Overview
Learn how to build an effective insider threat program in this 45-minute conference talk from Central Ohio Infosec 2015. Explore user activity monitoring, insider threat definitions, and the importance of auditing. Discover the key components of a comprehensive program, including stakeholder involvement, technical observables, governance, documentation, and tool selection. Gain insights into malicious insider behaviors and develop an implementation plan to protect your organization from internal threats.
Syllabus
Introduction
Daniels background
User activity monitoring
Insider threat definition
Why arent we auditing
We should be auditing
Look real
What makes a complete Insider Threat Program
Hope is not a strategy
The Y document
The staff
Stakeholders
Malicious Insider
Technical observables
Governance and oversight
Documentation
Tool Selection
Implementation Plan
Questions