Professional Documents
Culture Documents
A Top Priority:
The Cost-Effective Way
Your resources may be limited, but this doesn’t mean you should limit your insider threat program. So
how do you properly allocate your resources for efficient and effective threat and risk analysis?
For example, you may assume that someone with significant financial problems is more susceptible
to bribery, and thus presents greater risk of insider threat. This sounds like common sense, but the
real story may be much more complicated. Maybe that person just had a streak of bad luck with their
financials, yet acts as a model citizen in every other aspect of life. This person would actually pose
less of a risk than someone with impeccable financial standing, but a sordid sense of morality.
Furthermore, stress affects individuals in different and unpredictable ways. Those with post-traumatic
stress disorder (PTSD), depression and/or other psychological conditions are going to react to stress
much differently than individuals who are not suffering the effects of those disorders.
Since Snowden was a privileged network user, he had access to sensitive information. This made him
potentially riskier than other individuals with more limited access. In other words, someone working
in an area other than systems administration may have a shaky backstory – drug dependence, criminal
activity, suspicious behavior, etc. – but doesn’t pose as much of an insider threat as that “clean-slate”
employee with privileged access to programs or applications.
1 Position-based screening
Provide tighter and more continuous screening of those with access – or potential access,
like Snowden – to highly sensitive information. Limit your resource allocation for screening of
personnel in less risky positions.
2 Behavioral screening
Continuously run criminal, financial and behavioral data – as available and as appropriate –
against personnel. This effort should culminate in a segmentation of employees based on risk.
Then, based on this segmentation information, streamline resources allocated to evaluating the
90% (or so) of employees without obvious risks.
4 Training
Provide awareness training to employees to ensure suspicious activities are not only detected,
but also properly reported and followed up on.
Click the button below to get your insider threat rating and determine how vulnerable your
organization is to betrayal from the inside.
Free Assessment:
A Few Simple Questions To Help
Evaluate Your Organizational Security