one of the most valuable aspects of an insider threat program or I t. P is the visibility it provides into so many areas of your organization
and optimized insider threat program will be the flashlight illuminating the dark corners of your company. Alex No.
Okay, that sounds ominous. But what I'm getting at is your insider threat program should expose ah lot of activity that you may have previously been unaware of and unable to monitor.
In addition to configuring your program to address specific use cases, you can set up your program to assist mawr generally with visibility and discovery.
For example, where is the data going?
What cloud applications are employees using
which parts of the business access or use certain files?
As you compile data and metrics, you can compare it with the policies and processes in place to see how effective they are
and if your employees air following the guidelines. So let's hear from Peter Hodja Giorgio to illuminate these points. Alex,
the A word doesn't exactly generate a lot of excitement and enthusiasm.
But audits, whether external or internal, are a fact of life, especially in the field of cybersecurity.
Self auditing is important for a variety of reasons. Insider threat programs are often the subject of audits but rarely considered as a resource or facilitator for audit teams as it relates to a number of common corporate policies.
There are a number of common policies associated with data security.
Use of cloud applications is a great example, and increasingly relevant has so many organizations and their employees transition toe work and life in the cloud
your organization may have a set of approved cloud collaboration or cloud storage. APS.
Hopefully, you have well documented policies that air clearly communicated to the workforce, that define exactly how employees should be using cloud APS for work purposes.
How do you know who's following that guidance?
How do you audit adherence to that policy?
Enter your friendly insider threat program team
with the right tools and configurations. The Insider Threat program can tell you exactly who is using sanctioned or unsanctioned cloud APS and what data they're putting in those APS.
We encourage you to put your insider threat program to the test
Canada assists with this type of audit request.
If you're asked to report out how many users are moving data to USB personal emails or cloud. Can you help
as a side note? If any of these policies aren't implemented in your organization,
work with your legal in HR teams to put some new or updated policies in place.
This type of policy or process audit isn't typically associated with an insider threat program, but when you think about it, using your I t. P like this is an excellent way to improve the perception of the program and get buy in from a variety of stakeholders in the organization.
while HR teams are rightly sensitive to privacy or culture concerns around an insider threat program,
they may realize the benefits of the visibility your program offers and work with you to ensure compliance.
Because audits can be just another use case for your program, don't shy away from audit topics in an insider threat program.
Ultimately, if your insider threat program can provide answers to audit questions, it provides validity for both the audits and the insider threat program.