Revisiting Insider Risk Programs in 2023
The Intelligence and National Security Alliance (INSA) states that “Establishing appropriate objectives and performance metrics supports business justifications for resources and ensures sustained buy-in and support from senior leadership and other key internal stakeholders.”
Evaluating the effectiveness of an Insider Risk Program
- Does our existing program identify and score riskiest users, their behaviors, and actions?
- Can our existing program determine if user credentials have been compromised or stolen?
- Do we know if workers are taking proprietary data with them when they leave the organization?
- Does the current program provide indicators for behaviors of workplace violence, self-harm, or sabotage before they occur?
- Are we collecting data on physical methods of data exfiltration, such as printing physical copies, copying content to removable media, taking screenshots, or using the clipboard to copy and paste proprietary information?
Answering these questions involves knowing what types of risky activities are of most concern to your organization. Some examples of insider activities that can pose great risk to your organization’s mission, reputation, and bottom line might include:
When implementing a new insider risk program or looking at existing programs in place, Program Managers and organizations are asking themselves some tough evaluative questions such as:
I recently did an educational webinar called Navigating and Managing Insider Risk. It contains useful guidance and information for how organizations can answer the questions above and manage insider risk. Learn how to structure an effective program and where to begin when implementing a new program or improving an existing program.
- Extremism, workplace violence, self-harm, and sabotage
- Media leaks, misinformation that can harm reputation and public perception
- Corporate espionage, customer data and PII spillage; theft of trade secrets
- Stolen Credentials
- Employees leaving and taking proprietary data with them
- Accidental or intentional systems disruption
- Supply chain disruption
Navigating and Managing Insider Risk
Learn effective ways to manage, navigate and solve Insider Risk. Check out my recent webinar or review the Insider Risk Infographic for more.
I also explain why point products that claim to be one-size-fits-all are not effective: Organizations should instead adopt a phased crawl, walk, run approach that focuses on their specific organizational needs. A phased approach that leverages the best practices, proven methodologies, and educational resources from the experts including thought leaders like the Intelligence and National Security Alliance (INSA), Carnegie Mellon, MITRE Labs, Applied Research for Intelligence and Security (ARLIS) and more.
This post was first first published on Forcepoint website by Mike Crouse – PMP, ITPM. You can view it by clicking here