Reducing Insider Risk
Human behaviour, the way humans act and interact, is based on and influenced by several factors, such as genetic make-up, culture and individual values and attitudes. Human action denotes everything that can be observed, either with bare eyes or measured by physiological sensors, while cognitions describe the thoughts and mental images that people have. Cognitions comprise skills and knowledge – knowing how to use tools and perform procedures in a meaningful manner. Attached to both are emotions. Commonly, an emotion is any relatively brief conscious experience characterised by intense mental activity, and a feeling that is not characterised as resulting from either reasoning or knowledge.
Everything is connected
Actions, cognitions and emotions do not run independently of each other – their proper interaction enables you to perceive the world around you, listen to your inner wishes and respond appropriately to people in your surroundings. In addition to having basic and psychological needs met, having confidence in activities, feeling valued and respected by those around us will result in feelings of joy and emotional realisation. In such environments individuals are motivated and they display increased dedication and commitment to activities and causes. However, this can in some cases be reversed, with negative feelings resulting in sadness and potentially negative actions on the part of individuals. This can be detrimental in the workplace, resulting in the existence of a threat from insiders who have access to people, assets, premises and information which provide organisation with their competitive advantage.
Types of Insider
TRUSTiN Insider Risk Management
A TRUSTiN Insider Risk Management programme is based on seven core elements of effective personnel security processes
A. Governance and Leadership
B. Insider Risk Assessment
C. Pre-Employment Screening
D. Ongoing Personnel Security
E. Monitoring and Assessment of Employees
F. Investigation and Disciplinary Practices (Response)
G. Security Culture and Behaviour Change.
TRUSTiN is a role-risk based approach to managing insider risk. A mixture of pre-employment screening, background checks, leaving processes, proactive controls, user behaviour analysis and the ongoing monitoring of privileged accounts will minimise the risk of insider threats.
As these risks from within an organisation account for over 38% of breaches and are the most costly type of breaches, the return on investment for an insider risk management programme is clear. Such a system will:
Ensure that only authorised users are able to access powerful privileged accounts and sensitive assets
Prevent users from being able to gain unapproved elevated privileges
Establish strict accountability over the use of privileged accounts by tracking who accessed what accounts and assets, and what actions were taken
Improve forensic analysis and by generating a detailed, tamper-proof audit trail of all privileged account activity
Rapidly detect and be alerted on anomalous activity that could signal an inside attack in-progress