InTP Series: The Formalized Program (Part 3 of 18)

Hi, I'm Matt Collins, an Insider Threat Researcher at the CERT Insider Threat Center. This week in the third installment of our series, we'll take a look at the first component of an insider threat program: the formalized program itself. In last week's post, I summarized the elements of a successful insider threat program.

Why a formalized program?

A formalized insider threat program demonstrates the commitment of the organization to due care and due diligence in the protection of its critical assets. A formal program is essential to providing consistent and repeatable prevention, detection, and responses to insider incidents in an organization. These mature and well defined processes, designed with input from legal counsel and stakeholders across the organization, ensure that employee privacy and civil liberties are protected.

What does a formalized program look like?

Many of the specific aspects of an insider threat program must be customized for the organization's operating environment. A mature and formal program spans all of an organization's operating locations and is a part of the organization's culture. The program has defined roles and responsibilities for each member of the insider threat program team, including a senior leader who is the manager of the program.

Is a formalized program necessary?

Yes! A formalized program codifies the mission, intent, scope, implementation, and oversight of the organization's insider threat efforts. The formal program provides a measurable response to insider attacks and can show the organization's progress in mitigating insider attacks. Additionally, a formal program creates the opportunity for resources dedicated to insider threat mitigation, an essential step in building a successful insider threat program.

Other questions?

Look for our future blog posts, which will contain information on other components of an insider threat program. If you have more in-depth questions about the components of an insider threat program, we offer an Insider Threat Program Manager Certification, which includes training that covers all the important steps of implementing an insider threat program in your organization.

As always, please provide any comments you may have.

Software Engineering Institute

SEI Blog

InTP Series: The Formalized Program (Part 3 of 18)

CERT Insider Threat Center

March 18, 2015

PUBLISHED IN

CITE

TAGS

SHARE

Written By

CERT Insider Threat Center

Author Page

Digital Library Publications

Send a Message

More By The Author

High-Level Technique for Insider Threat Program's Data Source Selection

May 30, 2019 • By Robert M. Ditmore, CERT Insider Threat Center

A New Scientifically Supported Best Practice That Can Enhance Every Insider Threat Program!

April 9, 2019 • By Michael C. Theis, CERT Insider Threat Center

API Hashing Tool, Imagine That

March 25, 2019 • By Kyle O'Meara, CERT Insider Threat Center

Insider Threat Incident Analysis by Sector (Part 1 of 9)

October 11, 2018 • By Randall F. Trzeciak, CERT Insider Threat Center

Substance Use and Abuse: Potential Insider Threat Implications for Organizations

April 12, 2018 • By Tracy Cassidy, CERT Insider Threat Center

More In Insider Threat

10 Lessons in Security Operations and Incident Management

March 4, 2024 • By Robin Ruefle

CERT Releases 2 Tools to Assess Insider Risk

February 26, 2024 • By Roger Black

The 13 Key Elements of an Insider Threat Program

October 23, 2023 • By Daniel L. Costa, Randall F. Trzeciak

How to Mitigate Insider Threats by Learning from Past Incidents

October 31, 2022 • By Daniel L. Costa

Potential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programs

May 31, 2021 • By Emily Kessel, Sarah Miller, Carrie Gardner