Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Insider threat programmes: Time to hit restart
Cyber Security: A Peer-Reviewed Journal,
4
(3),
213-222
(2021)
Abstract
Insider threat programmes exist to protect sensitive data and assets from internal threats. While most organisations are comfortable with setting up programmes and technologies to protect against external threats, insider threat programmes have historically been harder to implement due to difficulties with technologies and creating the partnerships necessary to achieve success. Now that so many organisations face distributed working environments and increasing cloud-based collaboration tools, insider threat programmes are both more important than ever, as well as more difficult to implement based on typical insider threat programme frameworks. To address this new reality, we propose a new insider threat programme framework that enables cross-organisational collaboration while protecting critical assets and information. This framework consists of 21 controls broken down in people, process and technology pillars. It allows an organisation to make decisions based on the risk appetite of the organisation, while staying away from strict technology requirements that hamper collaboration. By focusing on visibility to data movement instead of blocking data access, this new approach allows for appropriate levels of collaboration in a distributed environment. This paper outlines some of the challenges that exist in traditional insider threat maturity frameworks as well as in the traditional prevention and blocking focused tools such as DLP.
Keywords: insider threat; security; data exfiltration; data security; data loss protection (DLP); data leakage
The full article is available to subscribers to the journal.
Author's Biography
Jadee Hanson , as chief information security officer at Code42, leads global risk and compliance, security operations, incident response and insider threat monitoring and investigations. To her position, she brings more than 15 years’ information security experience and a proven track record of building security programmes. Prior to Code42, Jadee held a number of senior leadership roles in the security department of Target Corporation, where she implemented key programmes, including compliance, risk management, insider threat assessments and more. Jadee also spearheaded the effort to embed security resources into the development process as well as the security plans behind the acquisition of software development and online retail companies. She was the security lead for the sale of Target Pharmacies to CVS Health. Before joining Target, Jadee worked at Deloitte, where she served as a security consultant for companies across diverse industries, such as healthcare, manufacturing, energy, retail and more. In addition to her day job at Code42, Jadee is the founder and CEO of the non-profit organisation Building Without Borders, which serves those in poverty-stricken areas throughout the world through housing services. Since April 2015, Building Without Borders has built 39 homes in areas of the Dominican Republic.
Todd Thorsen , CISSP, CISM, CIPP/US is an information security leader with more than 10 years’ experience in a variety of information security roles. Todd’s passion for security developed at Target where he led the enterprise third party security and privacy risk management function. Currently, Todd is the director of information security, risk management and compliance at Code42 Software Inc. In addition to his other security and compliance responsibilities, Todd is responsible for leading Code42’s insider threat risk management programme.
Nathan Hunstad , MSST, CISSP is the principal security engineer and researcher at Code42. He has over 10 years’ experience in numerous security roles, including security operations, threat and vulnerability management, risk assessment and management, cyber intelligence and threat hunting. He has a MSc in security technologies from the University of Minnesota.
