Profile your insider threat mitigation
A malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems.
—CERT Insider Threat Center
The Insider Data Threat Micro-Assessment is a high-level gap analysis that gives you a baseline reading against 19 insider-threat mitigation best practices, and provides insight in six different areas of insider threat mitigation:
- Human Resources (HR)
- Legal
- Physical Security
- Data Owners
- Information Technology (IT) including Information Assurance (IA)
- Software Engineering
"Micro-Assessment Template – Insider Threat Mitigation," is based on "Common Sense Guide to Mitigating Insider Threats, 4th Edition" by George Silowash, Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak, Timothy J. Shimeall, and Lori Flynn, CMU/SEI-2012-TR-012, (c) 2012 Carnegie Mellon University; however, neither Carnegie Mellon University nor its Software Engineering Institute have reviewed this work and accordingly do not directly or indirectly endorse this work.
Access Insider Threat Materials for Download
Be notified when new tools and articles are added to our website.
Insider Threat Mitigation Micro-Assessment
Micro-assessments are small narrowly-focused efforts done to quickly as a light effort, to provide actionable insight, usually performed by one or two people without the need to establish a budget or formally allocate personnel. The standard RBCS Micro-assessment Template has been modified to focus on Insider Threat to Critical Data. This is not a full-blown insider threat risk assessment. It is a simple assessment that can be performed easily that will give you the status of your organization's insider threat mitigation controls compared to 19 best practices for insider threat mitigation. Most organization's don't know and can't report to management exactly where they stand with regard to these best practices. All organizations have some degree of insider threat. From recent annual CyberSecurity Watch Surveys, conducted by the U.S. Secret Service, the CERT Insider Threat Center, and CSO Magazine:43% of survey respondents had experienced at least
one malicious, deliberate insider incident in 2010.
(53% in 2011 and 2012.)
Would you (or your senior management) like to know where your organization stands?
Use the Insider Threat Micro-Assessment to quickly determine the extent to which your organization has insider threat mitigation measures in place. This high-level assessment gives you a baseline reading against 19 insider-threat mitigation best practices, and provides insight in six different areas of insider threat mitigation listed at the start of this article.