INSA Publishes Framework for Insider Threat Analytics

By Haystax, August 10, 2018 | SHARE

A wide array of data analytics methods, tools, and techniques exist to improve the detection and mitigation of insider threats — those trusted employees who seek to harm an organization through theft, misuse of access, or workplace violence. The Intelligence and National Security Alliance (INSA) has just announced the publication of a framework to help government and industry decision-makers evaluate the merits of different analytic techniques and determine the best insider threat program approach for their organizations.

Developed by INSA’s Insider Threat Subcommittee, An Assessment of Data Analytics Techniques for Insider Threat Programs identifies six primary analytic techniques: 1) rules-based engines; 2) correlation and regression statistics; 3) Bayesian inference networks; 4) machine learning (supervised); 5) machine learning (unsupervised); and 6) cognitive and deep learning. The assessment includes brief explanations of each and guidance on how insider threat program managers could determine the types of tools that would most benefit their organizations.

“Determining which data analytics methods and software tools are best for an organization depends on the quality and comprehensiveness of data, the clarity of rules, the organization’s risk tolerance, and other factors,” said Tom Read, a key framework contributor and Vice President for Security Analytics at Haystax Technology. “We hope public- and private-sector corporate risk professionals can leverage this framework to evaluate the merits of different methods and then choose or develop tools to address their unique concerns.”

Mr. Read will discuss the framework at the Defense Intelligence Agency’s Department of Defense Intelligence Information System (DoDIIS) Worldwide Conference. His presentation, Insider Threat Mitigation: Assessment of Analytics Techniques and Real-World Results, will take place in Room 206 of the CenturyLink Center Omaha on Wednesday, August 15, 2018, from 10:30-11:20 a.m.

In addition to the framework, he will discuss anonymized case studies involving organizations that have focused heavily in recent years on establishing more effective risk-based insider threat programs. The case studies will highlight the analytical techniques used and evaluate how they succeeded or fell short.

Please contact John Boatman for media availability of Mr. Read during and after the DODIIS Conference. He can be reached at (202) 236-3797 or jboatman@haystax.com.

#  #  #