As the saying goes, “a house divided against itself cannot stand.” Similarly, an insider risk management program or an insider threat program (ITP) will also fail without a clearly defined leader. Too often, companies fail to appoint a leader out of a “team approach” mentality or out of deference to current management fiefdoms. The result of putting everyone in charge is that no one is in charge.
This doesn’t require an insider threat “czar” with total control and veto authority over all things related to insider risk management. What is required, however, is an individual who is ultimately responsible for fostering collaboration across functions, bolstering capabilities, and measuring and reporting progress to leadership. The government refers to this role as the “senior official” responsible for managing insider threat. In corporate America, this official may be any of the following: CRO, CSO, CISO or CAO.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
