InTP Series: Key Elements of an Insider Threat Program (Part 2 of 18)
Before establishing an insider threat program in your organization, you first must understand the required components of such a program. In this second of a series of 18 posts, I will introduce you to the elements of an effective insider threat program.
Hi, I'm Matt Collins, an Insider Threat Researcher at the CERT Insider Threat Center. In the previous post, Randy Trzeciak discussed CERT insider threat work and reasons why an organization might want to establish an insider threat program. Today I'll describe the components required for an effective insider threat program. Developing and implementing these program components helps organizations protect and provide appropriate access to their intellectual property, critical assets, systems, and data.
These key components are also necessary to prepare organizations for handling malicious insider attacks in a consistent, timely, and quality manner that involves organizations' stakeholders who were (or would be) affected by attacks.
We in the CERT Insider Threat Center have identified a set of key components that we believe are necessary to produce a fully functioning insider threat program. Over the coming weeks, we will release blog posts that take a closer look at each of these components. Some areas of focus for an insider threat program include the following:
- enterprise-wide participation in developing, implementing, and operating the program
- active senior leadership and sponsorship that supports the program
- integrated data collection and analysis of technical and behavioral indicators of potential insider activity
- formal processes for the response, communication, and escalation of insider events
The full set of components for a successful insider threat program are illustrated in the figure below:
[A full-sized version of this figure is available.]
While this blog series offers a high-level view and describes the essential components of an insider threat program, we offer in-depth training as part of our Insider Threat Program Manager Certificate that covers all the important steps of implementing an insider threat program in your organization.
As always, please provide any comments you may have for us.