Educause Security Discussion mailing list archives
Re: Seeking volunteers to help with doctoral research regarding improving how to start insider threat programs in the private sector
From: Valdis Kletnieks <valdis.kletnieks () VT EDU>
Date: Fri, 23 Feb 2018 22:17:39 -0500
On Fri, 23 Feb 2018 22:51:07 +0000, Jan Buitron said:
There must be hundreds of recommendations for which components SHOULD be in an insider-threat program, but it is difficult to figure where to start. Most companies do not have a wheelbarrow of funds to start a program; they need to start, however.
I'll go out on a limb and say the best bang for the buck is to not try to do it from an ITSEC point of view, but approach it more broadly - everything from embezzling by people who deal with money for the company, to the person in the warehouse who's selling your spare parts on Ebay, and so on. And all these varied issues can be combatted with the same general principle: Two persons are involved. The person writing checks isn't the person balancing the books. The person moving stuff in the warehouse isn't the person doing the inventory. And so on - down to "isn't the person who's reviewing the IT security logs". More bang for the buck because (a) a lot of the insider threats aren't IT and (b) once you get the "two persons" thing ingrained into the corporate culture and policy, it's actually pretty easy to extend to cover new/different things as needs change....
Attachment:
_bin
Description:
Current thread:
- Seeking volunteers to help with doctoral research regarding improving how to start insider threat programs in the private sector Jan Buitron (Feb 23)
- Re: Seeking volunteers to help with doctoral research regarding improving how to start insider threat programs in the private sector Valdis Kletnieks (Feb 23)