A recent customer engagement had me digging into the Insider Risk Management (IRM) solution with an organization’s legal team.
In this organization, the legal team was tasked with reviewing the IRM alerts and were struggling with understanding the workflow within the tool. I created a set of infographics to describe where Insider Risk Management fits into the defense-in-depth approach for data security as well as some (hopefully) simple to understand workflow infographics to support the 2-stage investigation stages.
Would love your feedback. They’re always a work-in-progress. 🙂
Link: Insider Risk Management Tip Sheets
Thanks for reading.
-JCK
This is good. I just have had challenge tuning the IRM alerts down without relying to heavily on DLP. Getting started in the Purview portal is also a challenge. The IRM and DLP policies and alert overlap quite a bit and takes a bit of getting used to. I’ve been relying on this sites blogs for most of my background reading https://cloudy-sec.com/. The MS documentation is all over the place.