EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Insider threat programmes: Time to hit restart

Jadee Hanson, Todd Thorsen and Nathan Hunstad
Additional contact information
Jadee Hanson: Code42 Software Inc., USA
Todd Thorsen: Code42 Software Inc., USA
Nathan Hunstad: Code42 Software Inc., USA

Cyber Security: A Peer-Reviewed Journal, 2021, vol. 4, issue 3, 213-222

Abstract: Insider threat programmes exist to protect sensitive data and assets from internal threats. While most organisations are comfortable with setting up programmes and technologies to protect against external threats, insider threat programmes have historically been harder to implement due to difficulties with technologies and creating the partnerships necessary to achieve success. Now that so many organisations face distributed working environments and increasing cloud-based collaboration tools, insider threat programmes are both more important than ever, as well as more difficult to implement based on typical insider threat programme frameworks. To address this new reality, we propose a new insider threat programme framework that enables cross-organisational collaboration while protecting critical assets and information. This framework consists of 21 controls broken down in people, process and technology pillars. It allows an organisation to make decisions based on the risk appetite of the organisation, while staying away from strict technology requirements that hamper collaboration. By focusing on visibility to data movement instead of blocking data access, this new approach allows for appropriate levels of collaboration in a distributed environment. This paper outlines some of the challenges that exist in traditional insider threat maturity frameworks as well as in the traditional prevention and blocking focused tools such as DLP.

Keywords: insider threat; security; data exfiltration; data security; data loss protection (DLP); data leakage (search for similar items in EconPapers)
JEL-codes: M15 (search for similar items in EconPapers)
Date: 2021
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/6087/download/ (application/pdf)
https://hstalks.com/article/6087/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2021:v:4:i:3:p:213-222

Access Statistics for this article

More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:aza:csj000:y:2021:v:4:i:3:p:213-222