Enterprise-Wide Risk Assessment
The best choices made in enterprise-wide risk assessment are ones which admit that no organization can adequately prepare and protect themselves from every risk. Rather, in order to engage in enterprise-wide risk assessment in a lasting and meaningful way, one needs to be able to pinpoint critical assets along with key vulnerabilities. This chapter covers yet another issue in this process, which is the ability to understand the threat environment that one's work or business exists within, so that one can accurately assess the overall risk of the enterprise.
Another solid choice in comprehensive enterprise-wide risk assessment is the issue of anticipating and preventing for insider threats. Too much time, money and energy is spent on protecting data from external threats, when there are already significant security issues presented from the inside to one's network or systems. Security awareness training is one solid way that one can prevent against such threats: all staff members need to know what to look for when it comes to grave insider threats and to know what to do when they see telltale signs of compromised staff members. For instance, a red flag of an internal threat would be if an employee makes a large download near the time of their resignation. All team members need to know the importance of being aware of such aberrant behavior and understand that they have a shared duty in reporting it.
Enterprise-wide risk assessment, when done properly, helps to prevent one from too easily overlooking the fact that trusted business partners and other such contractors still have access to one's information and information networks. While these people are trusted, one absolutely should not overlook the fact that they do have the ability to attack and thus, might attack at some point in the future.
Behavioral Precursors
One aspect of insider threats that so many people forget is that many internal attacks come with clear behavioral red flags ahead of time. As the chapter dictates, it is indeed in the best interest of the supervisor to create an environment where trust can thrive and where all individuals feel as though they're part of an environment where there is a strong sense of trust moving back and forth. However, if a manager seeks to establish a more trusting work environment and does so while compromising key behavioral and technical monitoring aspects, then this could create a somewhat warped work environment.
Thus, it becomes the obligation of the manager to prioritize assets as best as he can, tackling on his particular system and data issues. Above all, it is important for such managers to be realistic. There's absolutely no way for a manager to monitor every single thing any employee does. However, managers do have the responsibility to look for patterns. Managers need to be able to proactively look at the patterns of online behavior that employees generally exhibit over time and check for erratic behavior or hording of documents, excessive downloading along with any hostile or withdrawn behavior.
You’re 86% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.