SEI Insights

Insider Threat Blog

Real-World Work Combating Insider Threats

InTP Series: The Formalized Program (Part 3 of 18)

Posted on by in

Hi, I'm Matt Collins, an Insider Threat Researcher at the CERT Insider Threat Center. This week in the third installment of our series, we'll take a look at the first component of an insider threat program: the formalized program itself. In last week's post, I summarized the elements of a successful insider threat program.

Why a formalized program?

A formalized insider threat program demonstrates the commitment of the organization to due care and due diligence in the protection of its critical assets. A formal program is essential to providing consistent and repeatable prevention, detection, and responses to insider incidents in an organization. These mature and well defined processes, designed with input from legal counsel and stakeholders across the organization, ensure that employee privacy and civil liberties are protected.

What does a formalized program look like?

Many of the specific aspects of an insider threat program must be customized for the organization's operating environment. A mature and formal program spans all of an organization's operating locations and is a part of the organization's culture. The program has defined roles and responsibilities for each member of the insider threat program team, including a senior leader who is the manager of the program.

Is a formalized program necessary?

Yes! A formalized program codifies the mission, intent, scope, implementation, and oversight of the organization's insider threat efforts. The formal program provides a measurable response to insider attacks and can show the organization's progress in mitigating insider attacks. Additionally, a formal program creates the opportunity for resources dedicated to insider threat mitigation, an essential step in building a successful insider threat program.

Other questions?

Look for our future blog posts, which will contain information on other components of an insider threat program. If you have more in-depth questions about the components of an insider threat program, we offer an Insider Threat Program Manager Certification, which includes training that covers all the important steps of implementing an insider threat program in your organization.

As always, please provide any comments you may have.

More from CERT Insider Threat Center

Posts


View other blog posts by CERT Insider Threat Center.