Veriato  Formerly  known  as  spectorsoft-logo       Learn More

Veriato Blog

  • Step 5 of 5 to Quantifying Insider Risk

    by Mike Tierney | Feb 14, 2017
    One of the best practices found in the Common Sense Guide to Mitigating Insider Threats – a document written well ahead of its time by the world-renown CERT division of Carnegie Mellon University’s Software Engineering Institute (SEI) – is the need to develop an employee termination process that takes into account the threat a departing employee can pose.
    Full story
  • Step 4 of 5 to Quantifying Insider Risk

    by Mike Tierney | Feb 11, 2017
    At a very high level, the risk scores equate to how much the organization sees the position, department, or individual in terms of potential exposure. Because a successful insider attack will result in harm to the organization, the appropriate response is to watch for signs or elevating insider risk (metastasizing into threat), using an appropriate level of scrutiny aligned to their risk level. In general, those with a lower level of risk only need to be monitored with a level of scrutiny that looks for leading indicators of elevating risk. Those posing a higher level of risk need to be monitored far more carefully –with an ability to rapidly review their actions in detail if necessary.
    Full story
  • Step 3 of 5 to Quantifying Insider Risk

    by Mike Tierney | Feb 08, 2017
    In order to establish controls that allow the organization to properly detect insider risk, you must first know where you should be looking. Each position within your company has a relative level of risk associated with it. For example, a position that has access to and works directly with intellectual property puts the organization at a much higher level of risk than someone who has limited access to customer contact data. A measured response is needed for each position, relative to its level of risk. Put not enough emphasis on monitoring risky users and you will find your organization a victim of an insider attack. Put too much emphasis on ‘eyes on glass” monitoring of users that pose no real risk to the organization, and you will have wasted time, budget, and energy
    Full story
  • Step 2 of 5 to Quantifying Insider Risk

    by Mike Tierney | Feb 05, 2017
    Insider risk begins the moment you grant access. What’s required on an employee’s first day is to present them with a Confidentiality & intellectual Property Agreement (CIPA). This agreement is designed to put a number of insider risk controls in place:
    Full story
  • Step 1 of 5 to Quantifying Insider Risk

    by Mike Tierney | Feb 02, 2017
    Risk around company data normally falls to someone within IT, the security team, or to the CISO, as these individuals will play a crucial role in quantifying and addressing insider risk. But, to properly assess the state of insider risk, as well as ensure suitable controls are responsively in place, you will need the perspective and assistance of a number of positions within your organization.
    Full story
  • Intro to Quantifying Insider Risk

    by Mike Tierney | Jan 31, 2017
    Risk is one of those subjective concepts that usually fall into vague categories like “low” and “high” – which has very little meaning on its own, and only has value when you tie those categories to actions (which we will cover later in this guide). To properly quantify the insider risk within your organization, we want to initially walk you through how to begin thinking about insider risk, as it is more a fluid and shifting concept than, say, the static risk assessment associated with whether your systems and applications are completely up to date on their patches.
    Full story
  • Quantifying the risk of an insider data leak

    by Mike Tierney | Sep 08, 2016

    One of the challenges associated with effectively combating the threat of insider data leaks, stems from a lack of understanding of the risk resident within the perimeter.

    Full story
  • 4 Steps to Reduce the Risk of Malicious Insider Activity

    by Mike Tierney | Jul 01, 2016
    Our CSO, David Green, has a new whitepaper out. Here he addresses some practical things you can do to improve your organizational ability to detect insider threats before they become insider attacks, react quickly and with confidence to potential (or actual) problems, and in doing so increase the security of you intellectual property and confidential information.
    Full story
  • 3 Steps To Protect Your Data From Leaving With A Departing Insider

    by Mike Tierney | May 25, 2016
    What is the High Risk Exit Period? It’s the period of time between when an insider (employee or contractor) decides to leave the organization - or begins to believe they are going to be asked to leave the organization - and the day they actually do leave.
    Full story
  • The Widespread Risk of Insider Threats

    by Mike Tierney | May 10, 2016
    There is a great infographic put out by the good folks at Deloitte on the topic of insider threats.  They've done a wonderful job packing a great deal of information into an easy to understand presentation.
    Full story