Re: Seeking volunteers to help with doctoral research regarding improving how to start insider threat programs in the private sector

[Valdis Kletnieks <valdis.kletnieks () VT EDU>]

On Fri, 23 Feb 2018 22:51:07 +0000, Jan Buitron said:
> There must be hundreds of recommendations for which components SHOULD be in
> an insider-threat program, but it is difficult to figure where to start. Most
> companies do not have a wheelbarrow of funds to start a program; they need to
> start, however.

I'll go out on a limb and say the best bang for the buck is to not try to do it
from an ITSEC point of view, but approach it more broadly - everything from
embezzling by people who deal with money for the company, to the person in the
warehouse who's selling your spare parts on Ebay, and so on.

And all these varied issues can be combatted with the same general principle:
Two persons are involved.  The person writing checks isn't the person balancing
the books.  The person moving stuff in the warehouse isn't the person doing
the inventory.  And so on - down to "isn't the person who's reviewing the IT security logs".

More bang for the buck because (a) a lot of the insider threats aren't IT and (b) once
you get the "two persons" thing ingrained into the corporate culture and policy, it's
actually pretty easy to extend to cover new/different things as needs change....

Attachment: _bin
Description: