Insider Threat Program Development - Management Resources


Insider Threat Detection & Mitigation Resources


Workplace Violence Mitigation Resources


Below are various resources to assist you with your Insider Threat Program Development / Management and Insider Threat Detection and Mitigation efforts...


U.S. Government Insider Threat Program Policies

National Insider Threat Policy

USDA Insider Threat Program Policy

GSA Insider Threat Program Policy

Department Of Treasury Insider Threat Program Policy
Department Of Energy Insider Threat Program Policy

Department Of Justice Insider Threat Program Policy

NASA Insider Threat Program Policy

NRC Insider Threat Program Policy & Implementation Plan

Defense Security Service Insider Threat Identification And Mitigation Program Policy

Navy Bureau Of Medicine And Surgery Insider Threat Program Policy

U.S. Marines Insider Threat Program Policy

Peace Corps Insider Threat Program Policy

DoD Insider Threat Management Analysis Center FAQ

DoD Insider Threat Management Analysis Center Presentation




COVID Vaccine Mandate And Insider Threat Implications

The perfect employee has the potential to now be turned into a disgruntled employee. This is not an assumption. It is based on real world conversations the NITSIG and our members have had with employees who do not want to be forced to take the vaccine, and are concerned with losing their job. (Loss Of Their Paychecks, Health Insurance Benefits, Etc.)


The NITSIG and our members are not looking at the vaccine mandate from a political perspective. We are only concerned with the potential threats from employees who may take malicious actions against their employers, if they decide not to get vaccinated and our released from the jobs.

The document posted on this link provides guidance and best practices for dealing with potentially disgruntled employees. It was produced by the NITSIG and the Insider Threat Defense Group .




Insider Threat Program Maturity Model Report (2019)
The Veriato Insider Threat Program (ITP) Maturity Model report was created to help security professionals assess their organization’s ability to monitor for, detect, and respond to insider threats.

The report is an extensive 23 page document developed to assess the several maturity stages that companies go through when implementing an ITP. The document will aid ITP Managers in advancing their individual ITP's.

By using a maturity model for reference, organizations can see where their ITP needs improvement, working towards an Optimized level of maturity.

To provide context around the current state of ITP's, Veriato surveyed 150 information security professionals to see at what level their ITP is in, and what’s influencing it. We’ve included this data in the report to provide you with insight into the necessary steps to mature your current ITP. (Source)

Insider Threat Program Maturity Framework (2018)
The National Threat Task Force (NITTF) released the Insider Threat Program Maturity Framework on November 1, 2018.


The Framework is an aid for advancing federal agencies’ programs beyond the Minimum Standards, and builds upon best practices found in the 2017 NITTF Insider Threat Guide.


The goal is to help programs become more proactive, comprehensive, and better postured to deter, detect, and mitigate insider threat risk. (Source)



Insider Threat Program Development - Management Training Providers

Insider Threat Program Development-Management Training (Offered By Insider Threat Defense Group - 2 Day Instructor Led Class)


Insider Threat Program Development - Management Training (Offered By Insider Threat Defense Group - 1 Day Web Based Training)

Co-Instructor Attorney Shawn Thompson - NITSIG Advisory Board Member / Legal Advisor )


Insider Threat Program Management With Legal Guidance Training (Offered By Insider Threat Defense Group - Insider Threat Management Group) (2 Day Instructor Led Class)


National Insider Threat Policy - NISPOM Conforming Change 2 Training (Offered By Insider Threat Defense Group - 2 Day Instructor Led Class)




Insider Threat Program Development - Management Training Resources

Insider Threat Program Training - It Starts With Security 101 Foundations

Insider Threat Program Development -  Management Manual

Ebook Insider Threat Program - 90 Day Plan (Written By Attorney Shawn Thompson - NITSIG Advisory Board Member / Legal Advisor )

DSS CDSE Resource Guide For Insider Threat Program Related Training

DoD Insider Threat Program Best Practices For Training

Effective Insider Threat Programs: Understanding And Avoiding Potential Pitfalls (CMU ITC)




Insider Threat Program Development - Management Training Webinars

How To Build An Insider Threat Program (Jim Henderson - NITSIG Founder / Chairman)

Insider Threat Management Program Guide (Written By Attorney Shawn Thompson - NITSIG Advisory Board Member / Legal Advisor)




Insider Threat Program Information For Defense Contractors

DSS NISPOM Conforming Change 2 Information
On this DSS link you will find the information below:

  • DSS Insider Threat Industrial Security Letter (ISL) - Insider Threat Program Requirements 

  • DSS ODAA Process Manual (This Manual Will Outline What Needs To Be Monitored On Classified Information Systems. See Pages 71-72)

  • Appointments of Insider Threat Program Senior Officials (ITPSO) (e-FCL)

  • NISP Self-Inspection Handbook for NISP Contractors (With Insider Threat Section Pages 61-67) (DIB Contractors Will Be Required To Perform Self Assessments)

  • DSS Insider Threat Program Job Aid

  • Updated NISP Manual (NISPOM) With Conforming Change 2

  • NISPOM Summary of Changes

DSS Establishing An Insider Threat Program for Your

Insider Threat Programs - How To Get Started (Presentation)

DSS NISPOM Adverse Information Reporting Requirements Presentation (March 2014)

DSS NISPOM Adverse Information Reporting Guide

DSS Webinar: Adverse Information Reporting

DSS NISP Reporting Requirements Training

DSS Potential Espionage Indicators - Detecting Actions Outside The Norm

DSS Administrative Inquiry (AI) Job Aid For Industry

Cleared Employee Reporting Requirements.doc



DoD / NISP Special Access Programs (SAP)

DoD Special Access Program Security Manual - General Procedures

DSS SAP Security Inspection Checklist




Guidance On The Legal Aspects Of Insider Threat Programs

Insider Threat Law - Balancing Privacy And Protection Webinar (By Attorney Shawn Thompson - NITSIG Advisory Board Member / Legal Advisor )

Identifying And Safeguarding Personally Identifiable Information (DISA)

Laws And Regulations Related To Insider Threats - Espionage-Fraud

Insider Threat Best Practices Guide (Securities Industry & Financial Markets Association (SIFMA) - Legal Guidance Pages 18-27)
Insider Threat Best Practices Guide (SIFMA 2nd Edition )

Workplace Privacy And Employee Monitoring Guidance (Privacy Rights Clearinghouse)

Criminal Prohibitions On The Publication of Classified Defense Information

DOJ Prosecuting Computer Crimes Manual

Classified Information Nondisclosure Agreement SF312 Briefing Booklet (See Page 9 To Page 19 For Legislative & Executive Authorities. The Pages Should Be Briefed And Signed By The Individual Signing The SF312)




Security Clearance Adjudicative Guidelines

Top Reasons For Security Clearance Denial In 2019

DSS 2017 National Security Adjudicative Guidelines Job Aid

DoD PERSEREC Adjudicative Desk Reference- Version 4 - March 2014




Employee Hiring / Background Investigations / Separations - Terminations

Human Resources And Insider Threat Mitigation - A Powerful Pairing

Human Resources Role In Preventing Insider Threats

The Safe Hiring Manual  (By Attorney Lester Rosen)

Online Safe Hiring Certification Training Course (By Attorney Lester Rosen)

Top Ten Background Check Trends

Background Checks - What Employers Need to Know (Federal Trade Commission)

Background Checks - Common Ways Prospective Or Current Employees Sue Employers Under The FCRA

Ten Potential Dangers When Using Social Media Background Checks

Workplace Investigations Overview - Basic Issues For Employers / Legal Considerations

Best Practices For Protecting Your Data When Employees Leave Your Company

Supervisors Guide To Employee Separation

Employee Termination Best Practices

Employee Separation Checklist-1

Employee Separation Checklist-2




Employee Continuous Monitoring And Reporting

DNI Employee Continuous Evaluation For Security Clearance Holders FAQs

Insider Threat Detection And Mitigation Using External Data Sources

The Use of Publicly Available Electronic Information For Insider Threat Monitoring

Continuous Screening of Employees Will Gain More Acceptance As Critical Post-Hire Due Diligence Tool

Endera EBook: 5 Reasons Background Screenings Are Obsolete

Endera Employee Continuous Monitoring Service Overview

CLEAR Online Investigative Platform Investigation By Thomson Reuters

IDI Employee Risk Management-Investigation Solutions

TLOXP Employee Risk Management-Investigation Solutions By Transunion



Insider Threat Awareness & Incident Response Flowchart For DoD

This guide / flowchart assists in three areas. First, it aides military leaders and all personnel to be aware of the indicators associated with insider threat activity while serving in a partnering environment. Second, this guide informs commanders and other leaders by giving them options on how to mitigate insider threat activities. Lastly, this guide is meant to generate open dialogue between coalition partners and partner nation personnel. Partnering in itself is a sensitive mission and only by creating trust and having an open dialogue with all forces will the mission be accomplished. This guide is not all encompassing so there are other options a commander has dependent on their operating environment.
Insider Threats In Partnering Environments Flowchart For DoD




Insider Threat Behavioral Indicators

Behavioral Analysis In Insider Threat Programs Webinar (Dr. Robert Gallagher - NITSIG Advisory Board Member / Scientific Director)

Behavioral Indicators And The Critical Pathway To Insider Threats (DITMAC - Dr. Gallagher)

Assessing The Mind Of The Malicious Insider

Behavioral Indicators Of Concern For Insider Threat Programs Part 1

Behavioral Indicators Of Concern For Insider Threat Programs Part 2

Behavioral Indicators For Malicious Insider Theft Of Intellectual Property

DCSA Roles And Responsibilities For Personnel Security - A Guide For Supervisors

DCSA Behavioral Indicators Brochure


Insider Threat Behavioral Science

Application Of The Critical-Path Method To Evaluate Insider Risks




Insider Threat & Counterintelligence Awareness Training Resources

DoDD 5240.06 - Counterintelligence Awareness And Reporting

DNI Insider Threat Awareness Web Based Training

DSS Insider Threat Awareness Web Based Training

DSS Insider Threat Awareness Course Student Guide

DSS Insider Threat Professional Toolkit Awareness & Training

DSS Insider Threat Awareness Trifold - What To Report

DSS Roles And Responsibilities For Personnel Security- A Guide For Supervisors

DSS How To Receive And Maintain A Security Clearance

DSS Elicitation And Recruitment Brochure

DOD Security Clearance Briefing (Presentation)

FBI The Insider Threat - An Introduction To Detecting And Deterring An Insider Spy

FBI Economic Espionage - How To Spot A Possible Insider Threat

FBI Counterintelligence

FBI Elicitation Techniques

Army Threat Awareness And Reporting Program Regulation 381-12 -- June 2016
DSS, DHS, FBI Insider Threat Awareness Training Resources

NSA Insider Threat Brochure

US CERT- Combating The Insider Threat

NCSC Countering Foreign Intelligence Threat - Implementation & Best Practices Guide

Espionage- Insider Threat Indicators Briefing - Dept Of Commerce

Insider Threat Awareness Briefing - US Marines

Insider Threat Awareness Briefing




Insider Threat & Espionage Awareness Videos

FBI Movie - The Company Man (Watch On-Line / Download)

FBI Movie: Game Of Pawns (Watch On Internet Or Download)

FBI Movie: Betrayed (Request Showing By FBI At Your Organization)

Voices Of The Betrayed - Co-Workers Speak About The People They Knew And Trusted

Witness To History: The Investigation of Robert Hansen

Terminal Risk Economic And Industrial Espionage Awareness Videos
60 Minutes - Espionage Stealing America's Secrets




Insider Threat / Espionage Posters
Insider Threat Security Poster - Your Name Here

Insider Threat - Hidden Threat Poster

Uncle Sam - Insider Threat Poster

Preventing Espionage - CI-Security Programs Poster

Robert Hansen Poster

Espionage Does Pay - Prison Is The Bank Poster

National Counterintelligence And Security Center Posters

Army Poster- Indicators Of Potential Terrorist / Associated Insider Threat




Insider Threat Mitigation Guidance

Preventing Insider Threats Starts With The Risk Management 101

Insider Threats: A Worst Practices Guide To Preventing Leaks, Thefts, Attacks, and Sabotage (Video)

A Worst Practices Guide To Insider Threats: Lessons From Past Mistakes

Security Policies To Reduce Insider Threats

Teleworking Guidance To Mitigate Employee Risks

CERT Insider Threat Chart (Threats Vs. Damages)

DHS CERT Combating The Insider Threat

CISA 2020 Insider Threat Mitigation Guide

CERT Top 10 List For Winning The Battle Against Insider Threats

Insider Threat Best Practices Guide (Securities Industry & Financial Markets Association)
SANS Insider Threat Mitigation Guidance

Guidance For Reducing Insider Risk
Intel Insider Threat Field Guide

The Definitive Guide To Security Inside the Perimeter



Insider Threat Mitigation Checklists

National Insider Threat Task Force - Best Practices Guide For Insider Threat

CERT Common Sense Guide To Mitigating Insider Threats - 6th Edition

CERT Insider Threat Risk Mitigation Best Practices - Mapped To NIST SP800-53 Security Controls

CERT Insider Threat Risk Mitigation Best Practices

Insider Threat Risk Mitigation Checklist (Based Of Of CERT Insider Threat Risk Mitigation Best Practices)

DoD PERSEREC- Insider Risk Evaluation And Audit Tool Checklist

Considerations For Outsourcing Work To Third Party Contractors Checklist





Data Loss Prevention And Protection

Data Lifecycle Security
Data Leakage For Dummies
Best Practices For Protecting Data When Employees Leave Your Company
10 Indicators Of Data Abuse With Case Studies

Code42 2020 Data Exposure Report

DoD PERSERC Report - How Trusted Insiders Exfiltrated Data In The DoD

3M Visual Hacking Experiment - How Trusted Insiders Stole Data From Companies
Data Loss Prevention Policy-1
Data Loss Prevention Policy-2
Data Loss Prevention Policy-3
Data Loss Prevention Procedures
Data Security Policies Examples
GDPR Internal Data Protection Policy

Experian Data Breach Response Guide

Data Breach Response Checklist





Trade Secret Theft And Protection

Protecting Trade Secrets From Employee Theft

Protecting Your Trade Secrets Part 1

Protecting Your Trade Secrets Part 2





Insider Threat User Activity Monitoring (UAM) Guidance / Tools

Workplace Privacy And Employee Monitoring Guidance (Privacy Rights Clearinghouse)

Guidance For Implementing An Employee User Activity Monitoring Program

5 Security Technologies That Address Insider Threat

DSS CDSE Webinar: User Activity Monitoring In Insider Threat Programs

Insider Threat Red Flags Indicators Checklist (DTex Systems)

Insider Threat Red Flags Indicators Checklist (ObserveIT)



UAM Tools

Free USB Security Test - Will Your Employee's Plug In A USB Device They Find?

Veriato 360


Digital Guardian
Raytheon / Force Point





Employee Fraud And Embezzlement

What is Employee Fraud / Embezzlement?

The United States Department of Justice defines Embezzlement as: The fraudulent appropriation of property by a person to whom such property has been entrusted, or into whose hands it has lawfully come.

Embezzlement can occur when an employee trusted with the handling of company property (Usually Funds $$$) decides to take some or all of that property for themselves. This may be as simple as a cashier pocketing a few dollars during a transaction, or as complex as a senior manager creating false invoices for fictitious companies in their own name.

The definition of Fraud commonly includes activities such as Theft, Corruption, Conspiracy, Embezzlement, Money Laundering, Bribery End extortion. Fraud essentially involves using deception to dishonestly make a personal gain for oneself and / or create a loss for another. Although definitions vary, most are based around these general themes. The legal definition varies from country to country.

Fraud can apply to any irregularity, or suspected irregularity, involving employees as well as shareholders, consultants, vendors, contractors, outside agencies doing business with employees of such agencies, and / or any other parties having a business relationship with a company.

The 2020 Association of Certified Fraud Examiners Fraud Report describes numerous examples of fraud on page 86. A Fraud Prevention Checklist can be found on page 84.


The 2018 Hiscox Embezzlement Study - An Insider’s View of Employee Theft, is another great source for information on employee embezzlement.

The traditional norm or mindset that Malicious Insiders just steal classified information, an organizations data, trade secrets or other sensitive information, is no longer the case. The Insider Threat Incidents E-Magazine contains a large number of incidents showing that over the the last year there has been a drastic increase in various forms of fraud and financial fraud / embezzlement committed by employees.

Another form of fraud known as CEO Fraud or Business Email Compromise involves a sophisticated scam targeting businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts, such as the CEO, through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. More Information: CEO Fraud Prevention Manual By KnowBe4



Fraud Prevention Resources

What Small Business Owners Needs to Know about Embezzlement

41 Types Of Fraud And How To Detect And Prevent Them
Fraud Awareness Training Video (On-line / Free)
Fraud Awareness Guide
Employee Fraud - Case Studies Of Typical Schemes

Employee Embezzlement Guide
Managing The Business Risk Of Fraud Guide
Fraud Risk Management Guide
Fraud Prevention Handbook
GSA Procurement Fraud Handbook
DoD Fraud Red Flags and Indicators

Fraud Prevention Policies
Employee Fraud Policy-1
Employee Fraud Policy-2
Employee Fraud Policy-3




Personally Identifiable information (PII) / Data Breach Response

PII Poster

DOD DD2923 - Privacy Act Data Cover Sheet

DHS Handbook For Safeguarding Sensitive Personally Identifiable Information

Health & Human Services - Policy For Responding To Breaches Of PII





Protecting Controlled Unclassified Information (CUI)

This page contains various resources to assist with developing, implementing and managing a CUI Protection Program. CUI is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies, but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.





Insider Threats To The Critical Infrastructure





Workplace Violence Prevention  / Active Shooter-Assailant Incidents

According to the Occupational Safety and Health Administration (OSHA), approximately 2 million employees are victims of workplace violence each year. 18% of violent crimes are committed at the workplace, and roughly 800 workplace homicides occur each year. Between January 2009 and July 2015, there were 133 mass shootings in the workplace and shootings account for 78 % of all workplace homicides. Violence in the workplace must be a top concern for employers, as no organization is immune from workplace violence and no organization can completely prevent it. (Source)


NITSIG Insider Threat Workplace Violence E-Magazine (Workplace Violence Incidents)

UPS, Others Sued Over San Francisco Workplace Shooting

Responding To Violence In the Workplace – A “Catch 22” For Employers



Workplace Violence Prevention / Active Shooter-Assailant Guidance

OSHA Workplace Violence Website

OSHA Workplace Violence Presentation

OSHA Workplace Violence Factsheet

Workplace Violence Program Mitigation Flowchart

Workplace Violence Prevention And Intervention Standard (Developed By ASIS International & Society for Human Resource Management)

FBI Workplace Violence Guidance

Violence In The Federal Workplace - A Guide For Prevention And Response

Taking Threats Seriously: Establishing A Threat Assessment Team

21 Ways To Prevent Workplace Violence In Your Organization

Preventing Violence In The Workplace Presentation (National Crime Prevention Council)

U.S. Department Of Labor Workplace Violence Prevention Program

U.S. Coast Guard Workplace Violence And Threatening Behavior Instruction

USDA Handbook On Workplace Violence Prevention And Response

Duke University Workplace Violence Prevention And Response Policy

Boston University Workplace Violence Prevention Policy

University At Buffalo New York Workplace Violence Prevention Policy

City University Of New York Campus And Workplace Violence Prevention Policy

Sample Workplace Violence Prevention Plan

DSS Active Shooter Response Plan

State Alabama Active Shooter Strategic Response Plan

Active Shooter Preparedness Checklist

Maryland Active Assailant Guidance

Active Shooter & Hostile Event Guide

DHS Planning And Response To An Active Shooter - Best Practices Guide

DHS Active Shooter-How To Respond

DHS Active Shooter Preparedness Resources (Active Shooter Booklet, Pamphlet, Poster, Pocket Card)

FBI Active Shooter Resources

Active Shooter-Active Assailant Guidance & Resources

Crime Prevention Through Environmental Design Concepts



Workplace Violence Prevention / Active Shooter-Assailant Awareness Training

DSS Workplace Violence Toolkist

DHS Active Shooter Emergency Action Plan Video

FBI Active Shooter Video - The Coming Storm

RUN HIDE FIGHT Video - Surviving An Active Shooter Event

DSS Active Shooter Awareness Training Student Guide

FEMA Training Course - Active Shooter What You Can Do

Workplace Violence Prevention Training Video (California Department Of Human Resources)



Active Shooter Detection Systems

Emergency Automatic Gunshot Lockdown System

FireFly Wireless Gunshot Detector

FireFly CityWeb Ballistic Detector

Active Shooter Response System Presented By NEP3

Guardian Indoor Active Shooter Detection System

Wireless Active Shooter Sensors



Copyright © 2021 - National Insider Threat Special Interest Group ™ - All Rights Reserved - Legal Notice