Insider Threat Mitigation

Trusted insiders commit intentional or unintentional disruptive or harmful acts across all infrastructure sectors and in virtually every organizational setting. Individuals entrusted with access to or knowledge of an organization represent potential risks and include current or former employees or any other person who has been granted access, understanding, or privilege.

This site is designed to assist individuals, organizations and communities in improving or establishing an insider threat mitigation program. To combat insider threats, organizations should consider a proactive and prevention-focused insider threat mitigation program. This approach can help an organization define specific insider threats unique to their environment, detect and identify those threats, assess their risk, and manage that risk before concerning behaviors manifest in an actual insider incident. 

What is an Insider and Insider Threat?

According to the National Insider Threat Task Force (NITTF) “an insider is any person with authorized access to an organization’s resources to include personnel, facilities, information, equipment, networks, or systems”.

The NITTF defines the insider threat as “the risk an insider will use their authorized access, wittingly or unwittingly, to do harm to their organization.  This can include theft of proprietary information and technology; damage to company facilities, systems or equipment; actual or threatened harm to employees; or other actions that would prevent the company from carrying out its normal business practice”

How Organizations Mitigate the Insider Threat

The links below describe how organizations can establish an insider threat program, identify and protect critical assets, recognize and report suspicious behavior, and assess and respond to insider threats.

Additional Resources

 

 

Insider Threats 101 What You Need to Know fact sheet introduces key concepts and important  fundamentals for establishing an insider threat mitigation program.

Human Resources’ Role in Preventing Insider Threats fact sheet provides human resource managers with useful and relevant information pertaining to observable behaviors, indicators, and security solutions that can assist organizations with mitigating risk against an insider attack.

The Insider Threat Mitigation Guide provides comprehensive guidance for organizations of all sizes in support of the establishment or enhancement of an insider threat mitigation program.  The information within the Guide is scalable and allows for the consideration of the level of maturity and size of the organization. 

Contact Information

To get more information on insider threats, please send an email to InTmitigation@hq.dhs.gov

In case of an emergency, or to report suspicious activity or events, call 9-1-1 or contact local law enforcement.

Establish Program

Establish Program

Building an insider threat program can help organizations detect, deter, and respond to threats resulting from malicious and unintentional insiders. 
Protect Assets

Protect Assets

An insider threat program can protect critical assets from malicious insiders or the unintended consequences from a complacent workforce.  
Recognize and Report

Recognize and Report

An engaged workforce trained to recognize and report suspicious behavior or activity can help defend against insider threats. 
Assess and Respond

Assess and Respond

A comprehensive insider threat program can involve collecting and analyzing information, that is continuously changing, and from a variety of data sources. 
Last Updated Date: November 18, 2020

Was this document helpful?  Yes  |  Somewhat  |  No