INSIDER
RISK MANAGEMENT PROGRAM GUIDANCE & RESOURCES
WORKPLACE VIOLENCE
PREVENTION RESOURCES
Insider Risk Management requires a comprehensive, holistic,
multidisciplinary and collaborative approach to be effective. Insider
Threats is not just a Human Resources Department problem, or a
technical problem solved by the CIO / IT Network Security
Administrators.
The
success of an organizations Insider Risk Management efforts, is
heavily dependent on the collaboration between many departments (Key
Stakeholders) and individuals within an an organization. (Insider Threat
Program (ITP) Manager, ITP Senior Official, Insider Risk Program
Manager, Insider Threat Analyst, FSO, CSO, CISO, Human Resources, CIO –
IT, Network Security, Counterintelligence Investigators, Mental Health /
Behavioral Science Professionals, Legal Etc.),
This website will provide an abundance of educational resources and
guidance needed for developing, managing, evaluating and optimizing an Insider Risk
Management
Program.
This website is also very well suited for any organization that is not
required to implement an Insider Risk Management Program, but is concerned with
employee risk and threat identification and mitigation, and interested in
implementing an Insider Risk Management Framework.
WW
WHO CAN BE AN INSIDER THREAT?
WHAT ARE THE IMPACTS FROM AN INSIDER THREAT INCIENT?
The
NITSIG Insider Threat Incidents Reports provides detailed
descriptions of Insider Threat types, the severe impacts and financial
damages that can be caused by just one employee, employees in
collusion, or employees in collusion with individuals external to your
organization.
CISA
Insider Threat Types Chart
CERT Insider
Threat Chart
(Threats Vs. Damages)
U.S. GOVERNMENT / DEPARTMENT OF DEFENSE
Insider Threat Program Policies
National Insider Threat Policy
DOD 5205-16 Insider Threat Program
United States Department of Agriculture Insider Threat Program Policy
General Services Administration Insider Threat Program Policy
Department Of Treasury Insider Threat Program Policy
Department Of Energy Insider Threat Program Policy
Department Of Justice Insider Threat Program Policy
NASA Insider Threat Program Policy
Nuclear
Regulatory Commission Insider Threat Program Policy & Implementation
Plan
Defense
Security Service Insider Threat Identification And Mitigation Program
Policy
Navy Bureau Of Medicine And Surgery Insider Threat Program Policy
U.S. Marines Insider
Threat Program Policy
Peace Corps
Insider Threat Program Policy
DoD
Insider Threat Management & Analysis Center (DITMAC)
DITMAC FAQ's
DITMAC Overview
Presentation
DoD 2022 Audit On DoD Components Reporting To DITMAC (Summary)
DoD 2022 Audit On DoD Components Reporting To DITMAC (Full Report)
INSIDER RISK MANAGEMENT PROGRAM GUIDANCE / RESOURCES
Insider Risk Management Program Training And Consulting Services Offered
By Insider Threat Defense Group
INSA Insider Threat Program Naming Convention
Insider Threat Program Development - Management Manual
CPNI Insider Risk Mitigation Framework Diagram
Exterro Best Practices Guide For Insider Threat Mitigation
(NITSIG-ITDG)
Exterro Insider Threat Program Checklist
(NITSIG-ITDG)
NCSC Guidance On Establishing An Insider Risk Program
CISA Insider Threat Mitigation Framework Guide
CISA Insider Risk Mitigation Program Evaluation Guide (Mouse
Right Click To Download)
Common Pitfalls For Insider Risk Management Programs
(NITSIG-ITDG)
Effective Insider Threat Programs: Understanding And Avoiding Potential
Pitfalls (CMU
LEGAL CONSIDERATIONS / GUIDANCE FOR INSIDER RISK MANAGEMENT PROGRAMS
Laws And Regulations Related To Insider Threats - Espionage - Fraud
(NITSIG)
Identifying And Safeguarding Personally Identifiable Information
Training
(DISA)
Insider Threat Best Practices Guide
(Securities Industry &
Financial Markets Association (SIFMA) -
Legal Guidance
Page 46)
Workplace Privacy And Employee Monitoring Guidance (Privacy
Rights Clearinghouse)
Department Of Justice
Prosecuting Computer Crimes Manual
Department Of Justice
Prosecuting
Intellectual Property Crimes Manual
Department Of
Justice Searching - Seizing Computers And Obtaining Electronic Evidence
In Criminal Investigations Manual
INSIDER
THREAT REPORTING & INVESTIGATIONS
Guide To Workplace Investigations
Best Practices Guide For Investigating Employees Of Concern
Insider Risk Investigation Decision Tree
Workplace Investigations Checklist
Insider Threat Reporting & Investigations Templates (CISA)
Employee Investigations And Discpline Policy
Workplace Investigations Overview - Basic Issues For Employers / Legal
Considerations
INSIDER RISK
MANAGEMENT GUIDANCE / RESOURCES
Preventing Insider Threats Starts With The Risk Management 101
(NITSIG)
A Worst Practices Guide To Insider Threats: Lessons From Past Mistakes
Insider Threats: A
Worst Practices Guide To Preventing Leaks, Thefts, Attacks, and Sabotage
(Video)
DHS
CERT Combating The Insider Threat
SANS Insider Threat Mitigation Guidance
Insider Threat
Mitigation Best Practices Guide
(Securities Industry &
Financial Markets Association)
Intel Insider Threat Field Guide
The Definitive Guide To Security Inside the Perimeter
Teleworking Guidance To Mitigate Employee Risks
(ITDG)
COVID Vaccine Mandate
And Insider Threat Implications
(NITSIG)
Insider Threat Mitigation For The Critical Infrastructure
INSA Managing Insider Risks During Mergers & Acquisitions
UK Centre
For The Protection Of National Infrastructure (CPNI)
CPNI
Guidance For Reducing Insider Threat Risk
CPNI Insider Risk Mitigation Framework
CPNI Insider Risk Mitigation Framework Diagram
Insider Risk Management Checklists
National Insider Threat Task Force - Best Practices Guide For Insider Threat
CERT Common Sense Guide To Mitigating Insider Threats -
6th Edition
CERT Common Sense Guide To Mitigating Insider Threats 7th Edition
CERT Insider Threat Risk Mitigation Best Practices - Mapped To NIST
SP800-53 Security Controls
CERT Insider Threat Risk Mitigation Best Practices
Insider Threat Risk Mitigation Checklist
(Based Of Of
CERT Insider Threat Risk Mitigation Best Practices)
DoD PERSEREC- Insider Risk Evaluation And Audit Tool Checklist
Considerations For Outsourcing Work To Third Party Contractors Checklist
EMPLOYEE MONITORING ON COMPUTER SYSTEMS
& NETWORKS
Workplace Privacy And Employee Monitoring Guidance (Privacy
Rights Clearinghouse)
A Comprehensive Guide to Employee Monitoring Laws in The U.S.
Monitoring Employees' Use Of Company Computers And The Internet By Texas
Workforce Commission
Guidance For
Implementing An Employee User Activity Monitoring Program
Insider Threat Detection Tool Research & Workshop Conducted By NITSIG &
University Of Maryland’s Applied Research Laboratory For Intelligence &
Security
Presentation To NITSIG Members
Insider Threat Red Flag Checklists
The documents listed below can be used to tweak existing network
security tools for Insider Threat detection. Additionally they can be
used when evaluating Insider Threat Detection Tools for evaluation and
purchase.
Insider Threat Red Flags Indicators Checklist
(DTex Systems)
Insider Threat Red Flags Indicators Checklist
(ObserveIT)
Employee Monitoring Policies
University Of Nottingham (Covers GDPR) / Covers Monitoring For Physical,
Telephones. E-Mails, IT / Internet
Company Acceptable User & Monitoring Policy For IT Systems
INSIDER THREAT PROGRAM MATURITY & OPTIMIZATION
GUIDANCE
Insider Threat Program
Maturity Model Report (2019)
The Insider Threat
Defense Group initially developed the Insider Threat Program
Maturity Model Report for Veriato. Veriato provides various Employee
Activity Monitoring solutions for detecting and mitigating Insider
Threats.
The Veriato Insider Threat
Program Maturity Model report was
created to help Insider Threat Program Managers and security professionals, assess their organization’s
ability to monitor for, detect, and respond to Insider Threats.
The report is an extensive 23 page document developed to assess the
several maturity stages that companies go through when implementing an
Insider Threat Program. The document will aid Insider Threat Program
Managers in optimizing their individual Insider Threat Programs.
By using a maturity model for reference, organizations can see where
their Insider Threat Programs needs improvement, working towards an optimized level of
maturity.
To provide context around the current state of Insider Threat Program's, Veriato surveyed
150 information security professionals to see at what level their
Insider Threat Program was
in, and what’s influencing it. This data is included in the report, to
provide you with insight into the necessary steps to optimize your current
Insider Threat Program. (Source)
How Did NASA Rate
The Maturity Of Their Insider Threat Program?
They used the above referenced Insider Threat Program Maturity
Model.
NASA Insider Threat
Program Report (Reference Insider Threat Defense Group Page 17)
Insider Threat Program Maturity Framework (2018)
The National Threat Task Force (NITTF) released the Insider Threat
Program Maturity Framework on November 1, 2018.
The Framework is an aid
for advancing federal agencies’ programs beyond the Minimum Standards,
and builds upon best practices found in the 2017 NITTF Insider Threat
Guide.
The goal is to help
programs become more proactive, comprehensive, and better postured to
deter, detect, and mitigate insider threat risk. (Source)
Measuring The
Effectiveness Of Insider Threat Programs (INSA)
This
document provides guidance on building effective ways to measure the
success of an Insider Threat Program. It is important to assess whether
and to what extent the Insider Threat Program has an impact. Moreover,
specific metrics can help to justify the Insider Threat Program to
leadership resulting in continued funding, resources, and support. The
effective measurement of an Insider Threat Program depends on an
organization’s unique set of requirements and its desired business
outcomes.
INSIDER THREAT PROGRAM GUIDANCE / RESOURCES FOR DOD CONTRACTORS
Insider Threat Program Requirement For Defense Contractors (NISPOM
ISL 2016)
32CFR Part117 NISPOM Rule Cross Reference Tool
DCSA Insider Threat Program Guidance
DCSA Establishing An Insider Threat Program for Your Organization.zip
DCSA Insider Threat Program Training / Insider Threat Awareness Training
DCSA Roles And Responsibilities For Personnel Security - A Guide For
Supervisors
DCSA NISPOM Self-Inspection Handbook 2022
DCSA Technical Surveillance Countermeasures Guide For Detecting Covert
Electronic Devices
SECURITY CLEARANCE GUIDANCE / RESOURCES
National Security Adjudicative Guidelines (DNI)
DNI Employee Continuous Evaluation For Security Clearance Holders FAQs
DoD PERSEREC Adjudicative Desk Reference - Version 4 - March 2014
Classified
Information Nondisclosure Agreement SF312 Briefing Booklet
(See Page 9 To Page 19 For Legislative & Executive Authorities. The Pages Should
Be Briefed And Signed By The Individual Signing The SF312)
Security Clearance Holder Reporting Requirements (DNI)
Security Clearance Holder Reporting Requirements (DCSA)
Reporting Requirements For Personnel With Access To Classified
Information Or Who Hold a Sensitive Position
(Briefing) (DNI)
DCSA How To Receive And Maintain A Security Clearance
DOD
Security Clearance Briefing
(Presentation)
EMPLOYEE
HIRING / BACKGROUND INVESTIGATIONS / SEPARATIONS - TERMINATIONS
Human Resources And Insider Threat Mitigation - A Powerful Pairing
Human Resources Role In Preventing Insider Threats
Background Checks - What Employers Need to Know
(Federal Trade Commission)
Background Checks - Common Ways Prospective Or Current Employees Sue
Employers Under The FCRA
Ten Potential Dangers When Using Social Media Background Checks
Employment Separation And Termination Strategies - Checklist
Guidance For Suspensions And Terminations Of Employees
Supervisors Guide To Employee Separation
Employee Termination Best Practices
Employee
Separation Checklist-1
Employee
Separation Checklist-2
Best Practices For Protecting Your Data When Employees Leave Your
Company
Best Practices For The Separation / Termination Of IT - Network Security
Professionals
Firing
Violent Employees Safely
Preventing Workplace Violence When Terminating An Employee
Guidance For Terminating A Violent Employee
Deadly Terminations And How To Avoid Them
EMPLOYEE
CONTINUOUS MONITORING & REPORTING
Insider Threat Detection And Mitigation Using External Data Sources
(NITSIG)
A Guide For Employers To Implement Continuous Screening Program
The Use of Publicly Available Electronic Information For Insider Threat
Monitoring
Continuous Screening of Employees Will Gain More Acceptance As Critical
Post-Hire Due Diligence Tool
Endera EBook: 5 Reasons Background Screenings Are Obsolete
Endera Employee Continuous
Monitoring Service Overview
CLEAR Online Investigative Platform Investigation By Thomson Reuters
IDI Employee Risk
Management-Investigation Solutions
TLOXP Employee Risk
Management-Investigation Solutions By Transunion
INSIDER
THREAT BEHAVIORAL INDICATORS GUIDANCE
Insider Threat Behavioral Indicators Guidance, Webinars, Presentations
Behavioral Indicators Of Concern
For Insider Threat Programs
Part 1 (NITSIG)
Behavioral Indicators Of Concern
For Insider Threat Programs
Part 2
(NITSIG)
DCSA Insider Threat
Behavioral Indicators Brochure
DCSA Insider Threat Potential Risk Indicators Guide
DCSA Roles And Responsibilities For Personnel Security - A Guide For
Supervisors
Behavioral Indicators For Malicious Insider Theft Of Intellectual
Property
Insider Threat Behavioral Science
Behavioral Analysis In Insider Threat Programs Webinar (Dr. Robert Gallagher
- NITSIG Advisory Board Member / Scientific Director)
Behavioral Indicators And The Critical Pathway To Insider Threats (DITMAC - Dr.
Gallagher)
Application Of The Critical-Path Method To Evaluate Insider Risks
Assessing The Mind Of The Malicious Insider
Psychology Of Spies
Webinar (DCSA)
INSIDER
THREAT AWARENESS GUIDANCE / TRAINING
Insider Threat Awareness & Incident Response Flowchart For DoD
This guide /
flowchart assists in three areas. First, it aides military leaders and
all personnel to be aware of the indicators associated with insider
threat activity while serving in a partnering environment. Second, this
guide informs commanders and other leaders by giving them options on how
to mitigate insider threat activities. Lastly, this guide is meant to
generate open dialogue between coalition partners and partner nation
personnel. Partnering in itself is a sensitive mission and only by
creating trust and having an open dialogue with all forces will the
mission be accomplished. This guide is not all encompassing so there are
other options a commander has dependent on their operating environment.
Insider Threats In Partnering
Environments Flowchart For DoD
Insider Threat & Counterintelligence Awareness Training Resources
Insider Threat Awareness Briefing
Espionage- Insider Threat Indicators Briefing - Dept Of Commerce
DoDD
5240.06 - Counterintelligence Awareness And Reporting Requirements
DCSA Insider Threat
Awareness Web Based Training
DCSA Insider Threat Awareness Training Student Guide
DCSA
Insider Threat Awareness Training
DCSA Insider Threat Awareness Trifold - What To Report
DCSA
Roles And Responsibilities For Personnel Security- A Guide For
Supervisors
DCSA
Elicitation And Recruitment Brochure
DCSA Awareness Brochure On Targeting By Foreign Intelligence Elements At
Conferences
DCSA Awareness Brochure On Foreign Collection Methods, Indicators &
Countermeasures
FBI The Insider Threat - An Introduction To Detecting And Deterring
An Insider Spy
FBI Economic Espionage - How To Spot A Possible Insider Threat
FBI Counterintelligence
FBI Elicitation Techniques
NSA
Insider Threat Brochure
US CERT- Combating The Insider Threat
NCSC Countering Foreign Intelligence Threat - Implementation & Best
Practices Guide
Insider Threat Awareness Briefing - US Marines
Army Threat Awareness And Reporting Program Regulation 381-12 -- June
2016
Insider Threat & Espionage Awareness Videos / Movies
FBI Video The
Nevernight Connection
This video details an Intelligence Community Official who was
targeted by China via a fake profile on a professional networking site,
and was recruited to turn over classified information before being
arrested. (Watch)
DNI Insider
Threat Awareness Video
Department of Homeland Security
(DHS) - Insider Threat Awareness Video
Department Of
Energy Insider Threat Awareness Video
If You See
Something, Say Something -Insider Threat Awareness Video
FBI
Movie - The Company Man
(Watch On-Line / Download)
FBI Movie: Game Of
Pawns (Watch On Internet Or Download)
FBI Movie: Betrayed
(Request Showing By FBI At Your Organization)
Voices Of The
Betrayed - Co-Workers Speak About The People They Knew And Trusted
Witness To
History: The Investigation of Robert Hansen
Terminal Risk Economic And
Industrial Espionage Awareness Videos
Insider
Threat / Espionage Posters
Insider Threat Security Poster - Your Name Here
Insider
Threat - Hidden Threat Poster
Uncle
Sam - Insider Threat Poster
Preventing Espionage - CI-Security Programs Poster
Robert Hansen Poster
Espionage Does Pay - Prison Is The Bank Poster
National
Counterintelligence And Security Center Posters
Army Poster- Indicators Of Potential Terrorist / Associated Insider
Threat
DATA LOSS
PREVENTION / PROTECTION
Data Lifecycle
Security
Data Leakage
For Dummies
Best Practices For Protecting Data When Employees Leave Your Company
Data / Information Exfiltration
DoD PERSERC Report Summary - Data Exfiltration Project
(2019)
DoD
PERSERC Report - How Trusted Insiders Exfiltrated Data In The DoD
(2019)
3M Visual Hacking Experiment - How Trusted Insiders Stole Data From
Companies
10 Indicators Of Data Abuse With Case Studies
Data Loss Prevention Policies
Data
Loss Prevention Policy-1
Data
Loss Prevention Policy-2
Data
Loss Prevention Policy-3
Data
Loss Prevention Procedures
Data
Security Policies Examples
GDPR Internal Data Protection Policy
Experian Data Breach Response Guide
Data
Breach Response Checklist
FINANCIAL FRAUD GUIDANCE
& RESOURCES
Fraud Tree Diagram
Association of Certified Fraud Examiners (ACFE) 2024 Report On Fraud
ACFE Fraud Risk Schemes Assessment Guide
Fraud Risk
Management Scorecards
Other Fraud Tools From ACFE
Fraud Risk Exposures And Descriptions Guide
Anti-Fraud Policies - Procedures Templates
DOD FRAUD GUIDANCE &
RESOURCES
General Fraud Indicators & Scenarios
Fraud Red Flags And Indicators
Comprehensive Listing Of Fraud Indicators
WORKPLACE VIOLENCE PREVENTION
NITSIG
Insider Threat Workplace Violence E-Magazine
(Workplace Violence Incidents)
Workplace Violence Prevention Guidance
OSHA Workplace
Violence Website
OSHA Workplace Violence Presentation
OSHA
Workplace Violence Factsheet
Workplace Violence Program Mitigation Flowchart
FBI
Workplace Violence Guidance
CISA Violence In The Federal Workplace - A Guide For Prevention And
Response
21 Ways To Prevent Workplace Violence In Your Organization
Preventing Violence In The Workplace
Presentation
(National Crime Prevention Council)
Workplace Violence Prevention Program / Plans / Policies
U.S. Department Of Labor Workplace Violence Prevention Program
U.S. Coast Guard Workplace Violence And Threatening Behavior Instruction
Duke University Workplace Violence Prevention And Response Policy
Boston University Workplace Violence Prevention Policy
University At Buffalo New York Workplace Violence Prevention Policy
Sample Workplace Violence Prevention Plan
Active Shooter Guidance (Prepare, Respond)
DCSA Active Shooter Awareness Training Guide
Active Shooter Preparedness Checklist
Active Shooter & Hostile Event Guide
DHS Active Shooter-How To Respond
DHS Poster - How To Respond To An Active Shooter Event
DHS Active
Shooter Preparedness Resources
(Active Shooter Booklet,
Pamphlet, Poster, Pocket Card)
FBI Active Shooter Resources
Maryland Active Assailant Guidance
/ Guidance For First Responders
State Alabama Active Shooter Strategic Response Plan
Crime Prevention Through Environmental Design Concepts
Workplace Violence Prevention / Active Shooter-Assailant Awareness
Training
Workplace Violence
Prevention Training Video
(California Department Of
Human Resources)
DHS Active Shooter
Emergency Action Plan Video
FBI Active Shooter
Video - The Coming Storm
RUN HIDE FIGHT
Video - Surviving An Active Shooter Event
FEMA Training Course - Active Shooter What You Can Do
Active Shooter Detection Systems
Emergency Automatic Gunshot Lockdown System
FireFly Wireless Gunshot Detector
FireFly CityWeb Ballistic Detector
Convergint Active Shooter Detection System
Convergint Wireless Active Shooter Sensors
