"Either way, on Wednesday, the US Cybersecurity and Infrastructure Security Agency (CISA) called insider threats "one of the most serious risks to organizational security." It urged critical infrastructure entities to "take decisive action" to mitigate threats from both malicious insiders and honest mistakes, and to help them do that, CISA published an infographic [PDF] with guidance on how to assemble a multi-disciplinary insider threat management team."
"The team should include subject-matter experts from across the organization, such as human resources personnel, legal counsel, security and IT leadership, and threat analysts, and should coordinate with external partners - including law enforcement and other risk and health professionals - as needed. These team members run the organization's insider threat program, monitor for potential threats, and intervene as needed to (hopefully) prevent any damage to the company's people, data, reputation, and bottom line, the guide says."
CISA called insider threats one of the most serious risks to organizational security and urged critical infrastructure entities to take decisive action. CISA published an infographic guiding organizations to assemble multi-disciplinary insider threat management teams including HR, legal, security and IT leadership, threat analysts, and external partners such as law enforcement and health professionals. These teams are tasked with running insider threat programs, monitoring potential threats, and intervening to prevent damage to people, data, reputation, and finances. CISA also offers a mitigation guide, a workshop, and a program evaluation tool. The guidance coincided with reports that a senior CISA official uploaded sensitive contracting documents to ChatGPT.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]