Skip to content

Continuous Improvement

Last Updated 24 September 2020

Continuous Improvement

Measuring the effectiveness of an insider risk programme is an important way to ensure resources are being focused in the right areas. Continuously assessing the threats and vulnerabilities to an organisation's assets and the mitigations that have previously been put in place, can be done in a number of ways.

  • Maintain reference to the organisation's risk register to ensure threats and vulnerabilities remain current and that risk mitigators remain effective and necessary. Risk assessment is a continual process.
  • Protective Security Management Systems (PSeMS) can help provide a solid overall framework for integrating security into an organisation. Part of this work involves defining metrics to help measure success of various security mitigations.
  • NPSA's Personnel Security Maturity Model can help baseline an organisation's insider risk programme, providing guidance for advancing insider risk mitigation.
  • NPSA's SeCuRE tool helps organisations measure their security culture.
  • Each security campaign should allow for evaluation of impact to assess lessons learnt. NPSA has evaluation materials available to help with this.

Existing Products

Did you find this page useful? Yes No