When building a modern insider threat program, you should ask yourself two key questions. First, who has the most to lose from an insider threat incident
and second, who will be involved in the investigation and response to an insider threat incident
and insider threat program should be more than just one person. It should be a collaborative effort between you and the individuals or teams who are either affected by an insider threat incident or investigating and responding to that insider threat incident.
And because no course would be complete without an acronym, Let me lay this one on you.
The Insider Threat Working Group, Your next step in building a modern insider threat program.
The Insider Threat Working Group, The It wig. Fun acronym. No need to thank me. You're welcome is a group whose mission is to develop your organization's program for addressing the challenge of insider threat.
Among other things, they're key in getting executive buy in building consensus among stakeholders and working closely with the General Consul and HR to develop your insider threat program policies.
But who exactly should be in this it wig?
Okay, maybe that's not as fun to say anymore. Let's just call it the working Group.
Ideally, the working group should be composed of stakeholders representing I t. Security, finance, risk, human re sources and legal.
Additionally, you may wish to include some line of business data owner representatives,
but let's hear from Thant Thorson and what he has to say about building out your working group.
When talking with the stakeholders or potential stakeholders, you need to determine what would happen if in incident occurred.
What are the ramifications of the loss of the assets or intellectual property?
Would there be a significant loss of revenue? Lots of reputation,
and thinking about your investigations and response? Consider the participants in those processes or work flows. Are you going to be working with HR Legal? Will security be looped in for certain situations?
Who gets involved if there's a broader cyber threat discovered?
Working through these hypothetical case scenarios will help identify which groups need to be a part of the insider threat. Working group
Membership in the working group will vary depending on your organizational structure and should strike a good balance between the data stakeholders and those involved in the investigation process.
Ultimately, you don't want to have your goals undermined by too many competing priorities
Your group should be comprised of people have knowledge in what type of data and assets their teams using share and where their most sensitive assets or data reside.
Once these people are identified, you may need to provide them additional training from across a number of security and regulatory topics, so they better understand how they will be key players in an incident Response.
You're working group should be skilled in a number of areas, including
This includes knowledge of the corporate security policy and relevant security standards, including access controls, cyber threats and risk management.
If applicable, some additional training may be needed in various security disciplines, such as hardware, software application and network
conducting response actions.
While input for conducting response actions will be provided by all members of the group,
someone in the group should have experience with response actions,
retaining, safeguarding and the use of records and data.
The safeguarding of records is more than just having backed up data,
but we'll also include where and for how long evidence for investigations should be handled.
Civil liberties and privacy laws fall within the purview of human resource is, or your legal department who can assist with portions of the response of actions taken.
And finally, any applicable laws and regulations.
Your legal counsel at insight for any applicable laws and regulations.
They should be a key player in determining when law enforcement should be engaged in any issue.
Since it's highly unlikely that you'll find all these disciplines in a single person, make sure everyone is aware of the time commitments and the training needed to be part of the insider threat Working group.
The mission of your working group is to get executive buy in, build consensus among the stakeholders and work closely with the general counsel and HR to develop your insider threat programs policies.
The group should be composed of people with significant specialization in their areas and will have valuable input in creating your program.
Think about which individuals or teams within your organization stand to lose the most from an insider incident.
Think about who should be involved in investigating and responding when an incident occurs.
Identify and engaged line of business leaders
HR legal and other I T leaders as key stakeholders.
Finally, you may need to provide your group members additional training, so be sure they're comfortable with the time commitments of participating in the group. Okay, your it wig.
Okay. It's still fun to say your insider threat Working group is ready to get to work
and one of their biggest tasks getting executive buying.