search menu icon-carat-right cmu-wordmark

Common Sense Guide to Mitigating Insider Threats - Best Practice 3 (of 19)

CERT Insider Threat Center
• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Daniel Costa, Cyber Security Solutions Developer for the CERT Program, with the third of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats.

The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the enterprise to mitigate (prevent, detect, and respond to) insider threats, as well as case studies of organizations that failed to do so. The third of the 19 best practices follows.

Practice 3: Incorporate insider threat awareness into periodic security training for all employees.

Impactful mitigation of insider threats requires the cooperation and education of an organization's entire workforce. All employees need to understand that insider crimes do occur and can have severe consequences for both the organization and the employee. Periodic security training that includes insider threat awareness supports a stable culture of security in the organization.

Effective and lasting measures used to secure an organization against insider threats are ones that reflect the organization's mission, values, and critical assets. Employees must be taught that they are responsible for protecting the information the organization has granted them access to. Insider threat awareness training should emphasize that malicious insiders will most likely not fit a particular profile; rather, employees should be wary of behavioral indicators, such as making unusual requests of coworkers. No matter what assets an organization focuses on, it should still train its members to be vigilant against a broad range of malicious employee actions.

Organizations must educate employees about the confidentiality and integrity of the company's information, as well as the repercussions of compromising those attributes. Training programs should create a culture of security appropriate for the organization and include all personnel. Providing training on activities that indicate insider activity can lead to earlier, more frequent detection of insider threat incidents.

Refer to the complete fourth edition of the Common Sense Guide to Mitigating Insider Threats for a comprehensive understanding of the issues and recommendations mentioned.

Check back in a few days to read about best practice 4, Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior, or subscribe to a feed of CERT Program blogs to be alerted when a new post is available.

If you have questions or want to share experiences you've had with insider threats, send email to

About the Author