You are undoubtedly aware of the harm that insiders can cause your business. In fact, they cause 90% of all security incidents. Unfortunately, today’s piecemeal and ad hoc approach is simply not working. You need a holistic Insider Threat Management Program (ITMP) to effectively manage these threats and reduce the risk to your corporate assets. To that end, we will help you accomplish these four necessary objectives.
You must KNOW YOUR PEOPLE. This is the
foundation of any solid security program. You
must aim to achieve an acceptable level of
personnel assurance. This includes incorporating
continuous evaluation processes as a supplement
to a robust pre-employment background check.
Continued personnel education and training is of
particular importance since the vast majority of
insider threats are unintentional (social engineering
victim, negligence, carelessness, etc.). Focusing on
your insiders is, however, only part of the puzzle.
You must KNOW YOUR ASSETS. What are your critical assets? Where are they located? Who has access? How can they be accessed? If you have trouble answering these questions, you’re not alone. A good data governance and inventory strategy is, however, essential for an effective insider threat management program. Full knowledge of your assets will allow you to properly align and manage the risk to those assets. A solid strategy begins with discovering where your assets reside and employing data asset tracking processes. This will allow you to properly label and classify your data and limit access in a risk-based manner.
You must MONITOR BEHAVIOR. Knowing your people and data is of little use unless your also understand how they interact with the data. A popular buzz phrase today is that “it’s all about the data.” This is misleading because focusing solely on data will only allow you to observe changes in that data or its use and respond after an incident has occurred – reactive vice proactive. You must develop the ability to understand WHO is doing WHAT with WHICH data assets and identify any threatening behaviors.
You must INVESTIGATE ACTIONS indicative of insider threat. Investigation must be integrated with all other objectives in a synergistic manner. Too often, investigation is bifurcated and viewed as a mutually exclusive component of a security or info-security program, which leads to silos and inefficiencies. To be effective, an investigation needs context and this can only be achieved through the proper alignment with all objectives within an overall ITMP strategy.
2016 Copyright. Insider Threat Management Group, LLC. All Rights Reserved