prevent the insider risk event by engaging with the potential threat early. This is precisely what occurred
            in John’s case. The company responded effectively to ‘turn John around’ and prevent potentially hostile
            and harmful acts from occurring.



            Technical and Non-Technical Risk Indicators
            The  Defense  Counterintelligence  and  Security  Agency  (DCSA)  Center  for  Development  of  Security
            Excellence  published  a  list  of  potential  risk  indicators,  which  are  categorized  below  into  ‘Technical
            Indicators’  and  ‘Non-Technical  Indicators.’  Technical  indicators  can  be  detected  by  monitoring  and
            analyzing computer and network activities. Non-technical indicators typically occur off the computer and
            network and therefore cannot be detected on those systems.








































            Insider threat potential risk indicators categorized by whether or not they can be commonly detected by
            monitoring computer and network activity.

            While the average enterprise insider threat program might not share the same objectives as DCSA, the
            agency’s human-centric view of the challenge is instructive to companies because the cause of insider
            threat problems is, by definition, known individuals associated with and managed by the organization.

            Effort and resources allocated to gathering, integrating and analyzing non-technical indicators to better
            know those individuals can improve the effectiveness of programs that mostly rely on technical indicators






            Cyber Defense eMagazine –July 2020 Edition                                                                                                                                                                                                                         46
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.