The Intelligence and National Security Alliance (INSA) released (01/23/2022) a new white paper, Strategies for Addressing Bias in Insider Threat Programs, that can help insider threat and security managers identify and mitigate biases that undermine the effectiveness of insider threat (InTP) programs in both government and industry.
Developed by INSA’s Insider Threat Subcommittee, this paper identifies sources of potential bias that can be attributed to both people and technology. Through personal cognitive biases, whether implicit and unrecognized or overt, InTP program staff can affect the objectivity of InTP analyses. Organizations can introduce bias at a systemic level through enterprise-wide hiring practices and personnel decisions. Technology can create bias through the selection, weighting, and categorization of data and the design or risk analysis models.
The consequences of both human and technological bias in InTP programs are high. Bias undermines the effectiveness of insider threat programs by diverting attention to low risks and causing higher risks to go unexamined. In addition, bias wastes resources, creates potential legal liability, and impairs an organization’s ability to hire and retain staff.
“We all know by now that algorithms don’t yield perfectly objective analyses – they reflect the assumptions and the data that humans provide them,” said Larry Hanauer, INSA’s Vice President for Policy. “If government agencies and corporations are to manage risk effectively, they must take proactive steps to identify and mitigate both human and technological biases in their approach to insider threats.”
The paper offers several recommendations for how organizations can identify and mitigate bias in InTP programs: