Insider Risk Program Guidebooks for Energy and Higher Education Sectors
Organizations across a variety of critical infrastructure industry sectors are either required or compelled to develop an Insider Risk Program, and deploy insider risk deterrence, detection, and mitigation capabilities. To support those efforts and elevate the security of the United States more broadly, MITRE behavioral scientists and insider threat experts have researched and produced sector-specific Insider Risk Program Guidebooks. The Guidebooks leverage decades worth of expertise and human-focused scientific research in insider risk, and the leading practices to help organizations build, grow, and mature Insider Risk Programs. The Guidebooks provide detailed, actionable guidance and describes different options–not requirements–organizations can tailor to their needs. The Guidebook outlines the pros, cons, and key considerations of different options, and is designed to help organizations make informed, evidence-based choices on topics that are relevant to the specific needs of the sector. Examples of content organizations have found useful: Structure and Governance, Combatting Misconceptions, Identifying Insider Risks, Policies and Procedures, Training and Awareness, Cybersecurity Tools Supporting Insider Risk Programs, Mitigating Insider Risks, Managing Key Stakeholders, Leveraging External Relationships, and Program Assessment. The Guidebooks harness the experiences of security practitioners, management, and frontline employees in the sectors to help tailor practices in a way that is suitable for the organizational environment and infrastructure of the sector and organizations. We have currently produced sector-specific Guidebooks for the Energy and Higher Education Sectors.