Establish a Comprehensive Insider Threat Program

Building an insider threat program can help organizations detect, deter, and respond to threats resulting from malicious and unintentional insiders.  It is important to acknowledge that program development and scope may vary based on an organization’s size, budget, culture, and industry.  The process below provides a framework to establish an effective insider threat program. 

Designate a Senior Manager

  • Provide program management and oversight
  • Advocate for program resources and funding
  • Organize and lead an insider threat working group
  • Report program details to executive leadership

Form an Insider Threat Working Group

Include key staff and personnel from across the organization.

  • Human resources
  • Physical security
  • Information security
  • Information technology
  • Data owners
  • Business continuity planners
  • Legal counsel (ethics & privacy)

The insider threat working group should be responsible for the following activities:

  • Develop and implement a comprehensive insider threat program
    • Reduce risk to people, data, systems, and facilities
    • Consider a phased approach to control cost and minimize impact on operations (pilot; limited scope; entire organization)
  • Apply a risk-based method that leverages business continuity plans and risk assessments to prioritize asset protection
  • Incorporate legal and regulatory requirements
  • Identify data sources that monitor behavior
    • Human resources management system
    • Video surveillance cameras
    • Entry/exit tracking system
    • Network user activity monitoring system
    • Financial fraud detection system
  • Collaborate with data owners to ensure information sharing
  • Safeguard privacy, civil rights, and civil liberties
  • Account for organizational culture during planning and execution

Develop Governance and Policy Documents

  • Require legal counsel endorsement
  • Do not hinder Whistleblower Protections
  • Mandate organization-wide participation
  • Direct collaboration and information sharing among all departments
  • Clearly describe acceptable behavior and consequence for violations
  • Highlight organizational commitment to privacy protections and confidential reporting procedures
  • Consider employee signed agreement statements

Implement a Formal Training and Awareness Program

  • Encourage executive leadership attendance
  • Incorporate training during on-boarding
  • Require annual refresher training
  • Reinforce program objectives during voluntary and involuntary departures
  • Tailor training to address unique mitigation roles and responsibilities
    • Individual
    • Role-based (front-line staff, managers, HR, IT, security)
    • Insider threat program office personnel

Create an Insider Threat Program Office

Multiple resources are needed to create an insider threat program office.  Organizations without the available resources are encouraged to invest in a scalable process that could migrate from single points of contact, to virtual teams, and eventually to a stand-alone program office.  Regardless of the operating level, program offices are encouraged to consider the following:  

  • Subject to legal and ethical oversight
  • Focus on data collection and analysis
  • Quick access to behavioral monitoring information and systems
  • Strict adherence to privacy policy for acquisition, retention, and sharing of information
  • Defined response processes for potential insider threats
  • Established relationships with investigative authority

Additional Resources

Visit the following for more information about establishing an insider threat program:

Was this webpage helpful?  Yes  |  Somewhat  |  No