As you know, the Insider Threat Program has been in the works over the last few years. Now with the “Conforming Change #2” all but passed and established this is what it will mean for us in industry.The Purpose of the Insider Threat Program, according to Executive Order 13587, is to “Deter, Detect, and Mitigate” insiders that could cause damage to national security and your company. How “we” in industry do this to meet the minimum standards is:
- Assign a Senior Official in your Company as the Insider Threat Official. (More than likely will be the FSO, sorry FSO’s)
-
Organize a Work Group to work together on Insider Threat. Your security consultant would be appropriate along with but not limited to or required:
- An HR Rep
- An IT Rep
- If you are a small company, it could be just your CEO/FSO and your JPAS Consultant
- Work Group required to have specific training. The following should meet these requirements.
- Establishing an Insider Threat Program for your Organization (CI122.16)http://www.cdse.edu/catalog/
elearning/CI122.html (1 hr) - Integrating CI & threat Awareness into your Security Program
http://www.cdse.edu/catalog/
elearning/CI010.html (1.5 hrs- take a test, get a certificate)
- Establishing an Insider Threat Program for your Organization (CI122.16)http://www.cdse.edu/catalog/
- Annual Training for your Cleared Employees to meet Insider threat requirements.The annual refresher training provided to you by IST already meets this requirement and has for some time. This means your employees already receive Insider Threat Training if they do their annual refresher with EBIZ LLC!
- Establish a Insider Threat Policy to outline your companies actions in these cases. Click Here for a rough outline provided by IST of a Insider Threat Policy.