Events , Governance & Risk Management , Incident & Breach Response

Essential Steps for Building a Risk Management Program

Randy Trzeciak on How Insider Threats Have Changed
Randy Trzeciak, director, CERT Insider Threat Center, Carnegie Mellon University;

When building an insider risk management program, don't start "too large or too quickly," says Randy Trzeciak of Carnegie Mellon University. He says the first step is to protect your organization's critical assets and services and then "build a risk program appropriate to those assets."

See Also: Cyber Insurance Assessment Readiness Checklist

In a video interview with Information Security Media Group at RSA Conference 2022, Trzeciak discusses:

  • How insider threats - and our understanding of them - has changed;
  • What's behind the push to help organizations make the move from an insider threat program to an insider risk management program;
  • Road bumps to avoid to create a successful insider risk management program.

Trzeciak heads a team focusing on insider threat research, threat analysis and modeling, assessments and training. He has more than 20 years of experience in software engineering, focusing on database design, development and maintenance. In addition to his role with CERT, he is an adjunct professor at Carnegie Mellon's Heinz College, Graduate School of Information Systems and Management.

About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.