Reducing Insider Risk Through Positive Deterrence
Abstract
Most organizations approach insider risk management with a command-and-control focus, pressuring employees to act in the interests of the organization through external controls. Positive deterrence complements the command-and-control approach by aligning and reinforcing the mutual interests of the individual and the organization in ways that further reduce insider risk. This brief report describes why and how insider risk management programs should consider augmenting their command-and-control strategies with positive deterrence. Programs that embrace positive deterrence can unlock greater potential to minimize insider risk and employees negative perception of the command-and-control approach. We provide actionable guidance on how organizations can combine positive deterrence and command-and-control of insider threat in a balanced way to take advantage of the reduced insider risk that it affords. As a complement to command-and-control, positive deterrence creates a work environment that reinforces the bond between the organization and its workforce, contributing to the well-being of both.
Document Details
- Document Type
- Technical Report
- Publication Date
- Aug 02, 2022
- Accession Number
- AD1181298
Entities
People
- Andrew P. Moore
- Carrie Gardner
- Denise M. Rousseau
Organizations
- Carnegie Mellon University