4 Steps to Better Insider Threat Detection Without a Budget Increase

Threatswitch Team
July 20, 2016

There is an ever-growing need to improve your agency’s insider threat detection, recognition and mitigation abilities. New legislation also stresses better organizational security for federal agencies.

For example, the National Defense Authorization Act of 2014, signed by the President, requires better analyses and reports on security clearances – including costs, quality, and timelines for security clearance investigations. The law also requires the Pentagon to modernize personnel security and measure the effectiveness of the new threat assessment strategy.

However, the budgets for these insider threat detection programs are often staying flat or declining. So, how do you ensure your insider threat compliance without a costly budget increase?

You implement an insider threat operations improvement process in the following four steps:

1. Evaluate Current Operations

Many times, organizations and agencies continue to execute processes based on historical precedence rather than optimizing their operations. This practice usually results in an inefficient use of valuable time and budget. To improve your insider threat compliance, you need a different methodology.

Use a lean business process improvement approach to evaluating your current insider threat detection operations. That starts by taking the time to understand what processes are working and which ones need to change.

As you evaluate your current organizational security processes, ask yourself:

  • Could these processes be combined – or eliminated altogether?
  • For essential steps, could they be done more efficiently?
  • Is there another way to process security clearances?
  • Could the adjudication process be more efficient?
  • What about evaluation metrics?

2. Document The Process

After your initial evaluation is complete, document your current state of operations both quantitatively and qualitatively. When documenting, be as detailed as possible and measure those details – such as insider threat indicators – quantitatively. This detailed approach helps you understand any process changes that need to be made and helps you defend processes that should not change.

On the other end, describe your insider threat detection processes qualitatively so that any evaluators of your program still understand your operations, even if they don’t share your technical expertise.

3. Identify Current Gaps

Once evaluation and documentation are complete, identify gaps in your current operations and processes. These could be weaknesses that have led to a past insider incident or they could be future threats in security. Don’t forget to include updated requirements from the National Defense Authorization Act of 2014 – even if your present processes have few gaps, those might be wider gaps in the eyes of the new law.

With gaps clearly identified, prioritize the most pressing issues in order of importance. Also focus on identifying any “quick wins” in your operations improvement: gaps that you could close right away without posing significant implementation challenges.

4. Prepare Your Plan

With processes documented and gaps identified, the only remaining step is to develop your plan to mitigate those insider threat gaps and update your processes. Your plan should address your current operations along with the new requirements, including both quantitative and qualitative justifications.

Build your plan in such a way that you are able to quickly and easily defend your proposed goals, requirements and budget. With your previous evaluation and detailed documentation of current and updated processes, your budget becomes easier to defend.

Bonus Tip: Consider creating your insider threat operations improvement plan using a dynamic model that is easily updated when requirements change. This type of model benefits your plan in all of the following ways:

  • Budget justification
  • Dynamic modeling of requirement changes
  • “What-if” analysis
  • Risk modeling

These steps are the only way to increase your agency’s efficiency in your insider threat detection program without spending additional money. You first must understand how you are doing now, then increase your efficiency through operational improvement and finally, prepare a plan that streamlines your current operations while letting you adjust your processes as requirements change. When the new legislation comes into effect without a corresponding increase in budget, your agency is already prepared – and better attuned to insider threat detection.

Keep Reading

Posts by Topic

Subscribe to our