Is Insider Risk something new, or something we need to look at in a new way? Does your organization understand how to measure insider risk; know where to start? The good news is that much of the existing security controls infrastructure and practices still apply. Insider risk can be integrated into current policies and practices. Creating an insider risk program will require organizations to examine the known risks in a new context of how they manage trust, control access, understand and evolve corporate culture, and ultimately prepare to manage and contain incidents when they happen.
Authors: Suzanna Alsayed-Hills, MDEM, Silvia Fraser, CPP, Antoinette King, PSP, Sherri Ireland, CISSP, Lina Tsakiris, CPP