An Insider can be ANYONE Employee, Contractor, Business Partner, etc. with the right motive and means, and can have a Tactics at their disposal, that will put
an organization’s assets at risk.
An organization must Think Outside The Box to successfully detect and mitigate the risks posed by Insiders.
Malicious Insiders
don’t care about compliance regulations. They just look for security gaps and vulnerabilities within an organization, to achieve their objectives. The impacts
from Insider Threat incidents can be very severe, costly and damaging.
Not all incidents by Insiders are malicious. Non-Malicious Insider incidents can be just
as damaging as malicious incidents. Given this threat landscape, it is
imperative that critical infrastructure entities prioritize and dedicate
resources to preempt and/or mitigate insider threat.
To help The National
Counterintelligence and Security Center (NCSC) issued “Insider Threat Mitigation
for U.S. Critical Infrastructure Entities: Guidelines from an Intelligence
Perspective. Read on attached document if you interested .
insider threat
Related to this is
another whitepaper by Simone (Cy) Genna publish by SANS Title:
Information Security Starts with the Employees which you can download
from here
#cybersecurity #informationsecurity #databreach #datasecurity #intelligence
#infrastructure #risk
0 comments:
Post a Comment