Insider Risk Mitigation Framework

This is NPSA's recommended framework for developing an Insider Threat programme which aims to reduce insider risk. The implementation of this will facilitate an objective review of security posture and allow measures to be updated or deployed in a risk based manner

Last Updated 11 July 2023

The Insider Risk Mitigation Framework will ensure proportionate spending on any measures posed and make the cost benefit argument to support recommendations for security. It will also support organisational security development through the best use of insider risk mitigation methods to further mature a protective security stance.

  1. 1
  2. 2
  3. 3

Foundation

  • Board Engagement & Governance

    Positive and visible Board level support for, and engagement with, protective security is vital to demonstrate to staff the value placed on security and the insider threat strategy.

    Read more

  • Insider Threat Practitioners & Stakeholders

    Insider Threat Practitioners and Stakeholders will need to be engaged across business areas to provide specialist insight and ensure a successful implementation of a working Insider Threat Programme.

    Read more

  • Role Based Security Risk Assessment

    Understanding what security risks your organisation faces is essential for developing appropriate and proportionate security mitigation measures within the insider threat programme.

    Read more

Implementing Mitigations

Policies, Standards, Guidelines & Procedures
Ensuring proportionate policies, standards, guidelines and procedures are in place that are understood and consistently enforced is critical in any insider threat programme.

Read More

Employment Screening & Vetting
Employment screening comprises the procedures involved in deciding an individual's suitability to hold employment in a given job role.

Read More

Physical & Technical Measures
Physical and technical measures should be defined by operational requirements and should be applied alongside personnel security measures to deliver security in an integrated manner.

Read More

Security Education & Training
Effective education and training is necessary to ensure individuals know what policies, standards, guidelines and procedures are in place to maintain security.

Read More

Monitoring & Review
A programme of monitoring and review should be in place to enable potential security issues, or personal issues that may impact on an employee's work, to be recognised and dealt with effectively.

Read More

Investigation & Disciplinary
Appropriate investigation and disciplinary practices are essential in ensuring that disproportionate actions are minimised and adherence to security policies and processes are reinforced.

Read More

Concurrent Actions

  • Communications

    An insider threat programme should integrate effectively with the organisation’s overall communications’ strategy.

    Read more

  • Security Culture

    A good security culture in your organisation is an essential component of a robust protective security regime and helps to mitigate against insider threats and external people threats.

    Read more

  • Continuous Improvement

    The Insider Threat programme should be continuously reviewed to measure the effectiveness of any resources used and that it correctly reflects the current threats and vulnerabilities in your organisation.

    Read more

Download Diagram