Cybersecurity Blog: The Cyber Scene is evolving, are you?

Return to blog

Part 3: Successful insider risk programs begin with good choices—prioritizing what to protect and how to protect it.

While often overlooked as a critical component to enterprise security, the insider threat is difficult to ignore when organizations increasingly lose critical assets (intellectual property, proprietary data, network infrastructure, financial assets, facilities, etc.) due to an individual's theft or negligence.

When a company gets hit by an insider, the damage is significant. In fact, one could argue that damage by an insider who has unfettered access to critical company assets can cause more damage than an advanced persistent threat (APT) attack.

In the first blog of this four-part series, I discussed why you need to use leadership advocacy and a proper governance structure to kick off your insider risk program. Part two covered the need for a comprehensive communication strategy and the importance of documentation.

So, we’re half way through the eight components organizations should consider when building a successful program. Let’s continue the conversation by defining critical assets vital to business operations and leveraging technology.

Critical Assets

Identifying what deserves the greatest protection is perhaps the most fundamental, and yet most overlooked aspect of an insider risk program. Tangible and intangible critical assets need to be identified, categorized, labeled and given appropriate physical, logical, and administrative controls.

Asset value is a key element in the risk equation and organizations should have a good understanding of what they most need to protect. To do so, an organization must have established criteria of what constitutes a critical asset, identify the location and owner of such assets, create and implement a classification schema for all tangible and intangible assets, and have a means to audit who accesses these critical assets.

Critical assets may include physical items and products, data, software, processes, and even individual employees. A data classification schema is imperative to enable technical monitoring capabilities. Proper critical asset management is a key step to provide defensibility in matters of trade secret compromise, particularly if prosecution under various Federal and State statutes may occur.1


I’ve been to tradeshows where there’s a multitude of different technologies that promise to be the answer to solve all of your insider woes.

In addition to network and endpoint monitoring capabilities, insider risk programs should include targeted employee monitoring capabilities, social media surveillance, and robust case management tools.

However, it’s important to understand, given the intrusive nature of some technical tools and the gravity of the results rendered by their employment, that information collected about individuals is in accordance with the organization’s privacy requirements, policies and standards, and with legal counsel approval.

While technology plays an important part in the success of a robust insider risk program, the overwhelming amount of information from monitoring tools produces little insight if not partnered with proper analytical capabilities. It is only through appropriate analysis that data becomes operationalized information.

Enhance your risk management operations with on-site teams to meet your analytical requirements from initial operating capability through optimization.

Coming Soon – Part Four: Why Training and Consequence Management Matter to Insider Risk Programs

In my next post, I will discuss the remaining components in developing a successful insider risk program—training and consequence management.

Need Help with Your Insider Risk Program

As the workplace becomes more complex and insider risks increase, organizations must ensure they can detect anomalies and prevent incidents before they happen. Leidos is your trusted partner to ensure the protection of your company’s critical assets and help you prevent an insider incident before it occurs.

Our array of insider risk solutions and team of insider risk experts are ready to assist you through all phases of assessing your current risk profile, creating and administering a comprehensive insider risk management program – including the best technology for your specific needs –  and helping you to respond to insider incidents if they do occur properly.

Contact us to talk to one of our insider risk experts today or download the white paper and explore the eight components every organization must consider when building a successful insider risk program.


[1] 18 U.S. Code, Chapter 90 Protection of Trade Secrets § 1839 (3) (a) states an element of a trade secret is that “the owner thereof has taken reasonable measures to keep such information secret.”

Principal Consultant | Cary provides services to commercial and government clients through all phases of insider threat programs. Immediately prior to joining Leidos, he was the Counterintelligence Program Manager for a global communications and information technology company. Before that, Cary served in federal government for over 25 years and held intelligence, counterintelligence, and investigative roles with the Central Intelligence Agency, Office of the National Counterintelligence Executive, and Air Force Office of Special Investigations. He earned a Bachelor of Science degree from the United States Air Force Academy and a Master of Arts degree from The University of Utah.