Essential Steps for Building a Risk Management ProgramRandy Trzeciak on How Insider Threats Have Changed
When building an insider risk management program, don't start "too large or too quickly," says Randy Trzeciak of Carnegie Mellon University. He says the first step is to protect your organization's critical assets and services and then "build a risk program appropriate to those assets."
In a video interview with Information Security Media Group at RSA Conference 2022, Trzeciak discusses:
- How insider threats - and our understanding of them - has changed;
- What's behind the push to help organizations make the move from an insider threat program to an insider risk management program;
- Road bumps to avoid to create a successful insider risk management program.
Trzeciak heads a team focusing on insider threat research, threat analysis and modeling, assessments and training. He has more than 20 years of experience in software engineering, focusing on database design, development and maintenance. In addition to his role with CERT, he is an adjunct professor at Carnegie Mellon's Heinz College, Graduate School of Information Systems and Management.