Security News > 2022 > June > Conducting Modern Insider Risk Investigations

We must remain mindful of the perils of contacting users during an insider risk investigation.

As Insider Risk Analysts, our goal is to seek understanding; to assemble a set of facts from disparate sources to generate a clear picture of an event.

Below we'll discuss how to conduct modern insider risk investigations - moving through the stages of inquiry, investigation, and determining outcomes.

Insider Risk Management programs are focused on protecting data.

Logging an investigation: You should have a template for how investigations are documented, including what set you down the path of the investigation in the first place, what data you reviewed, actions you took, users you talked to and ultimately what was discovered and what was done to address risk.

Determining outcome: Following the completion of an investigation we will need to provide an outcome determination for the event in order to satisfy questions such as "Did the subject take this risky action deliberately?" and "Do they present an ongoing risk to my organization and data?" The course of action taken will depend on whether it's determined that that event was malicious, negligent or accidental.

News URL

https://threatpost.com/conducting-modern-insider-risk-investigations/179869/