Insider Risk Evaluation and Audit

This report on the development of a management tool for security managers and their counterparts in human resource departments will help to assess personnel security programs and organizational processes on various dimensions of insider risk. The goal is to minimize the risk of a broad range of adverse insider behaviors. Based on past studies of insider offenses, the authors identify several areas of effective management intervention to mitigate the probability of damage. For each area, a series of self-audit questions point to the presence or absence of policies, safeguards, or best practices that should be considered by security or other management personnel as proactive measures to minimize insider risk. The study recommends that this tool be used to assess an organization’s current level of vulnerability to adverse insider behavior and as an aid to the formulation of an insider risk mitigation plan that is preventative and proactive.