Who Should Be on Your Insider Threat Risk Team?
As a security professional, I have written a lot about the growing risk of insider threats—especially for small- to medium-sized companies who may not have the resources to dedicate one team member to this issue. Does your company fall into this category? Even if you don’t have a risk management person on staff, you still need experts who will keep this topic top of mind—you need to build an insider threat team. If you are a defense contractor the Insider Threat Program Senior Officials (ITPSO) must be identified as Key Management Personnel (KMP) and must have eligibility equivalent or higher to the level of the Facility (Security) Clearance (FCL).
Inspired by an article I recently read on CSOonline.com, here are the people from your staff that should make up your insider risk team:
Executive Team
At least one member of this team should be part of your company’s executive team not only to provide buy-in from the top of your organization but to be able to tie the company’s business strategies into your security policies and procedures.
Legal
Having someone with legal expertise ensures all of your employee monitoring activities meet local, state and federal laws. This person can also help determine which roles within the organization can review inside activities such as the downloading of content, websites visited and accounts that are accessed.
Human Resources
Human resources will be able to create the processes for documenting and monitoring as well as create a plan for communicating your policies to all employees. Someone from HR can also help implement procedures for new employees and terminated team members.
IT
You need your IT person involved with this team to evaluate and implement technology-based solutions and to provide “context” around which users have access to what data, what’s possible when it comes to monitoring activity, and to manage data access as needed.
Facility Security Officer (FSO)
Your FSO should be considered part of your Insider Risk Team.
I often find that many businesses put the responsibility of insider security entirely on the IT department or the Insider Threat Program Security officer however, they are not able to effectively implement a successful plan of action without others in your organization.
Collaboration is key when it comes to truly keeping your company safe.
Comments?