Skip to main content

8 Steps to Create an Insider Threat Plan

Author Alex Matheson

Insider threat is a big topic these days. And traditional insider threat programs have failed to keep pace with today's digital workplace, both in the technology and the culture. And that leaves a critical gap in the security stack.

So how do you build a modern insider threat program? Well, we talked to the experts, and they've identified the key steps involved in building a modern insider threat program. Covering things like identifying your most valuable data, getting executive buy-in, creating your rules of engagement, and implementing the right technology.

So in this course, we'll introduce to experts in the security field and have them share their insights as we work our way through these steps. But before we begin, there was one thing these experts stressed: Before starting these steps, you need to define the scope of your insider threat program. Many insider threat program teams focus on data protection, some focus on espionage or workplace violence. If your focus is one of those segments, you should identify who is responsible for the other segments. No matter what your primary objective, a clear charter is critical to a successful program.

Documenting all risks at all times is going to be exhausting and will be hard to maintain since new risks pop up over time. However, you can get going on your insider threat program right away by working with the charter segment owners. Have them start with an organization-wide inquiry of all the key stakeholders, prioritizing your highest risks and start creating plans to mitigate those first.

With that charter in hand by the end of this course, you'll be familiar with and able to implement these steps to establish your modern insider threat program. And while our focus is on the data protection segment for these examples, you can apply the same steps for each segment in the charter. Ultimately, the plan your organization develops should be individualized to meet your needs and culture every step of the way. So if you're ready to hear from the experts, let's get working through the steps of building a modern insider threat program.

About the Author

Alex is a Senior Program Manager at Code42 with a focus on developing a robust and flexible on-demand curriculum. Alex brings more than 25 years of industry-leading technical training for both the classroom and online. Prior to Code42, Alex worked in training development and delivery for various high-tech companies including Imation, QLogic and IBM. When not in front of or behind the camera, Alex evaluates new technologies and methods for making training more meaningful, engaging and timely.

Profile Photo of Alex Matheson
More Content by Alex Matheson