Mark Paes, Carnegie Mellon University
When mitigating the critical risks posed by potential insider threats, there is a delicate balance that needs to be maintained in preserving the privacy of insiders. This presentation will examine the intersection of insider threats, privacy, and methods in detection and security management. We will define insiders, threats (both negligent and malicious), and risks and explore their interconnectedness. We'll then delve into the human element of security and its inherent link to privacy concerns. A core focus will be on the aspects of insider risk management that raise privacy and civil liberty questions. We'll explore program governance, personal data management, user activity monitoring, and more. Additionally, a discussion will be had on the privacy threats posed by insiders themselves, along with mitigation strategies. The latter portion of the presentation explores potential privacy threats arising from insider management practices. We'll discuss safeguards and strategies to mitigate these concerns. Finally, we'll examine emerging technologies in artificial intelligence and encryption that offer the promise of effective risk management while upholding privacy.
