How to Quickly Assess Your Insider Threat Mitigation

A malicious insider is defined as a current or former employee, contractor, or business partner who meets the following criteria:

  • has or had authorized access to an organization’s network, system, or data
  • has intentionally exceeded or intentionally used that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems

—From the Common Sense Guide to Mitigating Insider Threats, 4th Edition by George Silowash, Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak, Timothy J. Shimeall, and Lori Flynn of the CERT Insider Threat Center.

Organizations have begun to acknowledge the importance of detecting and preventing insider threats. For many organizations, establishing an insider threat program and beginning to look for potentially malicious insider activity is a new business activity. So reports the CERT Division of the Software Engineering Institute at Carnegie Mellon University.

Since 2001, the CERT Insider Threat Center has conducted empirical research and analysis to develop and transition socio-technical solutions to combat insider cyber threats. The Insider Threat Center partners with the U.S. Department of Defense, the U.S. Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community.

Two key questions are:

  • Do you know where your organization stands regarding insider threats?
  • Wouldn’t your management team like to know, too?

Assessing Your Organization’s Insider Threat Mitigation

I am familiar with the fact that most organizations have difficulty in assessing insider threat, especially in contrast to assessing outsider threat.

After studying this important Common Sense Guide document, I realized how easy it would be to assess insider threat mitigation (the existing security controls that have proven effective in reducing insider threat risk) against the 19 categories of best practices in CERT’s Common Sense Guide.

I developed the “Insider Threat Mitigation Micro-Assessment Template” to help you quickly get a baseline reading against the best practices presented in the CERT guide. This is not a full-blown insider threat data risk assessment. It is a simple assessment that can be performed easily that will give you the status of your organization’s insider threat mitigation controls compared to 19 best practices for insider threat mitigation.

Most organization’s don’t know and can’t report to management exactly where they stand with regard to insider threat mitigation. Using this micro-assessment template, you will be able to do so.

The template also includes a link to guidance on establishing insider threat metrics.

You don’t have to be a security practitioner to perform this micro-assessment. You just need to be able to consult with the responsible/knowledgeable parties in key areas of your organization such as:

  • Human Resources (HR)
  • Legal
  • Physical and/or Corporate Security
  • Information Technology (IT)
  • Information Assurance (IA)
  • and the organization’s Data Owners (the individuals responsible for granting access to critical data)

If you are not in a position yourself to do that, pass this information along to someone higher up who is at that level.

Download the “Insider Threat Mitigation Micro-Assessment Template” now and see how simple it can be to answer the key questions that will enable you to rate your organization’s insider threat mitigation in an actionable way.

Best Regards,
Ray Bernard

Leave a Reply

Your email address will not be published. Required fields are marked *