One of the challenges associated with effectively combating the threat of insider data leaks, stems from a lack of understanding of the risk resident within the perimeter.
Employing a simple, systematic approach to rating the risk associated with each position in an organization serves multiple purposes, all of which work together to improve organization awareness and security.
The insider threat requires a mix of people, process, and technology to detect and deal with.
Becoming a positional risk scored organization
Every position has an inherent level of risk associated with it; the systems and information that the position has access to form the basis of that risk. The work product that the position is engaged in creating contributes to it as well. There are, to be sure, other factors that contribute, but using a simplified approach focused on a few critical contributing elements enables actual progress towards becoming a positional risk scored organization.
In the Guide Essentials - Quantifying Risk Worksheet available here (requires registration) you will find a framework designed to assist you in improving the understanding of insider risk within your company, aligning appropriate levels of inspection on the activity and behaviors of insiders to improve detection of potential attacks, and enhancing communication between key departments within your organization that further improves your awareness of threat conditions and enables proactive steps to mitigate the risk of an insider attack.