People are not computers. This seems like an obvious statement, but many of our security controls treat people as though they are neat streams of code. This can cause problems when it comes to insider threat programs. If we approach insider threat analysis as a black and white then we risk more than wasted time – we risk employee well-being and privacy. Brandon Swafford will examine insider threat programs as managing both the light and dark side of the human condition, and how to ensure that analysis that isn’t based on “guilty before proven innocent.” Based on his past experience, he will also walk through real world examples of malicious and accidental insiders.
