We’re happy to offer news, updates, and thought leadership to our clients, friends, and subscribers. Please feel free to look around and subscribe to whatever topics you’re interested in using the form to the right.

Developing an Insider Threat Program

by | Aug 18, 2014 | Government Entities

Since its inception, the Department of Homeland Security (DHS) has invested significant time and resources into detecting and mitigating insider threats, integrating information from a variety of internal sources, including the Office of the Chief Human Capital Officer, the Chief Information Security Officer, the CIO, CSO, and Internal Affairs, at both the component and headquarters levels.

As the workplace becomes more virtual and less compartmentalized, the need for increased organizational focus on insider threat has never been greater. Through its Information Sharing and Safeguarding initiative, the DHS is taking a proactive approach in responding to the increased need.

They have developed an initiative focused on increasing the collation and analysis of IT systems to help identify specific behavioral indicators that may suggest a potential insider threat issue.

The DHS should complement its enhanced analytical capabilities by looking for ways to further foster an environment of security awareness and deterrence. For example, training on insider threats can build awareness of the problem and alert employees to the protocols that they should follow should they encounter a suspicious situation.

The following list identifies the top ten things an agency leader should consider when developing an insider threat program:

1. Define your insider threats – Develop a specific working definition of the threats faced by your organization and business environment.

2. Define your risk appetite – Define your organization’s critical assets that must be protected, as well as tolerance for loss or damage in those areas.

3. Leverage a broad set of stakeholders – Establish a cross-disciplinary insider threat work group that can serve as change agents and help confirm the proper level of buy-in across departments and stakeholders.

4. Technology, alone won’t solve the problem – Avoid focusing exclusively on a technical solution, as effective programs also promote an environment of security awareness and deterrence.

5. Trust but verify – Implement routine and random auditing of privileged functions.

6. Look for precursors – While moving along the continuum from ideation to action, insiders often display observable behaviors that can serve as potential risk indicators for early detection.

7. Connect the dots – Correlate potential risk indicators captured in virtual and non-virtual arenas to gain insights into trends regarding the high risk behaviors exhibited across the organization.

8. Stay a step ahead – Use a feedback mechanism that includes an analysis of on-going and historical cases and investigations.

9. Set behavioral expectations – Define the behavioral expectations of your workforce through clear and consistently enforced policies.

10. One size does not fit all – Customize the workforce’s training to address the specific insider threat risks, challenges and responsibilities for each position.

The DHS has already implemented insider threat-related trainings, but a continuing communication strategy is essential to help update employees on changing policies, evolving threats, and to reinforce awareness.

To read the entire article, please visit

Subscribe to Email Updates

Posts by Topic

Skip to content