Conducting Modern Insider Risk Investigations

Insider Risk Management requires a different approach than to those from external threats. IRM is unique from other domains of security in that the data sources which serve as inputs are as often people as they are tools. Shifting the analyst‘s mindset when handling risks presented by insiders requires us to move through the stages of inquiry, investigation, and determining outcomes.

Dealing with risks presented by internal users requires a different approach than those from external threats. This shouldn’t be news to anyone, but it does need to be said since it’s not something that always happens in practice. It’s not uncommon to see the cudgels common to blue teams wielded against internal users who run afoul of security. And frankly who can blame overworked security teams – dealing with internal folks is much more fraught with challenges. It’s far simpler to triage all risks with the same tools and techniques at our disposal for external threats. But it’s 2022 and time to strive for something better.

We must remain mindful of the perils of contacting users during an insider risk investigation. We must approach these interactions with tact, empathy, and caution. As Insider Risk Analysts, our

Read More: