Posted on by Insider Threatin
Are you planning on establishing an insider threat program in your organization? If so, you'll find this series of 18 blog posts helpful. In this post, the first in the series, I explain why having an insider threat program is a good idea and summarize the topics my colleagues and I will be covering in this series.
My name is Randy Trzeciak, the Technical Manager of the Insider Threat Center in the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University. For the past 14 years, our team has been researching insider threats in an attempt to understand how insider incidents evolve over time as well as how organizations can prepare themselves to mitigate this complex threat. To date, we have collected and analyzed over 1000 actual insider incidents and have published over 100 reports that describe the threat and best practices for addressing it (www.cert.org/insider-threat/publications).
Because of a number of high-profile incidents that have significantly impacted organizations recently (e.g., sabotage, theft of information, fraud, national-security espionage), many organizations across government, industry, and academia have recognized the need to build an insider threat program (InTP) to protect their critical assets. Over the course of the next few months, we will be discussing the following topics as part of our blog series:
In this series we will describe the key elements of an effective insider threat program. We will begin by examining the need to build a program. If you work within the U.S. Federal Government and your organization operates or accesses classified computer networks, you are required by Executive Order 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, to establish a program for deterring, detecting, and mitigating insider threats.
If you support the federal government in a contracting role, there are anticipated changes to the National Industrial Security Program Operating Manual (NISPOM) (Confirming Change 2) that will require your organization to build an insider threat program. If you work outside the government, it is likely that your organization has critical assets that it needs to protect as well.
We believe that organizations across all critical infrastructure sectors will benefit from building a formal insider threat program with the following objectives:
In a blog we cannot provide sufficient detail to provide everything you need to build your program, but we can point you to the resources you need. If you are looking for in-depth training on how to build your program, would like to obtain an Insider Threat Program Manager Certificate, or would like our team to help you build or evaluate your program, please visit http://www.cert.org/insider-threat/, or contact the SEI at 412-268-5800.
This series describes a framework we hope you can use as a basis for building your insider threat program. Keep in mind that the majority of your employees and trusted business partners will not go on to harm your organization. However, as we've seen from actual incidents, the few that do go on to harm an organization have impacts (e.g., safety, monetary, and operational) that can be significant.
Please watch for additional posts on this subject in the coming weeks.