Many policy objectives were ardently debated throughout the 2016 presidential election cycle and became polarizing issues, dividing people chiefly along party lines. By contrast, the twin issues of improved insider
Lessons From the Financial Sector’s Approach to Cybersecurity Regulation
In earlier blogs, (here and here) we discussed weaknesses of the new industrial insider threat program regulation, the National Industrial Security Operating Manual (NISPOM) Change 2. As the November 30
A Wrong Turn on Insider Threat Programs
Detecting insider threats before they cause harm is, of course, a daunting challenge. In response, the US government has moved aggressively over the last five years to deploy tools on
Is Yesterday’s Trusted Employee Today’s Insider Threat? And How Would You Know?
What if you could instinctively know whom to trust within your organization? Better yet, what if you could automatically reassess a person’s level of trustworthiness, day by day and month
Companies need to go beyond minimum insider threat standards, Haystax Technology CEO Tells InsideDefense
In May the Pentagon published a change to the National Industrial Security Operating Manual (NISPOM), requiring contractors to “establish and maintain an insider threat program to detect, deter and mitigate
NISPOM 2 Adds Insider Threat Rule, But Does It Go Far Enough?
After years of deliberation, the Department of Defense has published Change 2 to its National Industrial Security Operating Manual (NISPOM). With this release, DoD requires the cleared community to formally
Why Homeland Security Doctrine Needs a Hard Reboot
Former Department of Homeland Security official Paul Rosenzweig has issued a long-overdue call for wholesale revisions to US homeland security doctrine, in reaction to fundamental changes in the security landscape
Network World: Cyber hygiene isn’t enough, says Haystax Technology CEO Bryan Ware
Like human hygiene, organizations must maintain regular cyber hygiene for healthy outcomes, but it’s critical they don’t neglect the tools and processes that mitigate cyber risk — the most serious