Chapter
1 Introduction – Insider Threat Today
What Motivates an Insider to Act?
“Bricks and Mortar” to “Bits and Bytes”
Technology and the Insider Threat
Changing Workplace Demographics
Social Media and Validation:
Expectations of Ownership:
Challenges Managing Information:
Detecting the Insider Threat
Mitigating Asset Loss: An Integrated Approach
Developing a Secure Workforce
Establishing a Workforce Culture to Mitigate Risk
1 Define The Insider Threats
2 Define Your Risk Appetite
3 Optimize a Broad Set of Stakeholders
4 Don’t Forget the Fundamentals
9 Set Behavioral Expectations
10 One Size Does Not Fit All
2 Common Challenges to Maturing an Insider Threat Program
Challenges Faced by Program Managers
Are There More Insider Threat Cases Now Than There Have Been in the Past?
How Does an Organization Define Insider Threat?
Why Do Insider Threat Programs Need to Look Beyond the Malicious Insider?
Why Are Insider Threat Related Policies and Training Important?
What Capabilities Differentiate an Industry-Leading Insider Threat Program?
How Do I Escalate and Triage Potential Threats Identified by the Program?
How Do I Position an Insider Threat Program to My Workforce?
How Do I Scale My Insider Threat Program?
What are the Skillsets a Leading Program Needs to Have?
What Data are Needed to Proactively Identify Potential Insiders?
How Do I Evaluate and Select an Advanced Analytics Tool?
What Challenges are Generally Encountered When Standing Up a Program?
How Mature Does My Program Have to Be?
How do You Measure the Return on Investment?
3 From Bricks and Mortar to Bits and Bytes
The Transformation from Bricks and Mortar to Bits and Bytes
Insider Threat in a World of Bricks and Mortar
Insider Threat in a World of Bits and Bytes
Same Behavior, Different Context
Is Insider Activity More Prevalent Now?
The Workforce in a World of Bits and Bytes
Mitigating the Insider Threat in the World of Bits and Bytes
The Insider Threat of Bits and Bytes: A Case Study
4 Identifying Functional Ownership
Developing a Program to Prevent, Detect, and Respond Framework
Functional Assessment in Choosing a Program Owner
Program Guiding Principles
Governance Structure and Roles and Responsibilities
Program Communication and Change Management Plan
Incident Response Process
Ongoing Updates and Process Improvements
5 Identifying Critical Indicators in Organizational Data
Potential Risk Indicators
Translating Knowledge about Insiders Into Organizational Data
Identifying Critical Indicators Throughout the Organization
6 Establishing an Organizational Risk Appetite
Gathering Key Stakeholders a Critical First Step in Defining and Prioritizing Risk Tolerance
Defining Your Organization’s Critical Assets
Determining the Threat Insiders Pose to Your Critical Assets
Balancing Security Investments and Tolerance for Loss
Re-evaluating Asset Prioritization
Case Study 1: Financial Services Firm
Case Study 2: Health Care Provider
Case Study 3: Telecommunications, Media, and Technology
7 Risk Management Using Data Analytics
Introduction to Advanced Analytics
Advanced Analytics in Motion
Business Rule Approach and Development
Advanced Analytics Security
Security Analytics as a Business Enabler
Aggregate Data to Enhance Productivity
Business Processes Enhancements
8 Information Security and Technology Integration
Administrative and Procedural Controls
Improving the IT Culture Through Administrative Controls
Building-In Versus Bolting-On
Identity and Access Management
User Activity Monitoring (UAM)
Preventive Physical Controls
Detective Physical Controls
Future of Security Controls
9 Robust Cyber Risk Management
Cyber Risk Management and Business Performance
Robust Mindsets: Secure, Vigilant, Resilient
Insider Threat: A Dynamic, Multilevel Problem
Building Robust Mental Models and Collective Mindsets
Common Characteristics: Secure, Vigilant, Resilient Programs
10 Threats Posed by Third-Party Insiders: Considerations for a Vendor Vetting Program
Trends Driving Prevalence of Vendors in the U.S. Market
Examples of Threats Posed by Vendors
Supply Chain Infiltration
Approach to Vendor Vetting
Automated Vendor Vetting Solutions
11 Employee Engagement: Critical to Mitigating the Risk of Insider Threat
Understanding Why Employee Engagement is a Critical Issue
Engagement is a Critical Workforce Challenge Today
Workplace Drivers of Engagement
Measuring Employee Engagement
Improving and Sustaining Engagement
12 Workplace Violence and Insider Threat
A Historical but Cumulative View of Workplace Violence and Insider Threat
Myths Regarding Workplace Violence
13 Monitoring and Investigating
Prioritizing a Monitoring Capability
Escalation and Triage Process
Responding to an Insider Threat
Response Team and Process
Conducting a Review: Escalation and Triage
What Escalation and Triage Looks Like
14 Privacy Considerations for Insider Threat Mitigation Programs
Data Privacy and the Collection of Potential Risk Indicators (PRIs)
Balancing Data Privacy with Effective Insider Threat Mitigation
The Privacy Impact Assessment (PIA)
Determining the Need for a PIA
Additional Privacy Considerations
Insider Threat: A Look Forward
The Changing Definition of Insider
Understanding the Macro Environment
Impact of Economic Downturns
Protecting the Entire Value-Chain
Big Data and Risk Analytics
Scenario 1.0: Nearsighted/Farsighted
Scenario 2.0: Selective Views
Scenario 3.0: Unreconciled Perspectives
Scenario 4.0: 20/20 Vision
Appendix G: Business Assurance/ Insider Threat Working Group Charter
Phase I Project Background
Phase II Project Objectives
Roles and Responsibilities
Appendix I: Business Rule Development