. https://www.observeit.com/blog/how-confront-insider-threat/


So, you’ve successfully detected, and then investigated a potential insider threat. You’ve learned a great deal about that user (be it an employee or a third-party contractor), including who they are, what happened, when, where, and also why, thanks to the visibility given to you by your insider threat management solution. You’re ready to take action. The data-backed evidence you need is there, in both video and textual log form. But how do you confront the perpetrator? The short answer is, you don’t. The reason why comes down to two things: your role-based expertise, and your overall intentions. Know Your Role. By definition, your expertise and role as a cybersecurity professional relates primarily to cybersecurity. Any matters of personnel management, reprimanding, etc. should involve members of Human Resources and/or Legal, depending on the severity of the situation at-hand. To do otherwise may welcome undue risk upon yourself, your team, and your organization as a whole. Intention wise, it’s more of the same. Consider the meaning of the word “confront” for a moment. It has associations that are primarily negative – when you confront someone, you’re challenging them, and welcoming a response. More often than not, that response will be anything but positive, increasing risk. READ MORE