The (INSA) Cyber Council Insider Threat Task Force today released its white paper, “A Preliminary Examination of Insider Threat Programs in the U.S. Private Sector,” which examines insider threat mitigation programs in the U.S. private sector. The paper offers insights into current practices for developing these programs across the county.
“From this white paper, we’ve learned that the private sector’s insider threat mitigation programs are quite diverse and vary in complexity, further illustrating the need for a more widely accepted definition of what a formal insider threat mitigation program is, so that best practices and results can be shared,” INSA President Ambassador said. “The INSA Insider Threat Task Force’s paper reminds us that at the core of any insider threat is a person and, as a result, measures to protect against threats must also focus on human psychological events and indicators, as well as technology-based indicators, like tracking online activity or phone records.”
The task force conducted in-depth interviews with 13 large, national or global private organizations that own a large portion of the nation’s critical infrastructure, including communications and IT infrastructure where sensitive government work is conducted.
“Business organizations received a wakeup call in response to recent, high profile events on the potential impacts and vulnerabilities of an insider threat. However, prior to the publication of the Preliminary Examination of Insider Threat Programs in the U.S. Private Sector white paper, no preliminary data was available for private sector companies to gauge where to begin or assess what their peers were doing to mitigate insider threat. With this white paper, INSA hopes to focus the conversation moving forward on the strategy and solutions that will help protect the industry against insider threats,” said INSA Cyber Council Insider Threat Task Force Chair , the Director of Insider Risk Management at Rockwell Automation.