It's Time to Put Your Insider Threat Program to the Test

Threatswitch Team
July 14, 2016

An insider threat is one of the greatest dangers you can face at your federal agency.

Yet, knowing whether your insider threat program is mature enough to mitigate and manage so many evolving threats is difficult to determine, especially if you don’t have any data to compare your own program against.

Nothing could be more critical to your insider threat detection efforts than recognizing and shoring up any vulnerability your defense or security agency might have, but in order to close these gaps, you need a data-driven benchmark assessment.

Not all assessments are created equally. Here are three major aspects any worthwhile insider threat assessment should include:

1. It Must Align With National Insider Threat Policy

Over three years ago President Barack Obama issued the National Insider Threat Policy for security and defense agencies.

Since then, many aspects of the policy have evolved, and some requirements have been defined in greater detail. Ideally, a trustworthy assessment incorporates these changes and details, including the latest Key Information Sharing and Safeguarding Indicators (KISSI) established by the National Insider Threat Task Force (NITTF).

2. It Must Be Backed By Other Agencies’ Data

An insider threat and risk assessment is useless if it only compares your agency’s programs against an untested or ideal standard. An assessment that isn’t based on real-world research or data from the field  simply isn’t worth your time or money.

In order to properly evaluate your insider threat detection efforts, you need an assessment that compares your agency against the maturity of other insider threat detection programs, including the largest defense and security agencies affected by the National Insider Threat Policy. Since the largest organizations in the Department of Defense have already completed initial work on their insider threat programs, it’s essential that you learn from their experiences.

The ideal benchmark assessment should be created by a security, suitability and insider threat firm that serves the federal government and that has already helped defense agencies diagnose their programs, understand their weaknesses and develop plans for how they can adapt to the new policy requirements – and the new threat environment. A worthwhile assessment then provides an automated analysis of how you stack up next to the deployments of those larger agencies.

3. It Must Protect Your Confidential Information

Conducting a thorough, in-depth analysis of your security risks and insider threat detection capabilities requires the assessor be in your utmost confidence. Your security or defense agency’s insider threat program contains classified information that shouldn’t be shared to just any prospective contractor or advisor.

Check that the firm conducting a potential assessment holds a Top Secret Facility clearance with Commercial And Government Entity (CAGE) Code 4AE58. In addition, the firm should clearly state their Privacy and Data Protection Policy at the beginning of the assessment so you’re assured they won’t share, distribute, reuse or otherwise disclose any information you provide.

Getting your insider threat program assessed is the first step to ensuring the maturity and readiness of your detection efforts. Whether your program has just started or has been running for years, it’s time to put your insider threat program to the test – before a real disaster strikes.

Keep Reading

Posts by Topic

Subscribe to our