Making the Case: Insider Threat Program Development and Implementation; Part II: Designing Your Program

  |  April 12, 2017


Designing and pitching an Insider Threat Program that meets the needs of your business can be challenging. It means knowing your organizational security environment, knowing your gaps, and making the case to the key stakeholders. Following this guide will help you to develop a successful business case for implementing an Insider Threat Program at your organization.

Since most security efforts are focused on external threats, the first step in combating Insider Threats is defining what that means for you by understanding your own risks. Once you know what must be protected, you can address those needs and threat types. Your risks are your critical assets and can include traditional areas like intellectual property and equipment, but reputation (any item or entity that has the potential to significantly impact the achievement of organizational objectives if harmed)[1] can be equally as important.

The next step is to understand your current approach and gaps. Organizations often employ outdated security processes based on what has happened rather than what will happen. You need to take stake of which processes are working and which need to change.[2] This upfront evaluation will provide invaluable insight for efficient program budgeting as well as a powerful impetus for stakeholder involvement.

The gaps you identify could include vulnerabilities that led to a past insider incident, or research on best practice and legal mandate.  Once the gaps are determined, prioritize the most pressing issues as well as any quick wins.

Finally, a successful program will always require buy-in from stakeholders. Insider Threats are inherently multi-disciplinary, and you will need to involve a variety of departments like human resources, legal, and IT.[3] Involving these organizations from the outset will strengthen your proposed budget by driving home its importance, diminishing the need for external resources, and streamlining future efforts.

With processes documented, gaps identified, and stakeholders onboard, you’re ready to design and execute an Insider Threat program that adds value to your organization.

Other blogs in this series: 

[1] Institute of Asset Management (IAM), (2017). Definitions. Retrieved from

[2] Deloitte, (2016). Developing a holistic Insider Threat program | Building an Insider Threat mitigation program. Retrieved from

[3] CERT, (2009). Common Sense Guide to Prevention and Detection of Insider Threat, Third Edition. Retrieved from


3 × one =