Page 46 - Cyber Defense eMagazine for July 2020
P. 46
prevent the insider risk event by engaging with the potential threat early. This is precisely what occurred
in John’s case. The company responded effectively to ‘turn John around’ and prevent potentially hostile
and harmful acts from occurring.
Technical and Non-Technical Risk Indicators
The Defense Counterintelligence and Security Agency (DCSA) Center for Development of Security
Excellence published a list of potential risk indicators, which are categorized below into ‘Technical
Indicators’ and ‘Non-Technical Indicators.’ Technical indicators can be detected by monitoring and
analyzing computer and network activities. Non-technical indicators typically occur off the computer and
network and therefore cannot be detected on those systems.
Insider threat potential risk indicators categorized by whether or not they can be commonly detected by
monitoring computer and network activity.
While the average enterprise insider threat program might not share the same objectives as DCSA, the
agency’s human-centric view of the challenge is instructive to companies because the cause of insider
threat problems is, by definition, known individuals associated with and managed by the organization.
Effort and resources allocated to gathering, integrating and analyzing non-technical indicators to better
know those individuals can improve the effectiveness of programs that mostly rely on technical indicators
Cyber Defense eMagazine –July 2020 Edition 46
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.