The Role of Mitigation in Insider Risk Series, Part 3 of 3
Dr. Shaw’s critical pathway to becoming an insider risk illuminates the behavioral and event-based journey the individuals take prior to acting out in a way defined as an insider threat action. When following the pathway, the first milestone is professional and personal stressors. These all too often go overlooked or undetected but should be the first opportunity an organization can take to mitigate potential insider threat acts. Prior to an attack, Dr. Shaw highlights “maladaptive organizational response” as the final opportunity for action. It begs the question: what is a maladaptive organizational response and how do insider risk programs get it right or wrong? Failure to act, acting too quickly, implementing strict guidelines, and not implementing enough guidelines are all examples of maladaptive organizational responses that could hinder proper mitigation of insider threats. Terminating an employee facing financial stressors could be a catalyst for an attack in the worst case.
It can also be a signal to the rest of the workforce on the organization culture. Isolating an employee with declining mental health or depression could lead to harm to self-incidents. While the safety of the workforce is paramount, insider risk programs must balance creativity with meaningful enforcement to ensure success. As we explore 2024’s theme for National Insider Threat Awareness Month (NITAM), Detect, Deter, Mitigate, we will face the toughest element of the theme: after detecting an insider risk or deterring one, how do we mitigate the threat to the agency?
For Insider Threat, mitigations are actions an organization can take to reduce risk to the organization. These actions to be effective need to be informed by the risk you are seeking to mitigate. Simply, your mitigation should be focused on the risk surface. For insider threats we focus on the people, the employees, contractors and supply chain that all can introduce physical, cyber or other destructive behaviors into the work environment.
Significant research has been done to identify leading people risk signals. Dr Shaw codifies how these risk signals if left undetected, uncorrelated or actioned can build to a point where an individual does act out and tragically can cause harm to self, others and or the organization.
Insider risk professionals understand that early discovery of risk signals enables sooner mitigation opportunities. To support this organization must link mitigation to deter and detection strategies. Simply mitigation should not be seen as the end, but part of a continuous process.
But- there is a risk to the organization if mitigation is not nested within their policy, HR, legal and privacy guidelines. Mitigation, if not linked to the risk being solved for, can become an accelerant to negative actions.
Speaker and Presenter Information
Moderator: Jamison Mitchell
Counterintelligence and Counter-Insider Threat Team, Centers for Disease Control and Prevention
Dr. Liza Briggs
Social Scientist/Cultural Anthropologist, United States Marine Corps
Relevant Government Agencies
Air Force, Army, Navy & Marine Corps, Intelligence Agencies, DOD & Military, Office of the President (includes OMB), Dept of Agriculture, Dept of Commerce, Dept of Education, Dept of Energy, Dept of Health & Human Services, Dept of Homeland Security, Dept of Housing & Urban Development, Dept of the Interior, Dept of Justice, Dept of Labor, Dept of State, Dept of Transportation, Dept of Treasury, Dept of Veterans Affairs, EPA, GSA, USPS, SSA, NASA, Other Federal Agencies, Legislative Agencies (GAO, GPO, LOC, etc.), Judicial Branch Agencies, State Government, County Government, City Government, Municipal Government, CIA, FEMA, Office of Personnel Management, Coast Guard, National Institutes of Health, FAA, Census Bureau, USAID, National Guard Association, EEOC, Federal Government, State & Local Government, FDA, Foreign Governments/Agencies, NSA, FCC
Event Type
Webcast
This event has no exhibitor/sponsor opportunities
When
Tue, Sep 17, 2024, 1:30pm - 2:00pm
ET
Cost
Complimentary: $ 0.00
Website
Click here to visit event website
Organizer
ATARC