While many Insider Threat assessments only include two categories (malicious and unintentional), there exists a strong argument to include a third category, the non-malicious insider – employees that knowingly violate security policy, but not for malicious purposes. These employees present significant risk that may be at worst overlooked, at best underestimated, and impact both cyber and physical security. Participants will hear significant examples of how non-malicious insiders unwittingly participated in major data breaches by malicious insiders and outsiders. Research-based and practical approaches will be presented for recognizing and managing the non-malicious insider, resulting in an improved overall security posture.
Speaker: Carl Willis-Ford, Doctor of Information Assurance and faculty at Whatcom Community College