top of page

Insider Security, part 1/8

Insider security breaches occur far less often than either accidental disclosures or malicious outside activity (hacking), but they can pack a much bigger punch. Insiders are already within the first layer of trust, and may bypass many controls designed to mitigate loss. In some cases, they have access to critical business data and intellectual property, and in a few cases, they have the keys to the kingdom.

If we have all our security tools correctly and thoroughly deployed, insider threats are, to a degree, handled. But without understanding the problem, and taking a solid risk-based approach to dealing with the issues, we leave our systems open to these problems. Given the size of the risks, it is essential that we understand the problem and take appropriate action to mitigate the risks.

In this series, insider risks and mitigation strategies will be discussed in depth. We will look at:

  1. Defining the insider risk problem.

  2. Using risk management practices to establish scope and priority.

  3. Hiring and contracting concerns.

  4. The human element, and counterproductive responses.

  5. Technical internal controls, external control overlap, and complications.

  6. Opportunity for mentoring from monitoring.

  7. Incentives and sanctions.

  8. The landscape today, and why building a high-trust culture is essential.

Many of these items involve HR, and one ties in with Purchasing. References are also provided, so you can draw your own conclusions based on your experience.

1 view0 comments

Recent Posts

See All

Since the new trick pony showed up, I've been kicking the digital tires, and like many, I'm impressed. Not so much by the "AI" part, as by the sheer utility of it. Let's consider what's wrong with the

We're all familiar with the saying, "Never judge a book by its cover," and this holds up in information security as well as anyplace. Oddly enough, in information security, so does the inverse concep

Considering a merger? Here's a starting checklist for the cybersecurity components. An appropriate level of review now prevents surprises later. This is in addition to any IT considerations. Checklist

Post: Blog2_Post
bottom of page