您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

云中的人员安全功能People security functions in the cloud

人员安全保护组织免受无意中的人为错误和恶意有问必答操作的风险。People security protects the organization from risk of inadvertent human mistakes and malicious insider actions.

现代化Modernization

此功能的现代化包括:Modernization of this function includes:

  • 使用游戏化和正面强化/教育版,而不是仅依赖于消极的强化方法(如传统的 "网络钓鱼和 punish" 解决方案)来与用户 合作Increase positive engagement with users using gamification and positive reinforcement / education rather than relying solely on negative reinforcement approaches like traditional "phish and punish" solutions.
  • 优质 人力订婚: 安全意识通信和培训应为高质量的生产,以促进和情绪地与员工和组织的工作人员进行交流。High quality human engagement: Security awareness communications and training should be high quality productions that drive empathy and emotional engagement to connect with the human side of employees and the organizations mission.
  • 真实的期望: 接受用户有时会打开仿冒电子邮件,而是专注于降低速率,而不是预期停止打开的100%。Realistic expectations: Accept that users will sometimes open phishing emails, and instead focus success metrics on reducing the rate versus expecting to stop 100 percent of opening.
  • 组织文化改变: 组织领导必须推动蓄意的文化更改,使安全成为组织中每个成员的优先级。Organizational culture change: Organizational leadership must drive an intentional culture change to make security a priority for each member of the organization.
  • 增加了内部风险焦点 ,帮助组织使用高度盈利的非法用例 (例如客户位置或通信记录) ,来保护宝贵的商业机密和其他数据。Increased insider risk focus to help organizations protect valuable trade secrets and other data with highly profitable illicit use cases (such as customer locations or communication records).
  • 改进的内部风险检测 ,利用云功能实现活动日志记录、行为分析和机器学习) (机器学习。Improved insider risk detection which takes advantage of cloud capabilities for activity logging, behavior analytics, and machine learning (machine learning).

团队组合和键关系Team composition and key relationships

通常,人员安全合作伙伴具有以下类型的角色:People security commonly partners with the following types of roles:

  • 审核和法律团队Audit and legal teams
  • 人力资源Human resources
  • 隐私团队Privacy team
  • 数据安全性Data security
  • 用于用户意识的通信团队Communications teams, for user awareness
  • 内部风险的安全操作Security operations, for insider risk
  • 内部风险的物理安全Physical security, for insider risk

后续步骤Next steps

查看 应用程序安全和 DevSecOps的功能。Review the function of application security and DevSecOps.