The CISO knew he had a data leak but he didn’t know how big. He suspected data masking was the solution but he couldn’t make a business case for the investment. Those were the problems the RiskLens Professional Services team set out to solve for this client. Here's the story:
Like many of the other customers that we work with, this team had limited experience analyzing risk scenarios. They were thinking of risk basically as a scary event, and part of the job when we’re onsite is to draw the information out so we could quantify their risk.
As part of the scoping process, we first identified what assets were of most concern from a data leak perspective—in this case, data repositories and SharePoint holding personally identifiable information (PII) and contractual information from clients.
Then we looked to identify the threat community. Their main concern going in was malicious external actors causing an exfiltration of information.
Yet when we asked a few key questions, we quickly came to understand that the most likely concern was insiders either accidentally sending out emails that contain PII or stealing contractual information, particularly as they left the company for other jobs. But the CISO only had a few confirmed cases of data leakage, not a lot of hard evidence to project from.
The FAIR Model
We also learned through our data gathering that if information does get sent to the wrong person, there were no real procedures in place to notify information security, or DLP solution.
Using the guided workshop feature of the RiskLens platform, we created a risk scenario and filled in the appropriate data using the platform's Data Helpers and Loss Tables, with industry-specific data curated by the RiskLens Data Science team.