For federal agencies and the entities that work with them, oversight and expectations around insider threat programs are changing quickly and these organizations need a measurable way to understand internal gaps, and make effective and efficient improvements without sacrificing security.
In 2014, Congress passed and President Obama signed the National Defense Authorization (NDA) Act, introducing significant new requirements for federal agencies. Among other things, the 2014 NDA Act requires the Department of Defense’s insider threat detection program to measure success through evaluative metrics.
In the NDA Act, we see one key to creating more successful insider threat programs for all federal agencies and associated entities: robust self-assessment.
Creating and Assessing an Insider Threat Program
Some executive agencies have already managed to establish mature insider threat programs and assess themselves successfully – this can be easier for smaller agencies with fewer people and resources to manage. But for larger agencies, it can be a challenging exercise. Millions of individuals might belong to an agency or have access to its network.
In order to help agencies get in compliance with their requirements and prevent insider threats, the National Insider Threat Task Force (NITTF) is leading a broad effort to help agencies build effective insider threat programs. Drawing from NITTF’s guidelines, we’ve developed a high-level assessment to help you understand where you are now and where you need to go.
Taking the Assessment
The Insider Threat Assessment is designed to quickly and easily diagnose the health of your insider threat program – and then track its development in the future. It helps agencies understand where they fall on an overall maturity model and report results to senior leaders.
Armed with the resulting data, an agency will be well-equipped to understand its areas of greatest need and implement solutions quickly and cost-effectively. Areas for attention might include:
- Strategic communication around insider threat programs
- Insider threat hub implementation and usage
The questions in the Insider Threat Assessment are straightforward queries about the existence, usage, and implementation of various security functions. For example:
Are there sufficient resources to respond to insider threats in a timely and effective manner?
An executive with a comprehensive view of the entire insider threat program might be able to answer every question in this assessment themselves -- but in some cases, they might need to reach out to others. Ultimately, it is preferable for as many people as possible to participate in the assessment, as this will give organizations the most comprehensive information on their programs.
Finding the Way Forward
Taken together, the answers to the assessment will show an organization how they can close gaps while minimizing costs.
Additionally, they can see the degree to which different departments agree on a given topic. When organizations have more than one person take the assessment, it will quantify agreement throughout the team, allowing agencies to identify areas for discussion and work. Sometimes, leaders may find that what they imagined being areas of agreement are anything but.
To make the greatest use of the assessment, agencies should take it as they begin their insider threat program – then every quarter, in order to view progress over time. This way, organizations will have metrics to gauge their efforts as they move forward. For agencies facing big challenges as they implement their programs, the knowledge gained from this assessment can be transformative.