Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Topics
  3. Physical Security
  4. Insider Threat Mitigation
Share:
image of figures, and cyber node. Image of hand holding a keycard accessing a terminal.

Insider Threat Mitigation

A holistic insider threat mitigation program combines physical security, personnel awareness, and information-centric principles.

Insider Threat Mitigation

  • Defining Insider Threats
  • Detecting and Identifying Insider Threats
  • Assessing Insider Threats
  • Managing Insider Threats
  • Insider Threat Mitigation Resources and Tools

Overview

An insider is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems. Insider threat is the potential for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include intentional or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities.

Examples of an insider may include: 

  • A person the organization trusts, including employees, organization members, and those to whom the organization has given sensitive information, such as financial data, business strategy, and organizational strengths and weaknesses. In the context of government functions, this could also include classified information. This person may also have both physical and digital access to sensitive spaces.
  • A person given a badge or access device identifying them as someone with regular or continuous access (e.g., an employee or member of an organization, a contractor, a vendor, a custodian, or a repair person). 
  • A person to whom the organization has supplied a computer and/or network access. 
  • A person who has intimate knowledge about and possibly helps develop the organization’s products and services; this group includes those who know the secrets of the products that provide value to the organization.

Insider threat incidents are possible in any sector or organization.

CISA’s Role  

CISA provides information and resources to help individuals, organizations, and communities create or improve existing insider threat mitigation programs. Infrastructure communities can protect the nation by working internally to protect against insider threat and sharing lessons learned. Mature insider threat programs are more resilient to disruptions, should they occur.

The key steps to mitigate insider threat are Define, Detect and Identify, Assess, and Manage. Threat detection and identification is the process by which persons who might present an insider threat risk due to their observable, concerning behaviors come to the attention of an organization or insider threat team. Threat assessments are based on behaviors, which are variable in nature. A threat assessment’s goal is to prevent an insider incident, whether intentional or unintentional. When an assessment suggests that the person of concern has the interest, motive, and ability to attempt a disruptive or destructive act, the threat management team should recommend and coordinate approved measures to continuously monitor, manage, and mitigate the risk of harmful actions. 

Insider Threat Mitigation Fundamentals

Defining Insider Threats

Defining insider threats is a key step in comprehending and establishing an insider threat mitigation program.

Detecting and Identifying Insider Threats

Observing and identifying concerning behavior is a critical step in recognizing an insider threat that requires both human and technological elements.

Assessing Insider Threats

 The goal of assessing a possible insider threat is to prevent an insider incident, whether intentional or unintentional.

Managing Insider Threats

Proactively managing insider threats can stop the trajectory or change the course of events from a harmful outcome to an effective mitigation. 

Insider Threat Video

The Insider Threat video uses security and behavior experts to discuss how insider threats manifest in a variety of ways including terrorism, workplace violence, and breaches of cybersecurity. Understanding how to recognize and respond to these various types of insider threats, whether non-violent or violent, increases an organization’s ability to protect both its people and sensitive information.

Understanding The Insider Threat Video

CISA’s Insider Threat Mitigation Resources

Explore products and tools designed for CISA Stakeholders to define, detect, assess, and manage insider threats.

Insider Threat Mitigation Resources and Tools
PUBLICATION

Insider Threat Mitigation Guide

The Insider Threat Mitigation Guide provides comprehensive information to help federal, state, local, tribal, and territorial governments; non-governmental organizations; and the private sector establish or enhance an insider threat prevention and mitigation program.
Download File (PDF, 5.4 MB)
JULY 29, 2024 | PUBLICATION

Insider Risk Mitigation Program Evaluation (IRMPE)

This tool pulls from insider threat planning and preparedness resources to allow users to evaluate the maturity of their insider threat program in one convenient and easy-to-navigate fillable PDF.
Additional Translations Available
View Files
Insider Threat Mitigation Resources and Tools

Contact Us

For more information on insider threat mitigation, please send an email to central@cisa.dhs.gov.

In case of an emergency, or to report suspicious activity or events, call 9-1-1 or contact local law enforcement.

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback