This report on the development of a management tool for security managers and their counterparts in human resource departments will help to assess personnel security programs and organizational processes on various dimensions of insider risk. The goal is to minimize the risk of a broad range of adverse insider behaviors. Based on past studies of insider offenses, the authors identify several areas of effective management intervention to mitigate the probability of damage. For each area, a series of self-audit questions point to the presence or absence of policies, safeguards, or best practices that should be considered by security or other management personnel as proactive measures to minimize insider risk. The study recommends that this tool be used to assess an organization’s current level of vulnerability to adverse insider behavior and as an aid to the formulation of an insider risk mitigation plan that is preventative and proactive.
Standard Identifier: Technical Report 09-02
- Applying the Top 20 Critical Controls for Risk Assessment CSIAC Webinar
- Cyber Risk to Transportation Industrial Control Systems Journal Article
- Introduction: Insider Threat and the Malicious Insider Threat – Analyze. Deter. Discover. Prevent. Respond Journal Article
- CSIAC Webinar – Applying the Top 20 Critical Controls for Risk Assessment – Chat Log Information Page
- Data Privacy Day – Fostering a Culture of Privacy Awareness at Work Information Page