I find this to be one of the hardest to mitigate threats in information security. Frequently, fighting insider threats prevents people from doing work. Another problem is that too much restrictions and surveillance leads to distrust between employer and employee. So what's the right balance? What worked for you? In my opinion, the following idea usually work:
An even worse problem I don't even dare to cover: Insiders who get blackmailed. Again, if they trust you maybe they will come forward first. But that's a lot of trust.
So any good ideas you have to implement insider protections like that? Trust me... I will publish them. After all, I am an insider here ;-) (Thanks to Bill for pointing this out).
I will be teaching next: Intrusion Detection In-Depth - SANS Las Vegas Spring 2020
Oct 29th 2007
1 decade ago