Posted on by Insider Threatin
Why should anyone care about program compliance and effectiveness? The CERT Division's answer to this question is simple: If you're going to have an Insider Threat Program (InTP), you want it to work well and within the limits of the law. We advocate that InTPs comply with all applicable laws, regulations, policies, and established procedures in a way that effectively deters, detects, and mitigates insider threats. Be sure to regularly work with your organization's general council to ensure your insider threat program is complying with federal, state, and local laws.
Hello, this is Jeremy Strozer, Insider Threat Researcher at the CERT Insider Threat Center. The focus of my work is the nexus of where the threat from outside actors meets the insider. As part of this work, I help organizations establish their InTPs. I'd like to use this post to talk about one aspect of program development: Oversight of Program Compliance and Effectiveness.
Components of effective oversight can include defined processes for evaluating effectiveness, performance, and compliance of the program. These processes are built based on internal and external assessments, reviews, and tracked and managed improvement plans.
Oversight can also include a method of ensuring those participating in the InTP are executing their responsibilities appropriately. This oversight is particularly important regarding staff who review indicators and data sources as well as handle inquiries and investigations. We suggest the use of a quality assurance team to "watch the watchers."
In terms of quality assurance and oversight, the organization should develop an oversight/quality control group that monitors the actions of the InTP to ensure that incidents are being handled in a fair and balanced manner; information is being properly handled and protected; and rules, regulations, and processes are being appropriately followed. Such a program must be set up to ensure the integrity of the InTP and its activities.
There are other considerations, such as your program's authorities and how to interact with unions (if your organization has them). More detail on all of the things I've talked about, as well as other topics related to implementing an insider threat program in your organization, are available in the training required to earn our Insider Threat Program Manager Certificate. If you are interested in these topics, please check it out.
If you have questions, please contact us.