Insider Threat Program Best Practices

Currently, there is no community-accepted standard for an insider threat mitigation program. While these programs have developed organically or ad hoc over time, no agency has developed and made available a model program that other agencies can use to determine which best practices to implement and which components to prioritize, depending upon their environment, budget, and other such inherent constraints. The authors have been increasingly asked to assist in developing, reviewing, or implementing insider threat programs of varying degrees across the Intelligence Community (IC) and the Department of Defense (DoD). The authors have gathered a set of best practices from a variety of organizations with insider threat programs to build and present a model insider threat auditing and mitigation program described herein. These best practices are most applicable to the DoD/IC, but are also relevant to civilian organizations.