Managing The Insider Threat To Your Business - Tisn
MANAGING THE INSIDER THREAT TO YOUR BUSINESSA personnel security handbook
Commonwealth of Australia 2014All material presented in this publication is provided under a Creative Commons Attribution 3.0 Australia licence(www.creativecommons.org/licenses).For the avoidance of doubt, this means this licence only applies to material as set out in this document.The details of the relevant licence conditions are available on the Creative Commons website, as is the full legal code for theCC BY 3.0 AU licence (www.creativecommons.org/licenses).ISBN 978-978-1-925118-45-2Use of the Coat of ArmsThe terms under which the Coat of Arms can be used are detailed on the It’s an honour website (www.itsanhonour.gov.au).Contact usEnquiries regarding the licence and any use of this document are welcome at:Commercial and Administrative Law BranchAttorney-General’s Department3–5 National CircuitBARTON ACT 2600Telephone: 02 6141 6666copyright@ag.gov.au
Ministerial forewordPersonnel security is fundamental to good business.Most personnel strive to conduct themselves inan ethical and professional manner. However, itwould be negligent to ignore the risk of someonedeliberately causing harm or exploiting theirpositions of trust.The trusted insider represents a real and enduringrisk to everyday business practices. It is animportant risk consideration for both governmentand the private sector. Insider activity is, at thevery least, embarrassing and damaging to anorganisation’s reputation, but it can also bedisruptive, expensive and life-threatening.This handbook addresses the risk of the trustedinsider—a person who uses insider knowledge oraccess to commit a malicious act to cause harm.It provides guidance on the risks and factorsassociated with a trusted insider, and offerspractical measures to assist organisations mitigatethe threat.A trusted insider is someone who leaks informationor takes that material outside of the organisationwithout protecting the information appropriately orwithout authorisation. This is quite different from,and should not be confused with, a whistleblowerdisclosing information that, in the public interest,should be disclosed, as detailed in the Public InterestDisclosure Act 2013 (Cth).Trusted insiders represent a diversity of types andmotivations. However, all have placed personalmotivations and needs ahead of their obligations totheir employer. Although malicious acts by insidersare rare, the potential level of risk demands that weare alert to this threat.A number of high-profile international cases oftrusted insiders have highlighted the importance ofmaintaining strong personnel security measures.Australia is not immune to the risk of a trustedinsider and avoiding the potential level of damagefrom such activity requires a concerted effort.I encourage all Australian organisations to read thishandbook—not only to improve your understandingof personnel security and promote a positiveprotective security culture—but to help build arobust and resilient organisation.Senator the HonGeorge Brandis QCManaging the insider threat to your business1
Understanding the insider threatWhoThe insider threat can be defined as the threatposed by unauthorised access, use or disclosureof privileged information, techniques, technology,assets or premises by an individual with legitimateor indirect access, which may cause harm.Trusted insiders are potential, current or formeremployees or contractors who have legitimateaccess to information, techniques, technology,assets or premises.Trusted insiders can intentionally or unknowinglyassist external parties in conducting activitiesagainst the organisation or can commit maliciousacts for self-interest. There is no one type of trustedinsider. However, there are broadly two categories oftrusted insiders who pose a threat: The unintentional insider: unintentionalinsiders are trusted employees or contractorswho inadvertently expose, or make vulnerableto loss or exploitation, privileged information,techniques, technology, assets or premises.Inadvertent actions include poor securitypractices, such as leaving IT systems unattendedand failure to secure sensitive documents, andunwitting unauthorised disclosure to a third party. The malicious insider: malicious insidersare trusted employees and contractors whodeliberately and willfully breach their duty tomaintain the security of privileged information,techniques, technology, assets or premises.2Managing the insider threat to your businessThere are two types of malicious insiders: Self-motivated insiders are individuals whoseactions are undertaken of their own volition, andnot initiated as the result of any connection to, ordirection by, a third party. Recruited insiders are individuals co-optedby a third party to specifically exploit theirpotential, current or former privilegedaccess. This includes cultivated and recruitedforeign intelligence, or their entities withmalicious intent.All malicious insiders intentionally use their accessto resources for financial gain, or to cause harm,loss or damage. Almost all physical and electronicattacks can be assisted or conducted by an insider.Some attacks can only be committed by insiders,such as the unauthorised release of proprietaryinformation or the sabotage of assets that onlyemployees can access.Most self-motivated insiders are the result of anindividual seeing an opportunity to exploit theiraccess while already employed, rather than havingsought employment with the intention of committingan insider act.Information obtained from an unintentional insideris often the result of a lack of security awarenessand a failure to follow security protocols. Often, anunintentional insider acts in breach of their duty totheir employer. Additionally, a trusted insider whoinadvertently assists an external party may notbe aware that they are allowing access to assetsor passing on information, or that the resources
they are providing are valuable and wanted bysomeone else.Studies indicate that most insider cases involve aself-motivated insider.1 It is not only governmentemployees who are targets of exploitation andrecruitment as an insider; businesses may alsobe targeted.WhatInsider activities range from active betrayal topassive, unwitting or unwilling involvement incausing harm, including: unauthorised disclosure of information, includingintellectual property physical or electronic sabotage facilitating third-party access to premises orsystems corruption theft and fraud.WhyThere is generally no single or simple reason foran employee deliberately seeking to cause harm.Commonly, malicious trusted insiders have anumber of motives for their activity. Motivations arecomplex and often mixed. Those who betray theirorganisation are often driven by a mix of personalvulnerabilities, life events and situational factors.1Centre for the Protection of National Infrastructure (CPNI)(United Kingdom), CPNI Insider Data Collection Study:report of main findings, 2013, 3-insider data collection study.pdf.Key motivators for malicious insider activity include: financial gain ideology desire for recognition divided loyalties revenge adventure/thrill ego/self-image vulnerability to blackmail compulsive or destructive behaviour family problems negligence disgruntlement.Although common motivators can be identified, theydo not in isolation or in combination guarantee aperson will betray their organisation.The desire for status and peer recognition—sometimes coupled with or related to genuineor perceived workplace grievance—has been arecurring theme in trusted insider cases. Casestudies indicate that financial gain was the primarymotivation in 47% of trusted insider cases. However,ideology (20%), desire for recognition (14%) anddivided loyalty (14%) were also common motivators.2Insider activity driven by ideology and desire forrecognition is often closely linked to the disclosureof sensitive information. Insider activity drivenby financial gain is often linked to corruptionor providing third parties with access to assetsand resources.Disgruntlement or revenge also commonly fuelsinsider activity. A person can become disgruntled2CPNI 2013Managing the insider threat to your business3
and seek revenge for many reasons. Key reasonsinclude a lack of recognition, disagreements withco-workers or managers, dissatisfaction with the jobor a pending lay-off.Studies demonstrate that 88% of insider activitieswere carried out by permanent staff, 7% involvedcontractors and 5% involved non-ongoingemployees. Significantly, more males (82%) engagedin insider activity than females (18%), and 60% ofthe cases were individuals who had worked at theorganisation for less than five years.3A large number of insider acts are opportunistic(76%) rather than being the planned act of adeliberate infiltrator (6%). It is also important to notethat many employees with malicious intent nevercommit an act of betrayal.4How and whenTrusted insiders will know their employer’svulnerabilities, and how and when they canbe exploited.They will exploit their employer’s trust and theiraccess to resources and facilities to harm thebusiness. They may abuse legitimate access ortake advantage of poor access controls to gainunauthorised access.344CPNI 2013.CPNI 2013.Managing the insider threat to your businessThese illegal activities may take place afterconsiderable planning or on the ‘spur of themoment’ when the opportunity arises.Technology has exacerbated the threat from trustedinsiders. Technology has broadened access toinformation for staff at all levels and increasedthe ease with which sensitive information can beaggregated, removed and disseminated.
Case study 1Melissa, 36, had worked for a small pharmaceutical laboratory for 12 years, almost since itsinception. She was well known and well liked, mostly because she was good fun. Everyone knew sheliked the local clubs for a drink and dabble on the pokies.In January, Melissa came back to work from Christmas holidays less motivated than normal. Word gotout that she had separated from her husband. During the next few months, Melissa’s demeanour andbehaviour changed; she often arrived late and left early, and she was distracted and took a lot of callsoutside on her mobile phone. Everyone put this down to the separation.One weekend, the laboratory was burgled, and a large volume of a chemical used to producemethamphetamines was stolen. There appeared to be no sign of forced entry. Melissa called in sickthat week, but no-one took too much notice.The following week, Melissa was arrested. The company’s chief executive officer (CEO) called a staffmeeting to explain that Melissa had amassed a serious gambling debt and, in the process, dealt witha well-known criminal network. She wasn’t able to repay someof her debt and, with her and her family’s safety under threat, hadOO Identify significant changesprovided access to the thieves.in an employee’s personalThe CEO told staff that Melissa was very apologetic and upsetcircumstances.when interviewed by police. She also said she had tried to sendOO Note when an employee seemssigns to a few colleagues that she was in trouble as she wasunder considerable stress.too scared to tell anyone directly. She pleaded guilty and wasOOCheck whether all emplosentenced to six months in prison. Her husband took custody ofyeesneed after-hours accesstheir three children, and their house was sold to repay some of.the debt. The chemicals were not recovered, although police hadOO Support and engagewith thethree suspects and were continuing their investigation.employee throughout periodsof stress.
There are generally six categories of insider activity.FraudFraud can be defined as obtaining a benefit usingdishonest means, or causing a loss by deceptionor other means. Employees or contractors maybe motivated to commit fraud to gain a benefitfor themselves or others, or to cause a loss tothe organisation.The dishonest benefit gained or loss causedby fraud is not just limited to a monetary cost(eg theft)—it can also encompass other resources,such as information, intellectual property and time(eg employee’s fraudulently manipulating leave).The loss associated with the fraudulent act may alsoextend to areas such as reputational damage andrisks to public safety.Fraud can take many different forms, including: theft misappropriation unlawful use of property, equipment or facilities providing false or misleading information using false, forged or falsified documents.Fraud can be committed by an individual ontheir own behalf or on behalf of an externalagent, or by a network of individuals conspiringtogether. Often, fraud can be facilitated by unwittingco-workers, who are unaware they are assisting thefraudulent individual.CorruptionCorruption can take many forms, but is typicallycharacterised by an insider’s concealed, dishonestor biased behaviour to make a profit or cause a loss.6Managing the insider threat to your businessCorrupt conduct consists of an abuse of trust,using a position or discretionary power for one’sown purpose.Corrupt practices have the potential to undermineAustralia’s reputation for high standards ofgovernance, robust law and justice institutions,equitable delivery of services, and transparent andfair markets.Some examples of corrupt conduct includebribery, embezzlement, insider trading, nepotismor cronyism, creating or exploiting a conflict ofinterest, and unauthorised access to or disclosureof information. Corruption can facilitate other formsof insider threat, including fraud, criminal gainand espionage.
Case study 2: Fraud and corruptionIn 2013, Joseph Hikairo Barlow was sentenced to 14 years’ jail for defrauding Queensland Health.Barlow made 65 fraudulent grant payments to himself between 2007 and 2011, totalling more than 16.6 million and including a single fraudulent payment of 11 million. Queensland’s Crime andMisconduct Commission (CMC) found that, from the outset, Barlow was a high-risk employee: he hada criminal record, was wanted for questioning in New Zealand for fraud, and had fabricated his CV andhis heritage as a Tahitian prince.His conduct in the workplace manifested signs of chronic unreliability, characterised by an obviouslack of respect for the workplace, a propensity to take advantage of the service conditions, consistentlypoor attendance, erratic work hours that were not recorded on timesheets, excessive amounts of leavetaken without proper records being kept and poor-quality work not to the standard required of hisseniority level, requiring other staff to complete or redo his tasks.Barlow would later admit that he actively intended to defraud Queensland Health. The CMC found thatQueensland Health missed the initial warning signs of Barlow as a high-risk employee and failed toproperly investigate when it became aware of concerns relating to his behaviour. The CMC also foundthat a number of co-workers assisted Barlow in carrying out hisfraudulent behaviour. Although some co-workers were unwittingOO Verify identity.accomplices, the CMC found that a number failed to comply withOO Check references.policy and procedure, and recommended that disciplinary actionshould be taken against them.OO Undertake a criminalhistory check.OO Identify and manageunderperformance.
Criminal gainEspionage or spyingPrivate enterprise employees are attractive toorganised crime because of their knowledge ofbusiness and government processes. Businessescan also give legitimacy to corrupt financialtransactions and provide a cover for the movementof illicit goods, either domestically or internationally.Globally, there are many examples of trustedinsiders who defraud businesses or who use abusiness to facilitate criminal activity, such as drugtrafficking and money laundering.An individual, commercial entity or government canundertake espionage (or spying) for the purposeof surreptitiously or deceptively obtaining secretinformation for national, commercial or economicadvantage. A trusted insider can be used as atool for either traditional espionage by a foreigngovernment or industrial espionage.Trusted insiders can be complicit in criminal activity,or may be duped or coerced into assisting criminalsundertake illegal activity. They can work alone fortheir own personal gain or may be a small part of asophisticated criminal enterprise. In some cases,trusted insiders have used their employment toundertake illegal activity to assist family, friends orpeople with a shared cultural background or beliefs.Unintentional disclosureA person can be unaware that they are disclosinginformation, or that the information they areproviding is valuable or sensitive. Leaving aworkstation unlocked, not securing a password ornot following system procedures are examples ofunintentional threats that can lead to more seriouscompromises. Additionally, stolen or misplacedsecurity passes, laptops and mobile devices canalso lead to unintentional disclosure of sensitiveor valuable information. So too can a simpleconversation about what a person is currentlyworking on with a friend or family member.Espionage poses an enduring threat to both theAustralian Government and Australian businesses.It can provide significant unauthorised access toa wide range of information detrimental to ourinterests, including future prosperity.TerrorismInsider threat studies show that the majority oftrusted insiders, who act against an organisation,do not do so for terrorist or espionage purposes,but rather for motives of disgruntlement, revenge orcriminal financial gain.5 However, trusted insiderscan be extremely dangerous tools for terroristswho can leverage them to gain information oraccess premises.5 CPNI 20138Managing the insider threat to your business
Case study 3: Malicious insiderIn July 2013, United States (US) soldier Bradley Manning was convicted of 17 charges under theUS Espionage Act of 1917. Manning unlawfully passed classified material, including more than250 000 diplomatic cables, to the WikiLeaks website. It is unclear exactly what motivated Manning torelease the material. However, before the unauthorised disclosure of the cables, Manning displayedan ideological conflict with the war in Iraq, struggled with his homosexuality and gender identity withinthe US Army, and was vocal about his dissatisfaction with his work environment. Before Manning‘leaked’ the cables, he had been demoted because of growing concern about his mental state andrecent outbursts.Case study 4: Espionage or malicious insiderIn June 2013, Edward Snowden, a former Central Intelligence Agency employee and National SecurityAgency (NSA) contractor, illegally removed up to 1.8 million classified documents from the NSA,including material harmful to Australia. Snowden abused his privileges as an IT administrator to gainaccess to the majority of these documents. He also accessed a small number of documents by askingunsuspecting colleagues for their usernames and passwords.It is estimated that Snowden shared between 50 000 and 200 000 classified documents with reporters,of which only a very small percentage have been made public so far. Even the releases to date havecaused significant damage. There were a number of warning signs to suggest Snowden could becomea trusted insider, including inconsistencies on his CV. He also promoted his ideological views usingsocial media. Further reporting suggests the company that completed Snowden’s security clearance isaccused of signing-off on thousands of incomplete security checks.
Personnel security—what it is and why you need itPersonnel security is a set of measures to managethe risk of an employee exploiting their legitimateaccess to an organisation’s facilities, assets,systems or people for illicit gain, or to cause harm.Organisations need to have effective and robustpersonnel security frameworks in place.Implementing a personnel security frameworkwill help you build an understanding of any insiderthreats facing your business and give you the toolsto manage any associated risks (see Figure 1).10Managing the insider threat to your businessIt will also allow you to place a level of trust in youremployees so that you can confidently give themaccess to your business.The remainder of this section describes theelements of the personnel security framework inmore detail.
Framework elementDetails of framwork elementOrganisational personnelsecurityMake sure you: know your business have a good security culture perform a personnel security risk assessment understand the legal framework communicate personnel security and the consequences of personnel securitybreaches to your employees.Pre-employment personnelsecurityPerform the following pre-employment background checks: identity checks, including overseas applicants or applicants who have spenttime overseas qualification and employment checks national criminal history checks financial background checks.All documents for the checks should be secured. Any applicant who fails to meetthe standard of your business should be rejected for employment.Ongoing personnel securityMake sure you: have access controls in place perform protective monitoring promote a security culture, including one that-- counters manipulation-- reports and investigates, when necessary-- performs ongoing checks-- submits contractors to the same security clearance as in-house personnel recognise after-employment threats.Information andcommunicationstechnology securityBe sure to consider and, if necessary, monitor: electronic access shared administrative accounts account management policies and procedures the standard operating environment system logs.Figure 1A personnel security frameworkManaging the insider threat to your business11
Organisational personnelsecurityKnow your businessYou know your business best—its key roles andpeople, its strengths and weaknesses, and itsenvironment and operations. When developing apersonnel security framework, take into account: the broad operational environment your risk management framework training and education the key positions of trust in your organisation the reliability and integrity of yourrecruitment processes your human resources structure and processes the interaction between your human resources,and protective and electronic security areas the implications of incidents that result from abreach of personnel security the key information, technology or premises youneed to protect.Certain organisational factors in your business, orthe lack of policies to address these factors, meanthat there may be an increased risk of an insiderthreat to your business. These factors includethe following:6 Proprietary, valuable, classified or otherprotected materials are readily available oreasily acquired.612Federal Bureau of Investigation, The insider threat: an introductionto detecting and deterring an insider spy, accessed 14 April ligence/theinsider-threat.Managing the insider threat to your business Access privileges are provided to those who donot need them. Proprietary or classified information is notlabelled or is incorrectly labelled. Someone can easily exit the facility (or networksystem) with proprietary, valuable, classified orother protected materials. Policies regarding working from home onprojects of a sensitive or proprietary natureare undefined. There is a perception that security is lax, and theconsequences for theft are minimal ornon-existent. Employees face considerable time pressures—employees who are rushed may inadequatelysecure proprietary or protected materials, or notfully consider the consequences of their actions. Employees are not trained on how to properlyprotect proprietary information. Subcultures exist within the organisation, whereloyalties are to one another, rather than to theorganisation itself. Employees have low levels of awareness ofpotential security and integrity risks.Have a good security cultureA good security culture is vital. It will include most, ifnot all, of the following characteristics: Awareness: employees understand and acceptthe security risks for the organisation. Ownership: security is viewed as an integral partof the organisation’s business. Reporting: security breaches are reported, andemployees accept reporting as normal.
Compliance: there is a high level of compliancewith security policies and procedures. Discipline: sensitive access or information is notprovided unless there is a clear requirement. Challenge: employees are confident to challengeothers if they are not complying with securityrequirements. Communication: the rationale for securitymeasures is clearly communicated to allemployees. Senior sponsorship: senior managers place, andare seen to place, a high value on security. Enforced disciplinary procedures: securitybreaches are dealt with consistently andrigorously, according to well-establishedguidelines. Offering incentives: ideas for improving securityand reporting security breaches are rewardedappropriately.Understand the legal frameworkPerform a personnel security riskassessmentCommunicating expectations within any organisationis essential to the effectiveness of its risk controlmeasures, including personnel security. In theabsence of effective communication, it can bedifficult to establish and maintain an organisationalculture that is resistant to insider threat. Thefollowing factors are important to this process: The head of the organisation and seniormanagement visibly demonstrate theircommitment to security and integrity (oftenreferred to as ‘tone from the top’). Managers and supervisors play an active role,and are:-- close enough to employees and processes toidentify risks and problematic behaviourMost businesses have implemented basic riskmanagement principles. The same principles applywhen developing a personnel security framework.Based on a risk assessment, you will be able to: prioritise risks to your business develop a personnel security plan and identifysecurity measures to mitigate risks allocate resources cost-effectively andcommensurate with the risk help identify potential consequences or impacts communicate insider risks to managers andemployees, and ensure that they engage withyour personnel security framework.Understanding the legal framework is vital. Whendeveloping a personnel security plan, you will needto be aware of a wide range of legal issues. If youhave any concerns or questions, it is wise to seeklegal advice to make sure your framework andprocesses comply.Relevant legislation includes that relating to: general discrimination, including race, gender,religion, sexual orientation, age and disability criminal history immigration status work health and safety public interest disclosure privacy.Communicate personnel security to youremployeesManaging the insider threat to your business13
-- able to exercise direct control over these risksand behaviours-- able to maintain an awareness of theorganisational value of security and integrity. Employee and organisational values are aligned,including through raising awareness of ethicalbehaviour. Staff confidence in the available reportingmechanisms is fostered, both in terms ofprotection for the reporter and subsequent fairtreatment of the subject of the report. Minor misconduct is addressed diligently andfairly—this prevents a misconduct-tolerantenvironment from forming, which can lead tomore serious breaches.Pre-employment personnelsecurityBackground checking is designed to give youconfidence that prospective employees are who theysay they are, and have the skills and experience theysay they do.This will provide you with the requisite level of trustin a prospective employee to offer them a job andgive them access to your business and its resources.As early as possible in the recruitment process,advise all applicants about: the business’s requirements for pre-employmentchecking why these checks are conducted what your business will do with the informationcollected to whom the information might be disclosed14Managing the insider threat to your business what subsequent decisions might be made aboutan applicant’s suitability for work.With all pre-employment background checks,be sure of the criteria for checking before youstart. Identify the requisite level of checking foreach position.The more sensitive the position, the more checksyou will probably want to make.Identity checksVerifying the identity of applicants duringrecruitment is fundamental. It will give you a level ofassurance about your prospective employee.Details on how to verify the identity of potentialemployees can be found in the Australian StandardAS 48112006 (Employment screening) and theStandards Australia publication HB 323-2007(Employment screening handbook).These publications can be found atwww.saiglobal.com.Overseas applicants or applicants who havespent time overseasMany prospective employees will have lived andworked outside Australia. For Australian citizenswho have lived and worked overseas, you should try(as far as possible) to conduct the same checks asfor applicants who have worked only in Australia.For non-Australian citizens, in addition to the checksyou would conduct for an Australian citizen, youshould also check whether the applicant has theright to work in Australia, in what positions and forhow long.
Qualification and employment checksWhen confirming an applicant’s qualifications, youshould: request original certificates or copies certified bythe issuing authority compare details in these certificates with thoseprovided by the applicant confirm the existence of the educationalinstitution and the details provided by theapplicant.You should check the details in an applicant’scurriculum vitae (CV) to ensure that there are nounexplained gaps or anomal
4 MANAGING ThE INSIDER ThREAT TO YOUR BUSINESS and seek revenge for many reasons. Key reasons include a lack of recognition, disagreements with co-workers or managers, dissatisfaction with the job or a pending lay-off. Studies demonstrate that 88% of insider activities were carried out by permanent staff, 7% involved
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
Counter-Insider Threat Program Director's vision to integrate the social and behavioral sciences into the mission space. As part of a partnership with the PERSEREC Threat Lab, CDSE provides links to their insider threat resources in the Insider Threat toolkit. This promotes the applied use of research outcomes to the insider threat community.
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
the CERT Division's National Insider Threat Center (NITC) at Carnegie Mellon University's Software Engineering Institute. Serves as the Chair of the Open Source Insider Threat (OSIT) information sharing group for industry insider threat practitioners. Develops detection and mitigation strategies for insider threat programs.
Sep 05, 2019 · The Insider Threat Program Overlay contains common and hybrid security controls specifically implemented by the Insider Threat Program, which are then inheritable by the enterprise. The Insider Threat Program Overlay is based on a system categorization of High Confidentiality,
