How have you dealt with employee privacy concerns when implementing your insider risk management program?

Security & GRC Data Privacy & Protection

2k views2 Comments

Sort by:

Vice President Information Technology in Finance (non-banking)2 years ago

We have insider risk management policy which also covers the privacy concerns of the employees. They are aware of what data is being collected, how it will be securely stored and used for the stated purpose

Chief Technology Officer in Media2 years ago

Insider risk management programs are designed to identify and mitigate potential risks posed by employees or other insiders to an organization's sensitive data, systems, or operations. While implementing these programs, it is essential to balance the need for security with respecting the privacy and rights of employees

Content you might like

Which is written correctly?

Cybersecurity44%

Cyber Security42%

Cyber-security5%

Information Security7%

View Results

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

What are the best practices for securing the MFA registration phase when moving from SMS to phishing-resistant methods like passkeys (FIDO2) or TOTP-based authenticator apps? Specifically, how can we mitigate risks in device enrollment and key provisioning without phone numbers? What innovations are your organizations implementing or have implemented to bolster this process? - I don't see this as a competitive advantage but all of us good guys against the bad.

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models. Scope includes Environment Setup: Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation. Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

What will be the biggest cybersecurity threat of 2022?

Attacks targeting authenticator apps58%

IoT Denial-of-use attacks32%

Cyber extortion of high profile individuals59%

C-level impersonations18%

Something else (comment below)1%

View Results

How have you dealt with employee privacy concerns when implementing your insider risk management program?

Sort by:

Content you might like

Which is written correctly?

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

What will be the biggest cybersecurity threat of 2022?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go