sc-401 intro module

Author: riswinto

learn-pr/wwl-sci/purview-protect-sensitive-data/data-protection-need.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-protect-sensitive-data.data-protection-need
+title: The growing need for data protection
+metadata:
+  title: The growing need for data protection
+  description: "The growing need for data protection."
+  ms.date: 03/10/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 5
+content: |
+  [!include[](includes/data-protection-need.md)]

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/data-protection-need.md

@@ -8,16 +8,16 @@ Cybersecurity and Infrastructure Security Agency's (CISA) _Insider Threats 101_
 
 Examples of data security risks include:
 
-- **MOVEit Data Breach:** In June 2023, a vulnerability in the MOVEit file transfer software led to cyberattacks affecting thousands of organizations and nearly 100 million individuals, including major corporations and government agencies. This breach highlighted the risks of unprotected sensitive data. ([Wikipedia](https://en.wikipedia.org/wiki/2023_MOVEit_data_breach))
-- **Social Engineering Attacks:** ENISA's report highlights a sharp rise in Business Email Compromise (BEC), where attackers manipulate employees into disclosing sensitive data. Without proper security controls, unauthorized data exposure can lead to fraud, identity theft, and corporate espionage.
-- **Data Leaks and Misconfigurations:** Unintentional data exposure remains a major issue, as noted in ENISA's findings. Security misconfigurations and lack of visibility over sensitive data can lead to breaches, making it essential to implement policies that restrict unauthorized access.
+- **MOVEit Data Breach**: In June 2023, a vulnerability in the MOVEit file transfer software was exploited in a series of cyberattacks. These attacks affected thousands of organizations and nearly 100 million individuals, including major corporations and government agencies. This breach highlighted the risks of unprotected sensitive data. ([Wikipedia](https://en.wikipedia.org/wiki/2023_MOVEit_data_breach))
+- **Social Engineering Attacks**: ENISA's report highlights a sharp rise in Business Email Compromise (BEC), where attackers manipulate employees into disclosing sensitive data. Without proper security controls, unauthorized data exposure can lead to fraud, identity theft, and corporate espionage.
+- **Data Leaks and Misconfigurations**: Unintentional data exposure remains a major issue, as noted in ENISA's findings. Security misconfigurations and lack of visibility over sensitive data can lead to breaches, making it essential to implement policies that restrict unauthorized access.
 
 ## Risks organizations face
 
-- **External threats:** Cyberattacks, phishing, and data breaches expose sensitive information and can cause financial and reputational damage.
-- **Insider risks:** Employees and contractors might unintentionally or maliciously leak data, making access controls and monitoring essential.
-- **Compliance challenges:** Regulations like GDPR and HIPAA impose strict requirements for data security and privacy, with severe penalties for noncompliance.
-- **AI security risks:** As organizations adopt AI-driven tools, they must ensure that sensitive data isn't used or exposed in ways that could violate security policies. AI-generated content can introduce security gaps if not properly managed.
+- **External threats**: Cyberattacks, phishing, and data breaches expose sensitive information and can cause financial and reputational damage.
+- **Insider risks**: Employees and contractors might unintentionally or maliciously leak data, making access controls and monitoring essential.
+- **Compliance challenges**: Organizations must meet strict data security and privacy requirements set by industry standards, government policies, and regulatory frameworks, with significant consequences for noncompliance.
+- **AI security risks**: As organizations adopt AI-driven tools, they must ensure that sensitive data isn't used or exposed in ways that could violate security policies. AI-generated content can introduce security gaps if not properly managed.
 
 ## The need for a proactive approach
 

learn-pr/wwl-sci/purview-protect-sensitive-data/includes/protect-ai-data.md

@@ -0,0 +1,41 @@
+As AI adoption grows, organizations must secure the data used in AI-driven environments. Sensitive information can be exposed through AI models, generated content, or interactions with AI tools. A strong security approach ensures that AI enhances business operations without introducing data protection risks.
+
+## Security concerns in AI environments
+
+AI technologies rely on vast amounts of data to function effectively. Without proper security measures, organizations risk exposing sensitive data, generating inappropriate content, or failing to comply with privacy regulations.
+
+### Protect sensitive data from unauthorized AI model training
+
+AI models learn from data, but not all data should be used for training. Sensitive business information, personal data, and regulated data must be protected to prevent misuse.
+
+To safeguard sensitive data, organizations can:
+
+- **Implement Data Loss Prevention (DLP) policies** to prevent unauthorized data from being used in AI tools.
+- Use **Microsoft Purview Information Protection** to classify and label sensitive data, ensuring that it isn't inadvertently shared or processed by AI models.
+- Enforce **access controls and encryption** to restrict AI systems from accessing confidential information.
+
+### Prevent AI tools from generating inappropriate or risky content
+
+AI-generated content can introduce risks, including bias, misinformation, or unintended data exposure. Organizations need safeguards to monitor and control AI outputs.
+
+Security teams can mitigate these risks by:
+
+- Implement **AI governance policies** to define acceptable AI-generated content.
+- Use **content filtering tools** to prevent AI from producing inappropriate or noncompliant outputs.
+- Audit AI-generated content to ensure that it aligns with security and compliance standards.
+
+### Ensure compliance with data privacy regulations when using AI
+
+AI services must comply with industry regulations and corporate data protection policies. Improper use of AI can lead to compliance violations and legal consequences.
+
+To maintain compliance:
+
+- Monitor AI data processing activities to ensure regulatory adherence.
+- Apply data retention and deletion policies to AI-processed content.
+- Use Data Security Posture Management (DSPM) for AI to enforce security policies and manage AI-related risks.
+
+### Implement AI data protection strategies
+
+Organizations can strengthen AI security by integrating Microsoft Purview and Data Security Posture Management (DSPM) for AI to mitigate risks.
+
+By securing AI-generated and AI-processed data, organizations can use AI's capabilities while maintaining data privacy, compliance, and security.

learn-pr/wwl-sci/purview-protect-sensitive-data/index.yml

@@ -0,0 +1,49 @@
+### YamlMime:Module
+uid: learn.wwl.purview-protect-sensitive-data
+metadata:
+  title: Prepare for Microsoft Purview Insider Risk Management
+  description: "Prepare for Microsoft Purview Insider Risk Management."
+  ms.date: 1/3/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: module
+  ms.service: purview
+  hidden: false
+title: Prepare for Microsoft Purview Insider Risk Management
+summary: Discover strategies for planning and configuring Microsoft Purview Insider Risk Management to meet organizational needs and protect privacy.
+abstract: |
+  After completing this module, you'll be able to:
+  - Collaborate with stakeholders to prepare for insider risk management.
+  - Understand what's needed to meet prerequisites for implementation.
+  - Configure settings to align with compliance and privacy needs.
+  - Explore how connecting tools and data sources enhances risk management.
+prerequisites: |
+  - Understanding of insider risk concepts.
+  - Familiarity with organizational compliance and privacy practices.
+iconUrl: /training/achievements/generic-badge.svg
+levels:
+- intermediate
+roles:
+- auditor
+- administrator
+- risk-practitioner
+products:
+- microsoft-purview
+- m365
+subjects:
+- information-protection-governance
+- security
+units:
+- learn.wwl.purview-protect-sensitive-data.introduction
+- learn.wwl.purview-protect-sensitive-data.data-protection-need
+- learn.wwl.purview-protect-sensitive-data.manage-sensitive-data-challenge
+- learn.wwl.purview-protect-sensitive-data.protect-data-zero-trust-world
+- learn.wwl.purview-protect-sensitive-data.understand-classification-protection
+- learn.wwl.purview-protect-sensitive-data.prevent-data-leaks-insider-threats
+- learn.wwl.purview-protect-sensitive-data.manage-respond-alerts-threats
+- learn.wwl.purview-protect-sensitive-data.protect-ai-data
+- learn.wwl.purview-protect-sensitive-data.knowledge-check
+- learn.wwl.purview-protect-sensitive-data.summary
+
+badge:
+  uid: learn.wwl.purview-protect-sensitive-data.badge

learn-pr/wwl-sci/purview-protect-sensitive-data/introduction.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-protect-sensitive-data.introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: "Introduction"
+  ms.date: 03/10/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 1
+content: |
+  [!include[](includes/introduction.md)]

learn-pr/wwl-sci/purview-protect-sensitive-data/manage-respond-alerts-threats.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-protect-sensitive-data.manage-respond-alerts-threats
+title: Manage security alerts and respond to threats
+metadata:
+  title: Manage security alerts and respond to threats
+  description: "Manage security alerts and respond to threats."
+  ms.date: 03/10/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 5
+content: |
+  [!include[](includes/manage-respond-alerts-threats.md)]

learn-pr/wwl-sci/purview-protect-sensitive-data/manage-sensitive-data-challenge.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-protect-sensitive-data.manage-sensitive-data-challenge
+title: The challenges of managing sensitive data
+metadata:
+  title: The challenges of managing sensitive data
+  description: "The challenges of managing sensitive data."
+  ms.date: 03/10/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 4
+content: |
+  [!include[](includes/manage-sensitive-data-challenge.md)]

learn-pr/wwl-sci/purview-protect-sensitive-data/prevent-data-leaks-insider-threats.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-protect-sensitive-data.prevent-data-leaks-insider-threats
+title: Prevent data leaks and insider threats
+metadata:
+  title: Prevent data leaks and insider threats
+  description: "Prevent data leaks and insider threats."
+  ms.date: 03/10/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 4
+content: |
+  [!include[](includes/prevent-data-leaks-insider-threats.md)]

learn-pr/wwl-sci/purview-protect-sensitive-data/protect-ai-data.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-protect-sensitive-data.protect-ai-data
+title: Protect AI-generated and AI-processed data
+metadata:
+  title: Protect AI-generated and AI-processed data
+  description: "Protect AI-generated and AI-processed data."
+  ms.date: 03/10/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 4
+content: |
+  [!include[](includes/protect-ai-data.md)]

learn-pr/wwl-sci/purview-protect-sensitive-data/protect-data-zero-trust-world.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-protect-sensitive-data.protect-data-zero-trust-world
+title: Protect data in a Zero Trust world
+metadata:
+  title: Protect data in a Zero Trust world
+  description: "Protect data in a Zero Trust world."
+  ms.date: 03/10/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 3
+content: |
+  [!include[](includes/protect-data-zero-trust-world.md)]