In May the Pentagon published a change to the National Industrial Security Operating Manual (NISPOM), requiring contractors to “establish and maintain an insider threat program to detect, deter and mitigate insider threats.” The requirements put forth by the new NISPOM #2 should be viewed as a starting point, says Haystax CEO Bryan Ware in an interview with Marjorie Censer from InsideDefense. Although it’s a good place to begin, the requirements aren’t comprehensive, nor will they drive much change related to insider threat. Says Ware, “There’s nothing in that guidance that requires you to have a good program. Until it’s a competitive advantage to winning contracts . . . that an organization have a really high-quality program, I think that in the absence of that, it’s a cost to the business to have an insider threat program.” Charlie Sowell, a senior vice president at Salient CRGT who previously served as deputy assistant director for special security at the Office of the Director of National Intelligence, agrees. Sowell, like Ware, told InsideDefense that organizations must work to set up programs that exceed the minimum standards established by the government. Please click here to read the InsideDefense article.
Companies need to go beyond minimum insider threat standards, Haystax Technology CEO Tells InsideDefense