Insider risk management in Microsoft 365 benefits organisations addressing internal risks, such as Intellectual Property theft, fraud, sabotage etc.
A credit card database admin's unencrypted work laptop got stolen at home in a burglary.
Sensitive data for 1000 users was on the laptop.
This is an example of which type of internal risk?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: D Option D is correct.
If a business handles the personal, medical, sensitive, or classified data of individuals or government organizations, the law requires you to follow strict compliance regulations.
Option A and C are incorrect.
Sabotage and IP Theft includes acting with the intention to harm specific individuals, the organization, or the organization's data systems or daily business operations.
Option B is incorrect.
There is a potential data leak situation here, however, there is an internal risk due to actions or non-actions before a leak might occur.
Reference:
The scenario you presented describes a data breach, which is a type of internal risk that falls under the category of data leak. Data leaks refer to situations where sensitive or confidential information is disclosed, intentionally or unintentionally, to individuals who are not authorized to access that information.
In this case, the credit card database admin's unencrypted work laptop got stolen during a burglary, and sensitive data for 1000 users was on the laptop. The fact that the laptop was unencrypted means that the sensitive information was easily accessible to the thief. As a result, this is an example of a data leak.
Data leaks can have serious consequences for organizations, including financial losses, legal liabilities, reputational damage, and loss of customer trust. To prevent data leaks, organizations should implement security measures such as encryption, access controls, and data loss prevention (DLP) policies. It is also important to provide employees with security awareness training to help them recognize potential risks and avoid data breaches.