It is difficult to prescribe a formula to identify and stop all insider threats before they occur. However, there are steps that can be taken to reduce the ability of insiders to commit these attacks and mitigate the damage they are capable of inflicting.
The two primary approaches to countering insider threats are preventive and protective measures.
Preventive measures: the steps taken to stop or remove altogether possible insider threats.
Protective measures: steps designed to detect, delay, and respond to any insider attempts, while mitigating or reducing the impact they have on the organization.
It is important to combine these measures because they collectively provide the greatest coverage and ability to combat the insider threat through defense in depth.
Page 14 / 17