios within organizations? – Focusing on employees and other insiders helps target individual behaviors, but the approach has some negative consequences. How does IRM approach that common concern?
- How are IRM platforms incorporating the familiar subject- action-object model and does this even work? – This familiar set of security criteria is useful to highlight insider risk because it allows for security analysis to determine consistency with policy and best practices.
- Does IRM represent the all-in-one solution security teams dream of? – Short answer- No. Security experts will attest that no one method works to detect anomalies in all situations and contexts, so the best commercial platforms support a range of strategies for prevention, detection, and response to insider risk. Does IRM deliver?
- What does an IRM action plan or program look like? – For starters, it need not be intimidating! Organizations committed to implementing an IRM program should consider putting an action plan in place that includes understanding where their risky data is, choosing an approach in line with corporate ethics and values, and a thorough proof of concept (POC) cycle to ensure vendors are living up to their promise.
Enough of the teaser though. Check out the report to evaluate recent technical advances to protect key enterprise data from insider risk. The emphasis is on how patterns and behaviors can be used proactively and reactively to address cyber risk. And yes, Code42 features as an example to demonstrate visibility, context and control advances in practical enterprise network environments. In the end, you get to decide the IRM approach most in line with your organization’s insider risk strategy.