Insider Threat Program Development - Management Resources
Insider
Threat Detection & Mitigation Resources
Workplace Violence Mitigation Resources
Insider Threat Mitigation requires a comprehensive, holistic,
multidisciplinary and collaborative approach to be effective. Insider
Threats is not just a Human Resources Department problem, or a
technical problem solved by the CIO / IT Network Security
Administrators.
The
success of an organizations Insider Threat Mitigation efforts, is
heavily dependent on the collaboration between many departments (Key
Stakeholders) and individuals within an an organization. (Insider Threat
Program Managers, Insider Threat Analyst, CSO CIO - IT Network Security,
CISO, Human Resources, Legal, Etc.)
This website will provide an abundance of educational resources and
guidance needed for developing, managing or enhancing an Insider Threat
Program.
This website is also very well suited for any organization that is not
required to implement an Insider Threat Program, but is concerned with
employee threat identification and mitigation, and interested in
implementing an Insider Threat Mitigation Framework.
INSIDER THREAT INCIDENTS
AND THE SERIOUS IMPACTS
Managing employee threats
in a organization, is more than just dealing with Employee
Dissatisfaction, Employee - Supervisor Relation Problems, Negative
Performance Reviews, Diversity Problems, Suspicious Technical Behaviors,
preventing Sexual Harassment, Workplace Violence,. etc.
There are many other types of Malicious Actions caused employees, who
may be very disgruntled, that can be very damaging and have very serious
impacts to an organization;
Examples
Financial Loss (Trade
Secrets / Data Theft, Embezzlement)
Operational Impact For The
Organization To Execute Its Mission (IT / Network Sabotage, Data
Destruction. Facility Sabotage)
Legal, Compliance &
Liability Impacts
Stock Price Reduction
Employees Lose Jobs
Company Goes Out Of
Business and more
CISA
Insider Threat Types Chart
CERT Insider
Threat Chart
(Threats Vs. Damages)
Research indicates many
employees may not be disgruntled, but have other motives such as
financial gain to live a better lifestyle, etc.
Most Trusted Employees who turn Malicious and harm their employers by
committing financial theft, leaking sensitive data, sabotaging computer
networks, or committing violence in the workplace, are not spontaneous
in their actions. Often Malicious Employees exhibit behaviors of
concerns weeks or months before they act.
The NITSIG in conjunction with the Insider Threat Defense have
researched and analyzed over 4,200 Insider Threat incidents over
13+ years, and produces EYE OPENING monthly reports on how
serious the Insider Threat problem is, and the very costly and damaging
impacts to businesses and organizations of all types and sizes.
The
SEVERE IMPACTS can be caused by JUST 1 EMPLOYEE, or by MULTIPLE
EMPLOYEES WORKING WITH EXTERNAL CO-CONSPIRATORS.
We encourage you to read the reports on this
link, to grasp the magnitude of the Insider Threat problem.
U.S. GOVERNMENT / DEPARTMENT OF DEFENSE
Insider Threat Program Policies
National Insider Threat Policy
United States Department of Agriculture Insider Threat Program Policy
General Services Administration Insider Threat Program Policy
Department Of Treasury Insider Threat Program Policy
Department Of Energy Insider Threat Program Policy
Department Of Justice Insider Threat Program Policy
NASA Insider Threat Program Policy
Nuclear
Regulatory Commission Insider Threat Program Policy & Implementation
Plan
Defense
Security Service Insider Threat Identification And Mitigation Program
Policy
Navy Bureau Of Medicine And Surgery Insider Threat Program Policy
U.S. Marines Insider
Threat Program Policy
Peace Corps
Insider Threat Program Policy
DoD
Insider Threat Management & Analysis Center (DITMAC)
DITMAC FAQ's
DITMAC Overview
Presentation
DoD 2022 Audit On DoD Components Reporting To DITMAC (Summary)
DoD 2022 Audit On DoD Components Reporting To DITMAC (Full Report)
INSIDER THREAT PROGRAM DEVELOPMENT (ITP) - MANAGEMENT / MANAGER
TRAINING
ITP Development - Management / Manager Training Course
Course
(Offered By Insider Threat Defense Group (ITDG) - 2 Day Instructor Led
Class)
This highly sought after and very comprehensive 2 day training
course will ensure the ITP Manager / Senior Official (Insider
Threat Analyst, FSO, CSO, CISO, Etc.), and others who support the ITP
(Human Resources, IT, Network Security, Etc.), have the Core
Knowledge, Blueprint, Resources needed for developing, managing,
enhancing an ITP / ITP Working Group. (Training
Course Brochure)
The ITDG has an
exceptional track record of providing comprehensive training on ITP
Development, Management and Optimization to ITP Managers, Insider Threat
Analysts, CSO's, CIO's, CISO's, IT / Network Security Administrators,
Human Resources Professionals, Chief Legal Officers and others. The
ITDG has certified 900+ individuals as ITP Managers.
INSIDER
THREAT MITIGATION CONSULTING SERVICES
OFFERED BY THE ITDG
(On-Site, Virtual)
The ITDG is considered a
Trusted Source for Insider Threat Mitigation Training and Consulting
Services to over
650+ organizations.
Training /
Consulting Service Offered
Insider Threat Mitigation Training & Collaboration Workshops For CEO's,
Board Of Directors, C-Suite & Insider Threat Program (ITP) Managers /
Working Group Stakeholders, Insider Threat Analysts & Investigators
Insider Threat Detection Tool Guidance / Pre-Purchasing Evaluation
Assistance
Insider Threat Vulnerability - ITP Maturity Assessment / Mitigation
Guidance
Malicious Insiders Playbook Of Tactics Data Exfiltration Assessment
Insider Threat Awareness Training For Employees
Customized Insider Threat Mitigation Consulting Services
More Information
INSIDER THREAT PROGRAM DEVELOPMENT - MANAGEMENT GUIDANCE / RESOURCES
Developing An Insider Threat Program - It Starts With Security 101
Foundations
(Federal New Radio Interview W/ Jim Henderson - NITSIG Founder / Chairman)
Effective Insider Threat Programs: Understanding And Avoiding Potential
Pitfalls (CMU ITC)
CPNI Insider Risk Mitigation Framework Diagram
Exterro Best Practices Guide For Insider Threat Mitigation
(NITSIG-ITDG)
Exterro Insider Threat Program Checklist
(NITSIG-ITDG)
Insider Threat Program Development - Management Manual
NCSC Guidance On Establishing An Insider Risk Program
CISA Insider Threat Mitigation Framework Guide
CISA Insider Risk Mitigation Program Evaluation Guide (Mouse
Right Click To Download)
INSA Insider Threat Program Naming Convention
INSIDER
THREAT MITIGATION GUIDANCE / RESOURCES
Preventing Insider Threats Starts With The Risk Management 101
(NITSIG)
A Worst Practices Guide To Insider Threats: Lessons From Past Mistakes
Insider Threats: A
Worst Practices Guide To Preventing Leaks, Thefts, Attacks, and Sabotage
(Video)
DHS
CERT Combating The Insider Threat
SANS Insider Threat Mitigation Guidance
Insider Threat
Mitigation Best Practices Guide
(Securities Industry &
Financial Markets Association)
Intel Insider Threat Field Guide
The Definitive Guide To Security Inside the Perimeter
Teleworking Guidance To Mitigate Employee Risks
(ITDG)
COVID Vaccine Mandate
And Insider Threat Implications
(NITSIG)
Insider Threat Mitigation For The Critical Infrastructure
INSA Managing Insider Risks During Mergers & Acquisitions
UK Centre
For The Protection Of National Infrastructure (CPNI)
CPNI
Guidance For Reducing Insider Threat Risk
CPNI Insider Risk Mitigation Framework
CPNI Insider Risk Mitigation Framework Diagram
Insider Threat Mitigation Checklists
National Insider Threat Task Force - Best Practices Guide For Insider Threat
CERT Common Sense Guide To Mitigating Insider Threats -
6th Edition
CERT Common Sense Guide To Mitigating Insider Threats 7th Edition
CERT Insider Threat Risk Mitigation Best Practices - Mapped To NIST
SP800-53 Security Controls
CERT Insider Threat Risk Mitigation Best Practices
Insider Threat Risk Mitigation Checklist
(Based Of Of
CERT Insider Threat Risk Mitigation Best Practices)
DoD PERSEREC- Insider Risk Evaluation And Audit Tool Checklist
Considerations For Outsourcing Work To Third Party Contractors Checklist
Insider Threat User Activity Monitoring For Computer Systems / Networks
Workplace Privacy And Employee Monitoring Guidance (Privacy
Rights Clearinghouse)
Guidance For
Implementing An Employee User Activity Monitoring Program
Insider Threat Red Flag Checklists
The documents listed below can be used to tweak existing network
security tools for Insider Threat detection. Additionally they can be
used when evaluating Insider Threat Detection Tools for evaluation and
purchase.
Insider Threat Red Flags Indicators Checklist
(DTex Systems)
Insider Threat Red Flags Indicators Checklist
(ObserveIT)
Free USB
Security Test - Will Your Employee's Plug In A USB Device They Find?
INSIDER THREAT PROGRAM MATURITY & OPTIMIZATION
GUIDANCE
Insider Threat Program
Maturity Model Report (2019)
The Insider Threat
Defense Group initially developed the Insider Threat Program
Maturity Model Report for Veriato. Veriato provides various Employee
Activity Monitoring solutions for detecting and mitigating Insider
Threats.
The Veriato Insider Threat
Program Maturity Model report was
created to help Insider Threat Program Managers and security professionals, assess their organization’s
ability to monitor for, detect, and respond to Insider Threats.
The report is an extensive 23 page document developed to assess the
several maturity stages that companies go through when implementing an
Insider Threat Program. The document will aid Insider Threat Program
Managers in optimizing their individual Insider Threat Programs.
By using a maturity model for reference, organizations can see where
their Insider Threat Programs needs improvement, working towards an optimized level of
maturity.
To provide context around the current state of Insider Threat Program's, Veriato surveyed
150 information security professionals to see at what level their
Insider Threat Program was
in, and what’s influencing it. This data is included in the report, to
provide you with insight into the necessary steps to optimize your current
Insider Threat Program. (Source)
How Did NASA Rate
The Maturity Of Their Insider Threat Program?
They used the above referenced Insider Threat Program Maturity
Model.
NASA Insider Threat
Program Report (Reference Insider Threat Defense Group Page 17)
Insider Threat Program Maturity Framework (2018)
The National Threat Task Force (NITTF) released the Insider Threat
Program Maturity Framework on November 1, 2018.
The Framework is an aid
for advancing federal agencies’ programs beyond the Minimum Standards,
and builds upon best practices found in the 2017 NITTF Insider Threat
Guide.
The goal is to help
programs become more proactive, comprehensive, and better postured to
deter, detect, and mitigate insider threat risk. (Source)
Measuring The
Effectiveness Of Insider Threat Programs (INSA)
This
document provides guidance on building effective ways to measure the
success of an Insider Threat Program. It is important to assess whether
and to what extent the Insider Threat Program has an impact. Moreover,
specific metrics can help to justify the Insider Threat Program to
leadership resulting in continued funding, resources, and support. The
effective measurement of an Insider Threat Program depends on an
organization’s unique set of requirements and its desired business
outcomes.
INSIDER THREAT PROGRAM GUIDANCE / RESOURCES FOR DOD CONTRACTORS
OFFERED BY DEFENSE
COUNTERINTELLIGENCE & SECURITY AGENCY (DCSA)
Insider Threat Program Requirement For Defense Contractors (NISPOM
ISL 2016)
DCSA Insider Threat Program Guidance
DCSA Establishing An Insider Threat Program for Your Organization.zip
DCSA Insider Threat Program Training / Insider Threat Awareness Training
DCSA Roles And Responsibilities For Personnel Security - A Guide For
Supervisors
SECURITY CLEARANCE GUIDANCE / RESOURCES
National Security Adjudicative Guidelines (DNI)
DNI Employee Continuous Evaluation For Security Clearance Holders FAQs
DoD PERSEREC Adjudicative Desk Reference - Version 4 - March 2014
Classified
Information Nondisclosure Agreement SF312 Briefing Booklet
(See Page 9 To Page 19 For Legislative & Executive Authorities. The Pages Should
Be Briefed And Signed By The Individual Signing The SF312)
Security Clearance Holder Reporting Requirements (DNI)
Security Clearance Holder Reporting Requirements (DCSA)
Reporting Requirements For Personnel With Access To Classified
Information Or Who Hold a Sensitive Position
(Briefing) (DNI)
DSS How To Receive And Maintain A Security Clearance
DOD
Security Clearance Briefing
(Presentation)
LEGAL CONSIDERATIONS / GUIDANCE FOR INSIDER THREAT PROGRAMS
Laws And Regulations Related To Insider Threats - Espionage - Fraud
(NITSIG)
Identifying And Safeguarding Personally Identifiable Information
Training
(DISA)
Insider Threat Best Practices Guide
(Securities Industry &
Financial Markets Association (SIFMA) -
Legal Guidance
Pages 18-27)
Insider Threat Best Practices Guide
(SIFMA 2nd Edition )
Workplace Privacy And Employee Monitoring Guidance (Privacy
Rights Clearinghouse)
Department Of Justice
Prosecuting Computer Crimes Manual
Department Of Justice
Prosecuting
Intellectual Property Crimes Manual
Department Of
Justice Searching - Seizing Computers And Obtaining Electronic Evidence
In Criminal Investigations Manual
EMPLOYEE
HIRING / BACKGROUND INVESTIGATIONS / SEPARATIONS - TERMINATIONS
Human Resources And Insider Threat Mitigation - A Powerful Pairing
Human Resources Role In Preventing Insider Threats
The Safe
Hiring Manual (By Attorney Lester Rosen)
Top Ten Background Check Trends For
2021
Background Checks - What Employers Need to Know
(Federal Trade Commission)
Background Checks - Common Ways Prospective Or Current Employees Sue
Employers Under The FCRA
Ten Potential Dangers When Using Social Media Background Checks
Workplace Investigations Overview - Basic Issues For Employers / Legal
Considerations
Employment Separation And Termination Strategies - Checklist
Guidance For Suspensions And Terminations Of Employees
Supervisors Guide To Employee Separation
Employee Termination Best Practices
Employee
Separation Checklist-1
Employee
Separation Checklist-2
Best Practices For Protecting Your Data When Employees Leave Your
Company
Best Practices For The Separation / Termination Of IT - Network Security
Professionals
Firing
Violent Employees Safely
Preventing Workplace Violence When Terminating An Employee
Guidance For Terminating A Violent Employee
Deadly Terminations And How To Avoid Them
EMPLOYEE
CONTINUOUS MONITORING & REPORTING
Insider Threat Detection And Mitigation Using External Data Sources
(NITSIG)
A Guide For Employers To Implement Continuous Screening Program
The Use of Publicly Available Electronic Information For Insider Threat
Monitoring
Continuous Screening of Employees Will Gain More Acceptance As Critical
Post-Hire Due Diligence Tool
Endera EBook: 5 Reasons Background Screenings Are Obsolete
Endera Employee Continuous
Monitoring Service Overview
CLEAR Online Investigative Platform Investigation By Thomson Reuters
IDI Employee Risk
Management-Investigation Solutions
TLOXP Employee Risk
Management-Investigation Solutions By Transunion
INSIDER
THREAT BEHAVIORAL INDICATORS GUIDANCE
Insider Threat Behavioral Indicators Guidance, Webinars, Presentations
Behavioral Indicators Of Concern
For Insider Threat Programs
Part 1 (NITSIG)
Behavioral Indicators Of Concern
For Insider Threat Programs
Part 2
(NITSIG)
DCSA Insider Threat
Behavioral Indicators Brochure
DCSA Insider Threat Potential Risk Indicators Guide
DCSA Roles And Responsibilities For Personnel Security - A Guide For
Supervisors
Behavioral Indicators For Malicious Insider Theft Of Intellectual
Property
Insider Threat Behavioral Science
Behavioral Analysis In Insider Threat Programs Webinar (Dr. Robert Gallagher
- NITSIG Advisory Board Member / Scientific Director)
Behavioral Indicators And The Critical Pathway To Insider Threats (DITMAC - Dr.
Gallagher)
Application Of The Critical-Path Method To Evaluate Insider Risks
Assessing The Mind Of The Malicious Insider
Psychology Of Spies
Webinar (DCSA)
INSIDER
THREAT AWARENESS GUIDANCE / TRAINING
Insider Threat Awareness & Incident Response Flowchart For DoD
This guide /
flowchart assists in three areas. First, it aides military leaders and
all personnel to be aware of the indicators associated with insider
threat activity while serving in a partnering environment. Second, this
guide informs commanders and other leaders by giving them options on how
to mitigate insider threat activities. Lastly, this guide is meant to
generate open dialogue between coalition partners and partner nation
personnel. Partnering in itself is a sensitive mission and only by
creating trust and having an open dialogue with all forces will the
mission be accomplished. This guide is not all encompassing so there are
other options a commander has dependent on their operating environment.
Insider Threats In Partnering
Environments Flowchart For DoD
Insider Threat & Counterintelligence Awareness Training Resources
Insider Threat Awareness Briefing
Espionage- Insider Threat Indicators Briefing - Dept Of Commerce
DoDD
5240.06 - Counterintelligence Awareness And Reporting Requirements
DSS Insider Threat
Awareness Web Based Training
DSS Insider Threat Awareness Training Student Guide
DSS
Insider Threat Awareness Training
DSS Insider Threat Awareness Trifold - What To Report
DSS
Roles And Responsibilities For Personnel Security- A Guide For
Supervisors
DSS
Elicitation And Recruitment Brochure
FBI The Insider Threat - An Introduction To Detecting And Deterring
An Insider Spy
FBI Economic Espionage - How To Spot A Possible Insider Threat
FBI Counterintelligence
FBI Elicitation Techniques
NSA
Insider Threat Brochure
US CERT- Combating The Insider Threat
NCSC Countering Foreign Intelligence Threat - Implementation & Best
Practices Guide
Insider Threat Awareness Briefing - US Marines
Army Threat Awareness And Reporting Program Regulation 381-12 -- June
2016
Insider Threat & Espionage Awareness Videos / Movies
FBI Video The
Nevernight Connection
This video details an Intelligence Community Official who was
targeted by China via a fake profile on a professional networking site,
and was recruited to turn over classified information before being
arrested. (Watch)
DNI Insider
Threat Awareness Video
Department of Homeland Security
(DHS) - Insider Threat Awareness Video
If You See
Something, Say Something -Insider Threat Awareness Video
FBI
Movie - The Company Man
(Watch On-Line / Download)
FBI Movie: Game Of
Pawns (Watch On Internet Or Download)
FBI Movie: Betrayed
(Request Showing By FBI At Your Organization)
Voices Of The
Betrayed - Co-Workers Speak About The People They Knew And Trusted
Witness To
History: The Investigation of Robert Hansen
Terminal Risk Economic And
Industrial Espionage Awareness Videos
Insider
Threat / Espionage Posters
Insider Threat Security Poster - Your Name Here
Insider
Threat - Hidden Threat Poster
Uncle
Sam - Insider Threat Poster
Preventing Espionage - CI-Security Programs Poster
Robert Hansen Poster
Espionage Does Pay - Prison Is The Bank Poster
National
Counterintelligence And Security Center Posters
Army Poster- Indicators Of Potential Terrorist / Associated Insider
Threat
DATA LOSS
PREVENTION / PROTECTION
Data Lifecycle
Security
Data Leakage
For Dummies
Best Practices For Protecting Data When Employees Leave Your Company
Data / Information Exfiltration
DoD PERSERC Report Summary - Data Exfiltration Project
(2019)
DoD
PERSERC Report - How Trusted Insiders Exfiltrated Data In The DoD
(2019)
3M Visual Hacking Experiment - How Trusted Insiders Stole Data From
Companies
10 Indicators Of Data Abuse With Case Studies
Data Loss Prevention Policies
Data
Loss Prevention Policy-1
Data
Loss Prevention Policy-2
Data
Loss Prevention Policy-3
Data
Loss Prevention Procedures
Data
Security Policies Examples
GDPR Internal Data Protection Policy
Experian Data Breach Response Guide
Data
Breach Response Checklist
FRAUD GUIDANCE
& RESOURCES
Fraud Tree Diagram
Association of Certified Fraud Examiners (ACFE) 2022 Report On Fraud
ACFE Fraud Risk Schemes Assessment Guide
Fraud Risk
Management Scorecards
Other Fraud Tools From ACFE
Fraud Risk Exposures And Descriptions Guide
Anti-Fraud Policies - Procedures Templates
DOD FRAUD GUIDANCE &
RESOURCES
General Fraud Indicators & Scenarios
Fraud Red Flags And Indicators
Comprehensive Listing Of Fraud Indicators
WORKPLACE VIOLENCE PREVENTION
NITSIG
Insider Threat Workplace Violence E-Magazine
(Workplace Violence Incidents)
Workplace Violence Prevention Guidance
OSHA Workplace
Violence Website
OSHA Workplace Violence Presentation
OSHA
Workplace Violence Factsheet
Workplace Violence Program Mitigation Flowchart
FBI
Workplace Violence Guidance
Violence In The Federal Workplace - A Guide For Prevention And Response
Taking Threats Seriously: Establishing A Threat Assessment Team
21 Ways To Prevent Workplace Violence In Your Organization
Preventing Violence In The Workplace
Presentation
(National Crime Prevention Council)
Workplace Violence Prevention Program / Plans / Policies
USDA Handbook On
Workplace Violence Prevention And Response
U.S. Department Of Labor Workplace Violence Prevention Program
U.S. Coast Guard Workplace Violence And Threatening Behavior Instruction
Duke University Workplace Violence Prevention And Response Policy
Boston University Workplace Violence Prevention Policy
University At Buffalo New York Workplace Violence Prevention Policy
Sample Workplace Violence Prevention Plan
Active Shooter Guidance (Prepare, Respond)
DSS Active Shooter Awareness Training Guide
Active Shooter Preparedness Checklist
Active Shooter & Hostile Event Guide
DHS Active Shooter-How To Respond
DHS Poster - How To Respond To An Active Shooter Event
DHS Active
Shooter Preparedness Resources
(Active Shooter Booklet,
Pamphlet, Poster, Pocket Card)
FBI Active Shooter Resources
Maryland Active Assailant Guidance
/ Guidance For First Responders
State Alabama Active Shooter Strategic Response Plan
Crime Prevention Through Environmental Design Concepts
Workplace Violence Prevention / Active Shooter-Assailant Awareness
Training
Workplace Violence
Prevention Training Video
(California Department Of
Human Resources)
DHS Active Shooter
Emergency Action Plan Video
FBI Active Shooter
Video - The Coming Storm
RUN HIDE FIGHT
Video - Surviving An Active Shooter Event
FEMA Training Course - Active Shooter What You Can Do
Active Shooter Detection Systems
Emergency Automatic Gunshot Lockdown System
FireFly Wireless Gunshot Detector
FireFly CityWeb Ballistic Detector
Guardian Indoor Active Shooter Detection System
Wireless Active Shooter Sensors
