Although insider-threat incidents within organizations tend to be different case-by-case, says Carnegie Mellon University's Dawn Cappelli, there are similarities and patterns that organizations can look for when mitigating their risks. What are some of the common characteristics among insiders, and how can...
People, as much as anything else, are a critical aspect of information risk management, and businesses and government agencies must monitor employees - and educate them, as well - to thwart a potential threat from within.
"It's a crime like no other crime," says James Ratley, president of the ACFE, describing fraud. "There was not a gun involved, there was not a knife; there was in many cases a ballpoint pen or a computer."
Security managers need the heads up from non-IT executives before they dismiss employees, some of whom might seek payback for their sacking by pilfering data or sabotaging systems, Carnegie Mellon University's Dawn Cappelli and Mike Hanley say.
People with good analytical backgrounds that understand regulatory compliance are in demand. Their counterparts - defenders of IT systems - will always be in demand.
"We need the tens of thousands that can manage those defenders and then we need 100,000 that are out there learning the trade, that are passionate...
Pace University's Seidenberg Cyber Security Institute plans to leverage public-private partnerships - a challenge for educational institutions. How will the institute help the private and public sectors meet their security needs?
Regulators push tougher cybersecurity measures. But the challenge for smaller organizations isn't compliance - it's budgets. Wendy Nather of 451 Research defines the 'Security Poverty Line' and what to do about it.