Insider Threat Program Development - Management Resources
Insider
Threat Detection & Mitigation Resources
Below are
various resources to assist you with your Insider Threat Program
Development / Management and Insider Threat Detection and Mitigation
efforts...
U.S. Government Insider Threat Program Policies
National Insider Threat Policy
USDA Insider Threat Program Policy
GSA Insider Threat Program Policy
Department Of Treasury Insider Threat Program Policy
Department Of Energy Insider Threat Program Policy
Department Of Justice Insider Threat Program Policy
NASA Insider Threat Program Policy
NRC
Insider Threat Program Policy & Implementation Plan
Defense
Security Service Insider Threat Identification And Mitigation Program
Policy
Navy Bureau Of Medicine And Surgery Insider Threat Program Policy
U.S. Marines Insider
Threat Program Policy
Peace Corps
Insider Threat Program Policy
DoD Insider Threat Management
Analysis Center FAQ
DoD Insider Threat
Management Analysis Center Presentation
Insider Threat Program
Maturity Model Report (2019)
The Veriato Insider Threat Program (ITP) Maturity Model report was
created to help security professionals assess their organization’s
ability to monitor for, detect, and respond to insider threats.
The report is an extensive 23 page document developed to assess the
several maturity stages that companies go through when implementing an
ITP. The document will aid ITP Managers in advancing their individual
ITP's.
By using a maturity model for reference, organizations can see where
their ITP needs improvement, working towards an Optimized level of
maturity.
To provide context around the current state of ITP's, Veriato surveyed
150 information security professionals to see at what level their ITP is
in, and what’s influencing it. We’ve included this data in the report to
provide you with insight into the necessary steps to mature your current
ITP. (Source)
Insider Threat Program Maturity Framework (2018)
The National Threat Task Force (NITTF) released the Insider Threat
Program Maturity Framework on November 1, 2018.
The Framework is an aid
for advancing federal agencies’ programs beyond the Minimum Standards,
and builds upon best practices found in the 2017 NITTF Insider Threat
Guide.
The goal is to help
programs become more proactive, comprehensive, and better postured to
deter, detect, and mitigate insider threat risk. (Source)
Insider Threat Program Development-Management Training Providers / Resources
Insider Threat Program
Development-Management Training
(Offered By Insider Threat Defense - 2 Day Instructor Led
Class)
Insider Threat Program
Development-Management Training
(Offered By Insider Threat Defense - 1 Day Web Based Training)
Insider Threat Program Management With Legal Guidance Training
(Offered By Insider Threat Defense - Insider Threat Management Group) (2
Day Instructor Led Class)
National Insider Threat Policy - NISPOM Conforming Change 2
Training
(Offered By Insider Threat Defense - 2 Day Instructor Led
Class)
DSS CDSE Resource Guide For Insider Threat Program Related Training
DoD Insider Threat Program Best Practices For Training
Effective Insider Threat Programs: Understanding And Avoiding Potential
Pitfalls (CMU ITC)
Ebook Insider Threat Program - 90 Day Plan (Written By Attorney
Shawn Thompson)
Insider Threat Program Training -It Starts With Security 101
Foundations
Insider Threat Program Training Webinars
How To Build An
Insider Threat Program (Jim Henderson-NITSIG Founder / Chairman)
Insider Threat Management Program Guide (Shawn Thompson-NITSIG Board
Member / Legal Advisor)
Insider Threat
Law-Balancing Privacy And Protection
(Shawn Thompson-NITSIG Board Member / Legal Advisor)
Behavioral Analysis In Insider Threat (Dr. Robert Gallagher - NITSIG
Board Member / Scientific Director)
Insider Threat Program Information For Defense Contractors
DSS NISPOM
Conforming Change 2 Information
On this DSS link
www.dss.mil/it/index.html you will find the information below:
-
DSS Insider Threat
Industrial Security Letter (ISL) - Insider Threat Program Requirements
-
DSS ODAA Process
Manual (This Manual Will Outline What Needs To Be Monitored On
Classified Information Systems. See Pages 71-72)
-
Appointments of
Insider Threat Program Senior Officials (ITPSO) (e-FCL)
-
NISP Self-Inspection
Handbook for NISP Contractors (With Insider Threat Section Pages 61-67)
(DIB Contractors Will Be Required To Perform Self Assessments)
-
DSS Insider Threat
Program Job Aid
-
Updated NISP Manual
(NISPOM) With Conforming Change 2
-
NISPOM Summary of
Changes
DSS Establishing An Insider Threat Program for Your Organization.zip
Insider Threat Programs - How To Get Started
(Presentation)
DSS NISPOM Adverse Information Reporting Requirements Presentation
(March 2014)
DSS NISPOM Adverse Information Reporting Guide
DSS Webinar: Adverse Information Reporting
DSS NISP
Reporting Requirements Training
DSS Potential Espionage Indicators - Detecting Actions Outside The Norm
DSS Administrative Inquiry (AI) Job Aid For Industry
Cleared Employee Reporting Requirements.doc
DoD / NISP Special Access Programs (SAP)
DoD Special Access Program Security Manual - General Procedures
DSS SAP Security Inspection Checklist
Guidance On The
Legal Aspects Of Insider Threat Programs
Webinar: Insider
Threat Law-Balancing Privacy And Protection
Identifying And Safeguarding Personally Identifiable Information
(DISA)
Laws And Regulations Related To Insider Threats-Espionage-Fraud
Insider Threat Best Practices Guide
(Securities Industry &
Financial Markets Association (SIFMA) -
Legal Guidance
Pages 18-27)
Insider Threat Best Practices Guide
(SIFMA 2nd Edition )
Criminal Prohibitions On The Publication of Classified Defense
Information
DOJ Prosecuting Computer Crimes Manual
Classified
Information Nondisclosure Agreement SF312 Briefing Booklet
(See Page 9 To Page 19 For Legislative & Executive Authorities. The Pages Should
Be Briefed And Signed By The Individual Signing The SF312)
Personally Identifiable information (PII) / Data Breach Response
PII Poster
DOD DD2923 - Privacy Act Data Cover Sheet
DHS Handbook For Safeguarding Sensitive Personally Identifiable
Information
Health & Human Services - Policy For Responding To Breaches Of PII
Experian Data Breach Response Guide
Data
Breach Response Checklist
Security Clearance Adjudicative Guidelines
DSS 2017 National Security Adjudicative Guidelines Job Aid
DoD PERSEREC Adjudicative Desk Reference- Version 4 - March 2014
Employee Hiring / Separation / Background Investigations
The Safe
Hiring Manual (2017 Edition-By Attorney Lester Rosen)
Online Safe Hiring Certification Training Course (By Attorney Lester
Rosen)
Background Checks - Common Ways Prospective Or Current Employees Sue
Employers Under The FCRA
Ten Potential Dangers When Using Social Media Background Checks
Supervisors Guide To Employee Separation
Employee Continuous Monitoring And Reporting
DNI Employee Continuous Evaluation For Security Clearance Holders FAQs
Insider Threat Detection And Mitigation Using External Data Sources
Continuous Screening of Employees Will Gain More Acceptance as Critical
Post-Hire Due Diligence Tool
Endera EBook: 5 Reasons Background Screenings Are Obsolete
Endera Employee Continuous
Monitoring Service Overview
Endera Employee
Continuous Monitoring Service (Free
Demo)
CLEAR Online Investigative Platform Investigation By Thomson Reuters
IDI Employee Risk
Management-Investigation Solutions
TLOXP Employee Risk
Management-Investigation Solutions By Transunion
Insider Threat Awareness & Incident Response Flowchart For DoD
This guide /
flowchart assists in three areas. First, it aides military leaders and
all personnel to be aware of the indicators associated with insider
threat activity while serving in a partnering environment. Second, this
guide informs commanders and other leaders by giving them options on how
to mitigate insider threat activities. Lastly, this guide is meant to
generate open dialogue between coalition partners and partner nation
personnel. Partnering in itself is a sensitive mission and only by
creating trust and having an open dialogue with all forces will the
mission be accomplished. This guide is not all encompassing so there are
other options a commander has dependent on their operating environment.
Insider Threats In Partnering
Environments Flowchart For DoD
Insider Threat Behavioral Indicators
Behavioral Analysis In Insider Threat-Webinar (Dr. Robert Gallagher
- NITSIG Board Member / Scientific Director)
Behavioral Indicators Of Insider Threat: Looking Forward (DITMAC-Dr.
Gallagher)
Behavioral Indicators Of Concern To Support Insider Threat Programs
Assessing The Mind Of The Malicious Insider
Insider Threat Indicators Overview
Insider Threat Reportable Behaviors
DSS
Behavioral Indicators Brochure
Insider Threat Behavioral Science
Application Of The Critical-Path Method To Evaluate Insider Risks
Insider Threat & Counterintelligence Awareness Training Resources
DNI Insider
Threat Awareness Web Based Training
DSS Insider Threat
Awareness Web Based Training
DSS Insider Threat Awareness Course Student Guide
DSS
Insider Threat Professional Toolkit Awareness & Training
Insider Threat Briefing -- US Marines
Insider Threat Awareness Briefing
DSS Insider Threat Trifold - What To Report
DSS
Roles And Responsibilities For Personnel Security- A Guide For
Supervisors
DSS How To Receive And Maintain A Security Clearance
DOD
Security Clearance Briefing
(Presentation)
DSS
Elicitation And Recruitment Brochure
FBI Elicitation Techniques
Army Threat Awareness And Reporting Program Regulation 381-12 -- June
2016
DSS, DHS, FBI Insider Threat Awareness Training Resources
NSA
Insider Threat Brochure
US CERT- Combating The Insider Threat
FBI The Insider Threat - An Introduction To Detecting And Deterring
An Insider Spy
FBI Economic Espionage - How To Spot A Possible Insider Threat
FBI Counterintelligence
DoDD 5240.06 - CI Awareness And Reporting -- 7-21-17
NCSC Countering Foreign Intelligence Threat - Implementation & Best
Practices Guide
Espionage- Insider Threat Indicators Briefing -- Dept Of Commerce
Insider Threat & Espionage Awareness Videos
FBI
Movie - "The Company Man"
(Watch On-Line / Download)
FBI Movie: Game Of
Pawns (Watch On Internet Or Download)
FBI Movie: Betrayed
(Request Showing By FBI At Your Organization)
Voices Of The
Betrayed - Co-Workers Speak About The People They Knew And Trusted
Witness To
History: The Investigation of Robert Hansen
Terminal Risk Economic And
Industrial Espionage Awareness Videos
60 Minutes - Espionage Stealing America's Secrets
Insider
Threat / Espionage Posters
Insider Threat Security Poster-Your Name Here
Insider
Threat- Hidden Threat Poster
Uncle
Sam- Insider Threat Poster
Preventing Espionage - CI-Security Programs Poster
Robert Hansen Poster
Espionage Does Pay - Prison Is The Bank Poster
National
Counterintelligence And Security Center Posters
Army Poster- Indicators Of Potential Terrorist / Associated Insider
Threat
Insider Threat Risk Mitigation Guidance
Insider Threats: A
Worst Practices Guide To Preventing Leaks, Thefts, Attacks, and Sabotage
(Video)
A Worst Practices Guide To Insider Threats: Lessons From Past Mistakes
Preventing Insider Threats Starts With The Risk Management 101
What Small Business Owners Needs to Know about Embezzlement
The Insider Threat – Security Policies To Reduce Risk
CERT Top 10 List For Winning The Battle Against Insider Threats
Insider Threat Best Practices Guide
(Securities Industry &
Financial Markets Association)
SANS Insider Threat Mitigation Guidance
Guidance For
Reducing Insider Risk
Intel Insider Threat Field Guide
The Definitive Guide to Security Inside the Perimeter
Supervisors Guide To Employee Separation
Best Practices For Protecting Your Data When Employees Leave Your
Company
Employee Termination Best Practices
Employee
Separation Checklist-1
Employee
Separation Checklist-2
Insider Threat Risk Mitigation Checklists
National Insider Threat Task Force - Best Practices Guide For Insider Threat
CERT Insider
Threat Chart
(Threats Vs. Damages)
CERT Common Sense Guide To Mitigating Insider Threats - 5th Edition
CERT Insider Threat Risk Mitigation Best Practices - Mapped To NIST
SP800-53 Security Controls
CERT Insider Threat Risk Mitigation Best Practices
Insider Threat Risk Mitigation Checklist
(Based Of Of
CERT Insider Threat Risk Mitigation Best Practices)
DHS
CERT Combating The Insider Threat
DoD PERSEREC- Insider Risk Evaluation And Audit Tool Checklist
Considerations For Outsourcing Work To Third Party Contractors Checklist
Assoc.
Of Computer Fraud Examiners - Fraud Prevention Checklist
Insider Threat User Activity Monitoring (UAM) Guidance / Tools
Workplace Privacy And Employee Monitoring Guidance (Privacy
Rights Clearinghouse)
Guidance For
Implementing An Employee User Activity Monitoring Program
5 Security Technologies That Address Insider Threat
DSS CDSE Webinar: User Activity Monitoring In Insider Threat Programs
Insider Threat Red Flags Indicators Checklist
(DTex Systems)
Insider Threat Red Flags Indicators Checklist
(ObserveIT)
UAM Tools
Free USB
Security Test - Will Your Employee's Plug In A USB Device They Find?
Veriato 360
Dtex
Varonis
ObserveIT
Securonix
Digital Guardian
Raytheon
/ Force Point
Trade Secret Theft And Protection
Protecting Trade Secrets From Employee Theft
Protecting Your Trade Secrets Part 1
Protecting Your Trade Secrets Part 2
Protecting Controlled Unclassified Information (CUI)
This
page contains various resources to assist with developing,
implementing and managing a CUI Protection Program.
CUI is information
that requires safeguarding or dissemination controls pursuant to and
consistent with applicable law, regulations, and government-wide
policies, but is not classified under Executive Order 13526 or the
Atomic Energy Act, as amended.
Workplace Violence Prevention / Active Shooter-Assailant Incidents
According to
the Occupational Safety and Health Administration (OSHA),
approximately 2 million employees are victims
of workplace violence each year. 18% of violent crimes are
committed at the workplace, and roughly 800 workplace homicides
occur each year. Between January 2009 and July 2015, there were 133
mass shootings in the workplace and shootings account for 78 % of
all workplace homicides. Violence in the workplace must be a top
concern for employers, as no organization is immune from workplace
violence and no organization can completely prevent it. (Source)
NITSIG Workplace Violence E-Magazine
(Workplace Violence Incidents)
UPS,
Others Sued Over San Francisco Workplace Shooting
Responding To Violence In the Workplace – A “Catch 22” For Employers
Workplace Violence Prevention / Active Shooter-Assailant Guidance
OSHA Workplace
Violence Website
OSHA Workplace Violence Presentation
OSHA
Workplace Violence Factsheet
Workplace Violence Program Mitigation Flowchart
Workplace Violence Prevention And Intervention Standard (Developed
By ASIS International & Society for Human Resource Management)
FBI
Workplace Violence Guidance
Violence In The Federal Workplace - A Guide For Prevention And Response
Taking Threats Seriously: Establishing A Threat Assessment Team
21 Ways To Prevent Workplace Violence In Your Organization
Preventing Violence In The Workplace
Presentation
(National Crime Prevention Council)
U.S. Department Of Labor Workplace Violence Prevention Program
U.S. Coast Guard Workplace Violence And Threatening Behavior Instruction
USDA Handbook On
Workplace Violence Prevention And Response
Duke University Workplace Violence Prevention And Response Policy
Boston University Workplace Violence Prevention Policy
University At Buffalo New York Workplace Violence Prevention Policy
City University Of New York Campus And Workplace Violence Prevention
Policy
Preventing Workplace Violence: A Union Representative's Guidebook
Workplace Violence Prevention Program And Procedures Manual
Workplace Violence
Awareness And Prevention For Employers End Employees
Sample Workplace Violence Prevention Plan
DSS Active Shooter Response Plan
State Alabama Active Shooter Strategic Response Plan
Active Shooter Preparedness Checklist
Maryland Active Assailant Guidance
Active Shooter & Hostile Event Guide
DHS Planning And Response To An Active Shooter - Best Practices Guide
DHS Active Shooter-How To Respond
DHS Active
Shooter Preparedness Resources
(Active Shooter Booklet,
Pamphlet, Poster, Pocket Card)
FBI Active Shooter Resources
Active Shooter-Active Assailant Guidance & Resources
Crime Prevention Through Environmental Design Concepts
Workplace Violence Prevention / Active Shooter-Assailant Awareness
Training
DSS
Workplace Violence Toolkist
DHS Active Shooter
Emergency Action Plan Video
FBI Active Shooter
Video - The Coming Storm
RUN HIDE FIGHT
Video - Surviving An Active Shooter Event
DSS Active Shooter Awareness Training Student Guide
FEMA Training Course - Active Shooter What You Can Do
Workplace Violence
Prevention Training Video
(California Department Of
Human Resources)
Active Shooter Detection Systems
Emergency Automatic Gunshot Lockdown System
FireFly Wireless Gunshot Detector
FireFly CityWeb Ballistic Detector
Active Shooter Response System Presented
By NEP3
Guardian Indoor Active Shooter Detection System
Wireless Active Shooter Sensors
