Skip to main content

8 Steps to Create an Insider Threat Plan

Author Alex Matheson

Insider threat is a big topic these days. And traditional insider threat programs have failed to keep pace with today's digital workplace, both in the technology and the culture. And that leaves a critical gap in the security stack.

So how do you build a modern insider threat program? Well, we talked to the experts, and they've identified the key steps involved in building a modern insider threat program. Covering things like identifying your most valuable data, getting executive buy-in, creating your rules of engagement, and implementing the right technology.

So in this course, we'll introduce to experts in the security field and have them share their insights as we work our way through these steps. But before we begin, there was one thing these experts stressed: Before starting these steps, you need to define the scope of your insider threat program. Many insider threat program teams focus on data protection, some focus on espionage or workplace violence. If your focus is one of those segments, you should identify who is responsible for the other segments. No matter what your primary objective, a clear charter is critical to a successful program.

Documenting all risks at all times is going to be exhausting and will be hard to maintain since new risks pop up over time. However, you can get going on your insider threat program right away by working with the charter segment owners. Have them start with an organization-wide inquiry of all the key stakeholders, prioritizing your highest risks and start creating plans to mitigate those first.

With that charter in hand by the end of this course, you'll be familiar with and able to implement these steps to establish your modern insider threat program. And while our focus is on the data protection segment for these examples, you can apply the same steps for each segment in the charter. Ultimately, the plan your organization develops should be individualized to meet your needs and culture every step of the way. So if you're ready to hear from the experts, let's get working through the steps of building a modern insider threat program.

About the Author

Alex Matheson is the Sr. Manager of Education Experience at Code42. He and his team focuses on building customer & prospect education that is meaningful, engaging and timely. Alex joined Code42 in 2016 and has previously worked for various high-tech companies including Imation, QLogic and IBM. When not in front of or behind the camera, he evaluates new technologies and methods for delivering training to just the right people at just the right time.

Profile Photo of Alex Matheson
More Content by Alex Matheson