a modern insider threat program isn't Justin I. T. Security concern.
To round out an effective program, you need to bring in stakeholders from legal and human re sources as well as I T and Security.
From the legal perspective, there are many insurance, legal and regulatory reasons. Companies will want to protect their confidential properties like employee data, Social Security numbers and other personally identifiable information.
Chances are your data is included in one or more of these regulations.
Not only are your lawyers interested in avoiding any regulatory entanglements, but they're also probably keen to minimize the risk of legal actions resulting from data leaving or entering your organization.
And because insiders convey employees or contractors, how you deal with the insiders is of particular concern to your HR team.
They would prefer that we not make unintentional insider threats into malicious insider threats because we mistreated them.
The best way to handle that is to focus your program or on the activity than the person.
Once you've detected a possible insider threat and initiated an investigation, if we start from the position of knowing that most insider threats air accidental, we can probably close most incidents with just a call and some additional user education.
But if we collect evidence that the action is malicious,
that's when we escalate.
But for all of that to work smoothly, HR and legal need to be part of the process.
From the planning of the program to developing work flows,
everyone could be on the same page and understand the process
when it comes to a modern insider threat program. I t. N security aren't the only interested parties that need to rely on and participate in it.
You need to bring in stakeholders from legal and human resource is to round out the program.
They'll have specific things they'll want the program to do and will know best how to engage them if it insiders, action is shown to be malicious and we need to escalate.