search menu icon-carat-right cmu-wordmark

Common Sense Guide to Mitigating Insider Threats - Best Practice 5 (of 19)

CERT Insider Threat Center
• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Derrick Spooner, Cyber Threat Solutions Engineer for the CERT Program, with the fifth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats.

The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the enterprise to mitigate (prevent, detect, and respond to) insider threats, as well as case studies of organizations that failed to do so. The fifth of the 19 best practices follows.

Practice 5: Anticipate and manage negative issues in the work environment.

This practice deals with maintaining open and continuous lines of communication regarding organizational policy. In the event of an organization event that may negatively affect the staff, an employee should be able to refer to an organizational policy to determine whether or not their expectations regarding the action were reasonable.

For example, if an employee does not receive an anticipated salary increase, then he or she should be able to refer to the policy or contract terms that states that the organization's actions were within reason. Not only does the employee need to recognize organizational expectations, but the organization must also recognize the employee expectations as conveyed in policies or contracts.

Contract employees are also a source of potential disgruntlement if contract terms are not clearly conveyed and understood. There have been incidents in which contract employees expected to be brought on full time after their contract expired but were not and subsequently struck back at the organization when they were let go.

It is also important to anticipate employee disgruntlement when an organization is facing workforce reductions. Organizations should notify employees who will be impacted as soon as possible; however, this approach also gives them time to plan and carry out an attack, so they should be monitored closely.

Refer to the complete fourth edition of the Common Sense Guide to Mitigating Insider Threats for a comprehensive understanding of the issues and recommendations mentioned.

Check back in a few days to read about best practice 6, Know your assets, or subscribe to a feed of CERT Program blogs to be alerted when a new post is available.

If you have questions or want to share experiences you've had with insider threats, send email to

About the Author