IT disaster recovery, cloud computing and information security news

SIFMA publishes updated Insider Threat Best Practices Guide

SIFMA has issued the second edition of its Insider Threat Best Practices Guide.  The Guide is designed to be a resource for financial firms as they advance their insider threat programs by identifying and discussing best practices and understanding the regulatory and legal framework that shapes the development and implementation of insider threat programs. Additionally, the document helps financial firms measure their insider threat program’s effectiveness and structure against industry benchmarks and risk management models.

“There is likely no greater threat to financial stability than a large-scale cyber event.  25 percent of all cyber incidents today are caused by malicious insiders or, unintentionally, by other employees or contractors.  The number of cyber threat incidents have increased substantially over the past ten years from hundreds to several thousand incidents annually,” said Tom Price, SIFMA managing director of Operations, Technology and BCP.  “Insider Threat Programs are an essential tool as firms leverage benchmarks, guidelines and best practices to build and evaluate the resiliency of their programs.  SIFMA’s updated Guide reflects the most recent changes to employment and privacy laws, so firms can maintain and improve compliance while monitoring insider behavior for potential risks.”

The Guide expands the definition of ‘insider’ to include both accidental and malicious insiders, and offers details on how firms are treating accidental insiders and looking at intent as a key differentiating factor between the two categories.  It also offers updates to relevant domestic and international laws governing privacy and employment and how those laws can limit the way firms monitor for potential risks of insider threats.

Read the guide (PDF). 



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

   

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.