Where do HR and other non-security/IT departments fit into your insider risk management strategy/program? What role do they currently play?

4.2k views1 Upvote7 Comments

CISO in Software, 10,001+ employees
It is challenging, but sometimes very important for HR to work with IT and Security for scenarios where employees will be laid off, etc. as those people are often higher risk for performing unauthorized or malicious activities. 
VP Information Security Assurance, 10,001+ employees
Insider threat originates from People, I see a large role from HR specifically, like they would for any misconduct/investigation/incident, and an unbiased humane view. Generally learning and development and process like background check are handled by them. Those would be imp too. Other non-IT functions like physical security, Legal , business leaders have a role as their shadow and awareness of consequences shall drive the culture. 
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
HR is very risky domain
Director of Network Transformation, Self-employed
Employee exits.. If you are not aligned with HR, you will get burned..  And don't forget those shadow IT apps.  
1 Reply
Director of IT in Education, 5,001 - 10,000 employees

CASB Tools are excellent to find shadow IT apps.

Head of Information Security in Services (non-Government), 1,001 - 5,000 employees
Info Sec partners with HR, and business unit leaders as needed, to review potential red flags for leavers (sending docs to personal email, USB, etc.).
Director of IT in Education, 5,001 - 10,000 employees
HR is an integral part in the process and is critical in the decision process.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41.1k views131 Upvotes319 Comments