search menu icon-carat-right cmu-wordmark

Insider Risk Management Symposium to Help Turn Data into Decisions

Insider Risk Management Symposium to Help Turn Data into Decisions
• Article

August 24, 2022—The Software Engineering Institute’s CERT Division will hold its Insider Risk Management Symposium online on September 7 and 8. The ninth annual instance of the event will focus on advances in the ability of insider threat and insider risk management programs (IRMPs) to turn data into actionable insights. Registration for this free, virtual event is required.

Incidents of insider threats have increased 44 percent in the past two years, according to a Ponemon Institute study. The SEI defines insider threat as the potential for an individual who has or had authorized access to an organization’s critical assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.

The theme for this year’s Insider Risk Management Symposium is “From Data to Decisions.” It reflects the types of decisions insider threat programs and IRMPs are making as the threat landscape changes. “The increasing number of remote workers requires greater situational awareness into employee connectedness to their work and their employers. The Great Resignation has exacerbated the risk that departing employees pose to a company’s confidential information,” said Dan Costa, technical manager of the CERT Division’s Enterprise Threat and Vulnerability Management team and one of the symposium’s organizers. “More organizations are recognizing the need to deploy proactive risk management strategies to adequately address the threat that insiders pose.”

Technical, behavioral, and organizational factors influence insider risk, according to the SEI’s work with private- and public-sector organizations. A successful IRMP must be able to make risk-based decisions based on its own data.

The CERT Insider Risk Management Symposium gathers SEI researchers, as well as insider risk management practitioners from industry and government, to discuss how IRMPs can transform raw data into actionable information.

After opening remarks by CERT Division Director Greg Touhill, the symposium will hold four sessions over two days:

  • Modernizing Test and Evaluation for Insider Risk Analysis
  • Technical Advances in Moving from Data to Decisions
  • What’s New from the SEI in Insider Risk
  • Anomaly Detection in the New Normal

James Shappell, director of the Department of Defense’s Insider Threat Management and Analysis Center, will give the keynote address.

“Attendees will come away from the symposium with increased situational awareness of the latest insider threats, actionable recommendations for effectively managing insider risk from leading-edge practitioners, and an understanding of the most up-to-date tools and references available to the insider threat research and practitioner community,” said Costa.

Since 2001, the SEI has researched insider risk by gathering and analyzing more than 3,000 real-world insider incidents. Partnerships with federal government agencies and industry organizations have enabled the SEI to produce a broad body of knowledge on insider risk management, including best practices, webinars, courses and certificate programs, and blog posts.

The symposium coincides with National Insider Threat Awareness Month, sponsored by the Under Secretary of Defense for Intelligence and Security, the National Insider Threat Task Force, and the Defense Counterintelligence and Security Agency. The month-long campaign by the federal government and industry features events and materials to educate the workforce on deterring, detecting, and mitigating threats posed from trusted insiders.

Register to attend the free, virtual CERT Insider Risk Management Symposium 2022. See the full event schedule online.