Any recommendations for educating employees about insider risks? What are some best practices you've found effective / what resonates most?

Process ManagementRisk ManagementAwareness & Training+1 more
2.9k views4 Comments
Sort By:
Oldest
CISO in Softwarea year ago
Based on my experience, one of the best practices companies can perform is to create and (mandate) employee training based on real world scenarios and events that have occurred previously inside the company (with names and people anonymized). 
1
Information and Security Office & Enterprise Data Governance/AI in Finance (non-banking)a year ago
Just to be clear: Not all Insider Risks materialize into Insider Threats, but all Insider Threats originate from an Insider Risk. 
Educate Users as part of the Cybersecurity Training and Awareness program (annual or bi-annual training). Ensure it is aligned with organizational risk appetite.
1
Chief Information Security Officer in Healthcare and Biotecha year ago
Couple suggestions - 
1. Continious employee training program 
2. Incentivise the positing reporting
3. Provide sample use cases, if possible from past incident without disclosing the employee details 
4. Create sense that security team is monitoring. 
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Strategic Banking IT advisor in Bankinga year ago
We have a pretty good training strategy that includes many different topics: insider risks, security, data protection, accountability, etc.

It's always interactive with videos and some questions to answer (kind of an exam).

Some training are mandatory and dashboards are available to managers.

With this, everyone will not only see the training but need to succeed the final exam (5 or 6 questions).

All year long, new material is being produced on multiple subjects.

And it's all managed through Workday.  

Finally, every employee could access its Security Dashboard where a gauge indicates his level of awareness.   And mandatory trainings also show up on the dashboard.

Content you might like

Can anyone help me figure out the market size of metadata management tools in the UK? I can see the market size globally for metadata platforms but not specific to UK or region.

Process ManagementManagement ToolsVendor/Product Assessment+1 more
IT Manager in Construction5 days ago
Hello,
I had a look and it seems available for free can be easily find European and global market but there are a bunch of company with commercial reports for UK. I will search more.
2k views1 Comment

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & LeadershipStrategy & ArchitectureCloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments

What would you rather have MBA or CISSP? Why?

People & LeadershipStrategy & ArchitectureProcess Management+9 more

MBA / Master's Degree75%

CISSP / Comparable Certification24%

9.8k views1 Upvote21 Comments

We are mid-size Nordic finance institution and now looking to automate further our fraud monitoring capabilities. Any insights into strong local partners that exist for such capabilities would be gratefully received?

Process ManagementAutomation
CISO in IT Services7 days ago
look for Plaid I know I looked at them last year
925 views1 Comment