Make Organizational Security

A Top Priority:
The Cost-Effective Way

© Big Sky Associates 2013 704.266.0015 n info@bigskyassociates.com n www.bigskyassociates.com

 How To Allocate Resources For Your
Insider Threat Program
Now, more than ever, employers need assurance that their employees are
trustworthy and loyal. You can’t afford an employee who is careless with sensitive
information. You can’t afford an employee who puts your company’s data,
reputation and success on the line. Now, more than ever, you need to keep your
organizational security at the top of your business strategy.
Organizational security threats come in several forms; however, they typically fall into two categories:
external and internal. External threats usually come from a competitor or foreign government, and
should be taken very seriously. But with ever-advancing technology and ever-increasing ways to tap into
confidential information, the insider threat is more pervasive, evasive and disastrous than ever.

Your resources may be limited, but this doesn’t mean you should limit your insider threat program. So
how do you properly allocate your resources for efficient and effective threat and risk analysis?

YOU HAVE TO GET THE WHOLE STORY.

Efforts to detect and react to typical risk patterns – such as criminal behavior, financial issues or
alcohol/drug abuse – are a starting point, but they don’t tell the whole story.

For example, you may assume that someone with significant financial problems is more susceptible
to bribery, and thus presents greater risk of insider threat. This sounds like common sense, but the
real story may be much more complicated. Maybe that person just had a streak of bad luck with their
financials, yet acts as a model citizen in every other aspect of life. This person would actually pose
less of a risk than someone with impeccable financial standing, but a sordid sense of morality.

Furthermore, stress affects individuals in different and unpredictable ways. Those with post-traumatic
stress disorder (PTSD), depression and/or other psychological conditions are going to react to stress
much differently than individuals who are not suffering the effects of those disorders.

© Big Sky Associates 2013 704.266.0015 n info@bigskyassociates.com n www.bigskyassociates.com

 YOU HAVE TO PUT YOUR SENSITIVE INFORMATION ON HIGH ALERT.
Access to sensitive information is an incredibly complex dimension of avoiding and detecting insider
threat. The Edward Snowden scandal certainly brings this point home. Nothing about the computer
specialist and former CIA/NSA employee’s background was particularly concerning, yet this did not stop
him from leaking details of several top-secret United States and British government mass surveillance
programs to the press. Nothing about his “story” raised a red flag indicating that he would be
responsible for what has been called the most significant leak in U.S. history.

Since Snowden was a privileged network user, he had access to sensitive information. This made him
potentially riskier than other individuals with more limited access. In other words, someone working
in an area other than systems administration may have a shaky backstory – drug dependence, criminal
activity, suspicious behavior, etc. – but doesn’t pose as much of an insider threat as that “clean-slate”
employee with privileged access to programs or applications.

YOU HAVE TO TAKE A TARGETED, RISK-BASED APPROACH

TO INSIDER THREAT.
Allocate resources for your insider threat program based on these four key areas:

1 Position-based screening
Provide tighter and more continuous screening of those with access – or potential access,
like Snowden – to highly sensitive information. Limit your resource allocation for screening of
personnel in less risky positions.

2 Behavioral screening
Continuously run criminal, financial and behavioral data – as available and as appropriate –
against personnel. This effort should culminate in a segmentation of employees based on risk.
Then, based on this segmentation information, streamline resources allocated to evaluating the
90% (or so) of employees without obvious risks.

3 Access control and event detection

Protect against internal and external threats with physical access controls and network
monitoring technologies.

4 Training
Provide awareness training to employees to ensure suspicious activities are not only detected,
but also properly reported and followed up on.

© Big Sky Associates 2013 704.266.0015 n info@bigskyassociates.com n www.bigskyassociates.com

 YOU HAVE TO ASK YOURSELF, “SHOULD I BE CONCERNED?”
Is your organization’s critical data at risk of internal theft or fraud? It’s time to find out. Smart, high-
functioning organizations don’t react to insider threats, they prepare for them to prevent costly
consequences.

YOU HAVE TO GET YOUR RISK ASSESSED.

It’s smart to get your risk of insider threat assessed by a third party: experts in the complex world of big
data, risk detection/prevention and information protection.

Click the button below to get your insider threat rating and determine how vulnerable your
organization is to betrayal from the inside.

Free Assessment:
A Few Simple Questions To Help
Evaluate Your Organizational Security

Assess Your Organization

To learn more about partnering with Big

Sky Associates for your data visualization,
decision analysis, process improvement
and risk prevention, fill out this contact
form or call 704.266.0015 to speak to a
Big Sky Guide.

© Big Sky Associates 2013 704.266.0015 n info@bigskyassociates.com n www.bigskyassociates.com