InTP Series: Communicating Insider Threat Events (Part 13 of 18)
When building your organization's Insider Threat Program (InTP), be sure to clearly identify defined processes for communicating insider threat events and incidents. It is important to ensure that all affected parties are made aware of the situation. As we all know, clear, concise, detailed, and documented communication is valuable.
Hi, I'm Cindy Nesta of the CERT Insider Threat Team. In this 13th installment of the InTP Series, I will touch on several things, including the components of a communication plan, a communication strategy, and raising the overall awareness of InTP activities.
Components of a Communication Plan
Overall, the communication plan establishes what and when information should be communicated to specific individuals and to the broader community, who has authority to communicate sensitive information, and how the information should be disseminated.
The following components of the notification process should be defined:
- notification timeframe
- information to be conveyed
- criteria for when not to notify
- process for escalating communication
- process for communicating events and incidents that affect classified and sensitive information
- process for obtaining and sharing intelligence information, if applicable
By defining and documenting these components, you will provide InTP members and other appropriate stakeholders in the organization with processes to guide them through the information sharing required to handle insider events and incidents.
Before an event or incident occurs, you must identify who needs to be notified and involved, and establish agreed-on data sharing and communication across relevant stakeholders.
Stakeholders can include staff from the following groups as well as other relevant parts of the organization:
- Information Technology (IT)
- Physical Security
- Human Resources (HR)
- Public Relations
InTP Communication Strategy
The InTP's communication strategy is equally important. This strategy relates to how the InTP's activities should be announced and promoted in the organization.
Something to consider when defining this strategy is which of the InTP activities should be kept to a small group of internal people, such as the InTP members, and which should be made public across the organization.
How you publicize and promote the InTP within your organization can be done in several ways. Examples include
- adding a discussion of the InTP into existing employee training
- developing promotional materials (e.g., posters; banners; mugs; pens; login-in banners with tips, hints, and reminders)
- establishing a dedicated internal website for the InTP where employees can reference information
Communication is one of the keys to the success of an InTP.
If you want more information about the communication of insider threat events and incidents, or other components of an InTP, look into our Insider Threat Program Manager Certification. If you have any questions or comments please feel free to contact us!