Critical Components of an Insider Threat Mitigation ProgramBrandon Swafford of Forcepoint on an 'Inside-Out' Approach
Organizations should take an "inside-out" approach to mitigating the insider threat, says Brandon Swafford, CTO, data protection and insider threat, at Forcepoint.
"The inside-out approach amounts to coordinating good perimeter controls with decent internal controls and monitoring," he says in an interview with Information Security Media Group.
Tactics and technologies both play an important role, he stresses.
"It is always tactical to engage with the workforce with a well-governed policy and clearly defined roles and reporting chain for detecting early warnings of threats," he says.
Technology controls supplement a risk management framework, he adds.
"The approach enables security practitioners to track the behavior of people by gaining greater visibility of the data movement and its accessibility patterns," he explains.
In this interview (see audio link below photo), he offers insights on:
- How data is leaked by insiders;
- Integrating an insider threat program with an information security program;
- Building a security culture.
Swafford has more than 12 years of experience in legal investigations and security, including at hedge funds, the U.S. intelligence community and as a cyber counterintelligence consultant and analyst. He has worked with the National Insider Threat Task Force and the Office of the National Counterintelligence Executive. Swafford provided insider threat analysis and investigation consulting to the International Monetary Fund in Washington.