3 comments

[ 25.4 ms ] story [ 89.5 ms ] thread
The concept of insider risk is that we don't trust the employees, because you can't trust everyone, due to a combination of apathy and potentially malicious activity. Blocking non approved generative AI systems, as well as governing and monitoring the use of approved systems, isn't just good security best practices; it can also be required as part of compliance (depending on your regulatory obligations, if any).

https://www.cisa.gov/topics/physical-security/insider-threat...

https://www.cisa.gov/sites/default/files/2022-11/Insider%20T...