Build the Right Program
From compromised accounts and infested hosts to data exfiltration to zero-day attacks, the variety of threats from within the firewall continue to pose one of the biggest business risks due to the potential of high-level damage.
Taking the initial steps to create an insider threat program is not difficult. Most companies have the groundwork already established in their human-resource policies, legal processes, and information-security tools. Yet, bringing those disparate policies, processes and systems into a single program is the hard part. The resulting program should be well documented with frequent opportunities to insert feedback and lessons back into the process to drive the insider-threat program to maturity.
We have built a 7 steps program into an ‘Insider Threat Survival Guide’ containing some best practices for setting up your insider threat program :
- Calculate Magnitude of Impact of Insider Threats
- Evaluate Current Policies
- Evaluate Current Visibility into Insider Threats
- Establish a Holistic Insider-Threat Framework
- Create an Interdisciplinary Policy Group
- Create New Training Materials
- Determine What Technology Gaps Need to be Filled
The right program needs the right enabling technology.
ArcSight Intelligence, powered by an In-Q-Tel Portfolio, Interset, is a proven behavioral analytics solution for finding the most elusive threats.
Also, don’t miss out on insights from industry expert interviews on how to strengthen your defense against insider threats:
- Stephan Jou – CTO of Security Analytics, CyberRes
- Paul Reid – Head of Threat Hunting Service, CyberRes
- Stan Wisseman – Chief Security Strategist, CyberRes
Access these by viewing the 'Insider Threat Programs' series on our ArcSight Unplugged channel below