Applying the critical-path approach to insider risk management

In 2015, Shaw and Sellers published a paper entitled ‘Application of the Critical-Path Method to Evaluate Insider Risks’. This paper has become one of the main tools used to describe how malicious insider risks eventuate, particularly how a ‘good’ employee might transition from engaged to destructive over time. This article looks at the four main steps on the critical path (personal predisposition, life stressors, concerning behaviours, problematic organisational responses) and how early identification can be used by managers to divert employees from the critical path. Given that employees may stay with organisations for many years, continuous monitoring is required as trusted insider events can develop at any time. The concept of continuous monitoring and the need to properly configure these systems is also discussed. Continue reading