

Designing an Insider Threat Program - heidibrayer
http://blog.sei.cmu.edu/post.cfm/designing-insider-thread-programs-272

======
AndrewKemendo
_The CDS advocates that an employer monitor insider actions 60 days prior to
termination and for 60 days after termination._

This is a strawman based on faulty statistics. The 60 day window largely falls
on the front-end of the firing scenario and is often the cause for firing. If
the employer has advance knowledge of, say the end of a contract period, then
this is possible, however the biggest leaks have come from people who are not
on the tail end of known contracts.

I didn't see anything in this article that is new or unique to the insider
threat protection - and does all the same stuff that all previous protection
programs do: look at all employees as future threats.

The best insider threat program is a combination of good compensation, good
communication, clear expectations and high work engagement. No insider threat
ever was enthusiastic about their job, engaged with other employees and wanted
to excel in their position.

Someone who is unhappy is a threat, the best way to combat that is to be doing
something they find worthwhile and being compensated fairly for it.

