Program Design

We understand the technical and behavioral challenges Insider Threat/Risk Programs have when developing their own in-house approaches to deterring, detecting, and mitigating insider threat, and leveraging third-party approaches. We have also evaluated and made recommendations for roadmaps forward for sponsors looking to build, grow, or mature state-of-the-art Insider Threat/Risk Programs, and the core decision points they will reach during the development.

Our work and expertise in Insider Threat/Risk Program Design spans a range of different key areas including building, growing, and maturing the structure and governance of the program, its internal policies and procedures, stakeholder engagement approaches, leveraging external relationships, selection and use of cybersecurity tools, and program assessment. MITRE’s work in this area combines our behavioral sciences expertise with our experiences in working within Insider Threat/Risk Programs and working closely with the insider threat government and industry community.

We recognize there is no one-size-fits-all design for an Insider Threat/Risk Program. MITRE is a trusted advisor that guides Insider Threat/Risk Programs in government and critical infrastructure industry on key decisions—including the various options available to them and the pros and cons of each option—they will need to make over time. For example, we have produced sector-specific guidebooks or roadmaps, including pros and cons, for where to place an Insider Threat/Risk Program in a government organization and several industry sectors. We have produced job descriptions of key roles in the program (e.g., Program Lead, Analyst), their responsibilities, and helpful characteristics for the individuals assuming these roles. Perhaps most importantly, we have a significant focus on stakeholder engagement approaches to help the Insider Threat/Risk Program influence, gain, and maintain the support of key stakeholders within their organization, particularly for negotiating access to data and information the program needs to identify insider risks.