Trusted insiders commit intentional or unintentional disruptive or harmful acts across all infrastructure sectors and in virtually every organizational setting. Individuals entrusted with access to or knowledge of an organization represent potential risks and include current or former employees or any other person who has been granted access, understanding, or privilege.
This site is designed to assist individuals, organizations and communities in improving or establishing an insider threat mitigation program. To combat insider threats, organizations should consider a proactive and prevention-focused insider threat mitigation program. This approach can help an organization define specific insider threats unique to their environment, detect and identify those threats, assess their risk, and manage that risk before concerning behaviors manifest in an actual insider incident.
What is an Insider and Insider Threat?
According to the National Insider Threat Task Force (NITTF) “an insider is any person with authorized access to an organization’s resources to include personnel, facilities, information, equipment, networks, or systems”.
The NITTF defines the insider threat as “the risk an insider will use their authorized access, wittingly or unwittingly, to do harm to their organization. This can include theft of proprietary information and technology; damage to company facilities, systems or equipment; actual or threatened harm to employees; or other actions that would prevent the company from carrying out its normal business practice”
How Organizations Mitigate the Insider Threat
The links below describe how organizations can establish an insider threat program, identify and protect critical assets, recognize and report suspicious behavior, and assess and respond to insider threats.
To get more information on insider threats, please send an email to InTmitigation@hq.dhs.gov
In case of an emergency, or to report suspicious activity or events, call 9-1-1 or contact local law enforcement.