Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Who should be on an insider risk team?

Ryan Francis | March 1, 2017
Catching an insider taking confidential information doesn't happen by chance

“This reduces risk and provides understanding for how to monitor and where to invest and obtain a good return on investment when building new monitoring platforms and rules,” he said.

Mancini said the duties of an insider risk team will vary based upon what you consider insider risk. For Cylance, insider risk comes in several forms (disgruntled employee, spies, unwitting employee, contractor/vendor threat) each requiring different potential “duties” to mitigate risk; some may be intercepted with appropriate channels of continuous risk, maintaining procedural channels for grievance airing, sustained employee health/morale programs, appropriate executive messaging in relation to morale, training for managers to spot insider risk in their reports, and technical monitoring of assets and potential adverse activity initiated with starting privileges within the organization.

“The team mission would be to design, implement and provide oversight for controls to reduce risk based upon these different insider threat profiles. They would provide governance over technology solutions to ensure efficacy but also ensure that employee privacy is protected. They would design, implement, and test the necessary incident response programs customized to address the differences insider risk introduces,” he said.

Yossi Shenhav, co-founder of KomodoSec Consulting, said, “The first duty of an insider risk team is to do a thorough background search on all employees, old and new, to see if any red flags arise. Then, all employees should be made aware that there is constant, systematic monitoring and restriction of access to sensitive or financial data, so it will be absolutely clear that any improprieties will be intercepted and dealt with swiftly and severely. Lastly, since incidents will still occur by individuals who are intent on violating the law, a subgroup should serve as an incident response team backed by systemic forensics to block the attack and/or minimize the severity of the breach and apprehend the offenders.”

 

Previous Page  1  2  3  4  5  6  7 

Sign up for CIO Asia eNewsletters.