Reducing the Insider Risk Cone of Uncertainty

The Cone of Uncertainty concept is typically used in project management, hurricane forecasting and software development. Its purpose is to describe the evolution of uncertainty throughout the course of a project or projection. As corollary knowledge gathering and iterative stages are completed, uncertainty is reduced, and final scope becomes clear.

My argument is that the same concept can be applied to the determination of Insider Risk potential within an organization. Information Security teams can utilize a Cone of Uncertainty model in an environment that changes rapidly over time to predict most likely targets that malicious insiders could exploit. Alternatively, the projection could also be used to understand enterprise ‘human blind spots’ where critical knowledge of intentional or accidental risk requires better realization.

Human nature is an inherent driver of uncertainty. Successful risk reduction programs in today’s cyber landscape must know their employees at more than the corporate level. This knowledge is key to conducting proactive threat detection and managing potential insider driven vulnerabilities.

Projecting a Cone of Uncertainty for Insider Risk can be conducted across key teams within an enterprise. Steps to complete this work will be discussed, including the following:

• Building an understanding of the true pulse within the organization through internal OSINT,

• Utilizing available intel to model enterprise stress testing for the purpose of identifying potential weaknesses, and

• Updating evaluations across time for more accurate predictions of remaining uncertainty.

Current attack trends along with conventional knowledge identify Insider Risk as a key threat to teams, Federal and civilian alike. Attend this discussion to learn an alternate method of building real-time projections for internal threats and how to use that forecast to focus available resources.

‍