Where do HR and other non-security/IT departments fit into your insider risk management strategy/program? What role do they currently play?

Security & GRCRisk ManagementThreat & Vulnerability Management+1 more
4.2k views1 Upvote7 Comments
CISO in Software, 10,001+ employees
It is challenging, but sometimes very important for HR to work with IT and Security for scenarios where employees will be laid off, etc. as those people are often higher risk for performing unauthorized or malicious activities. 
VP Information Security Assurance, 10,001+ employees
Insider threat originates from People, I see a large role from HR specifically, like they would for any misconduct/investigation/incident, and an unbiased humane view. Generally learning and development and process like background check are handled by them. Those would be imp too. Other non-IT functions like physical security, Legal , business leaders have a role as their shadow and awareness of consequences shall drive the culture. 
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
HR is very risky domain
1
Director of Network Transformation, Self-employed
Employee exits.. If you are not aligned with HR, you will get burned..  And don't forget those shadow IT apps.  
1 Reply
Director of IT in Education, 5,001 - 10,000 employees

CASB Tools are excellent to find shadow IT apps.

Head of Information Security in Services (non-Government), 1,001 - 5,000 employees
Info Sec partners with HR, and business unit leaders as needed, to review potential red flags for leavers (sending docs to personal email, USB, etc.).
Director of IT in Education, 5,001 - 10,000 employees
HR is an integral part in the process and is critical in the decision process.
1

Content you might like

So far this year, $210 Million worth of ransomware payments have been tracked by analytics firm Chainalsyis. How much will have been spent in ransomware transactions by the end of the year?

Governance, Risk & ComplianceSecurity & GRCRisk Management+7 more

$300 - $400 Million30%

$401 - $500 Million45%

$501-$600 Million6%

$600 Million +7%

Unsure11%


175 PARTICIPANTS
490 views

A recently reported security vulnerability in Microsoft's MSHTML browser engine is being detected all over the world. It affects everyone with a Windows machine of any kind, as it's based on the victim opening an infected MS document attachment. Has your organization been targeted by this attack in the last 3 months?

Security & GRCThreat & Vulnerability ManagementNews

Yes55%

No32%

Unsure12%


514 PARTICIPANTS
1.4k views1 Upvote

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
41.1k views131 Upvotes319 Comments

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRCThreat & Vulnerability Management
Read More Comments
2.8k views5 Upvotes5 Comments

Any recommendations on OT security product? I tried pushing Crowdstrike but it wasn't approved by OEMs. Other two are Claroty and Nozomi. Any feedback either on above two or any other as per your experience?

Security & GRCStrategy & Architecture
Read More Comments
1.8k views1 Upvote2 Comments