Insider threats can be difficult to nail down because it requires security to treat all authorized users as potential risks. The catch here is that to be effective, time is needed to create a baseline and even more to detect if something weird is going on- which could create a window for users to perform actions that can cause problems. Simultaneously, however, we don’t want users to feel like we are deliberately trying to reduce their productivity or that they’re working in a police state. There are some basic principles to follow when it comes to balancing security and employee agility.
What is risk?
Before we define an insider threat, we should establish a couple of core concepts. For example, what is risk in the context of information security?
According to the National Institute of Standards and Technology (NIST), information security risk is defined as “The Risk to organizational operations (including mission, function, image and reputation), organizational assets, individuals, other organizations and the nation due to the potential for unauthorized access, use, disclosure, disruption, modification or destruction of information and/or information systems.”
In most situations, organizations implement policies and procedures to try to reduce the amount of risk they take on.