Managing Insider Threats

Proactively managing insider threats can stop the trajectory or change the course of events from a harmful outcome to an effective mitigation. Organizations manage insider threats through interventions intended to reduce the risk posed by a person of concern. The organization must keep in mind that the prevention of an insider threat incident and protection of the organization and its people are the ultimate goals. 

When an assessment suggests that the person of concern has the interest, motive, and ability to attempt a disruptive or destructive act, the threat management team should recommend and coordinate approved measures to continuously monitor, manage, and mitigate the risk of harmful actions.

Resources

• CISA Insider Threat Mitigation Guide
• CISA Protective Security Advisors (PSA) Critical Infrastructure Vulnerability Assessments
• Ready.Gov Business Continuity Planning Suite
• FEMA’s Comprehensive Preparedness Guides
• The FBI's Making Prevention a Reality: Identifying, Assessing, and Managing the Threat of Targeted Attacks is a practical guide on assessing and managing the threat of targeted violence.
• ASIS International’s Workplace Violence and Active Assailant-Prevention, Intervention, and Response is an overview of policies, processes, and protocols that organizations can adopt to help identify, assess, respond to, and mitigate threatening or intimidating behavior and violence affecting the workplace.