Establishing an Insider Threat Program
Because of a number of high profile incidents that have significantly impacted organisations recently (e.g. Sabotage; Theft of IP; Fraud; Espionage; Negligence), many organisations across the industry have realised that a more robust and focused approach is required to address Insider Threats.
We believe therefore, that organisation across all critical infrastructure will benefit from building a formal insider threat program with the following objectives.
- Deter, detect, disrupt and mitigate insider threats
- Monitor and audit technical, physical and behavioural information across the organisation
- Designate a senior official responsible for the program
- Ensure proper data management practices that properly protect sensitive data
- Protect the privacy of employees
- Perform self and independent evaluations to improve the effectiveness of the program
- Provide regular insider threat security awareness training
Why A Formalised Program?
A formalised insider threat program demonstrates that commitment of the organisation to due care and due diligence in the protection of its critical assets. A formal program is essential to providing consistent and repeatable prevention, detection and response to insider incidents in your organisation.
Is A Formalised Program Necessary?
Yes! A formalised program codifies the mission, intent, scope, implementation and oversight of the organisation’s insider threat efforts. The formal program provides a measurable response to insider attacks and can show the organisation progress in mitigating insider attacks. Furthermore, a formal program creates the opportunity for resources dedicated to insider threat mitigation, an essential step in building a successful insider threat program
How Can CommsNet Group Help?
CommsNet Group can help you customise a specific insider threat program to fit your organisation operating environment.
CommsNet Group can help you develop a formal program, that addresses and spans all the organisation functions and locations
The CommsNet Group Advantage
CommsNet Group is the first company to partner with the Carnegie Mellon University Software Engineering Institute (SEI) in the Asia/Pacific region for Insider Threat and licensed to provide official SEI services in Insider Threat Program.
Carnegie Mellon University works with the U.S. Computer Emergency Response Team (CERT) to analyse known insider threat cases in an effort to draw attention and understanding of motivation and opportunity and to help communicate important risk factors (www.cert.org/insider-threat).
This unique partnership enables CommsNet Group to provide a unique combination of services and solutions.