All organizations are vulnerable to insider threats, whether it is a careless employee unintentionally clicking on a phishing email or a disgruntled staffer revealing classified information to a competitor. However, the harm from these threat actors can be substantial, from shaken consumer confidence to millions of dollars in lost IP investment.
Developed by INSA's Insider Threat Subcommittee, these two resources, an Insider Threat Taxonomy and Components of Effective Insider Threat Training are designed to help organizations, no matter their organizational size or budget, create an effective training program to mitigate these risks, as well as standardized terminology to foster meaningful information sharing.
The Components of Effective Insider Threat Training (pdf) examines different types of training, including the advantages of each; offers recommendations for who should be trained and why; details elements of effective training programs; and provides a range of resources available to insider threat program managers.
The Insider Threat Taxonomy (pdf) broadly characterizes the nature of insider threats facing organizations with common terms, in order to facilitate information-sharing and learning. Until now, no uniform lexicon existed to characterize the different types of insider threats. This lack of standardized terminology hinders development of best practices, as organizations often develop their own categories and terms. Adoption of the Insider Threat Taxonomy will help organizations of all sizes facilitate sharing of insider threat program best practices and lessons learned. Learn more about the Insider Threat Subcommittee.