- Home
- Advice & Guidance
- Personnel & People Security
- Insider Risk
- Insider Risk Mitigation Framework
Insider Risk Mitigation Framework
This is NPSA's recommended framework for developing an Insider Threat programme which aims to reduce insider risk. The implementation of this will facilitate an objective review of security posture and allow measures to be updated or deployed in a risk based manner
The Insider Risk Mitigation Framework will ensure proportionate spending on any measures posed and make the cost benefit argument to support recommendations for security. It will also support organisational security development through the best use of insider risk mitigation methods to further mature a protective security stance.
Foundation
-
Board Engagement & Governance
Positive and visible Board level support for, and engagement with, protective security is vital to demonstrate to staff the value placed on security and the insider threat strategy.
-
Insider Threat Practitioners & Stakeholders
Insider Threat Practitioners and Stakeholders will need to be engaged across business areas to provide specialist insight and ensure a successful implementation of a working Insider Threat Programme.
-
Role Based Security Risk Assessment
Understanding what security risks your organisation faces is essential for developing appropriate and proportionate security mitigation measures within the insider threat programme.
Implementing Mitigations
Concurrent Actions
-
Communications
An insider threat programme should integrate effectively with the organisation’s overall communications’ strategy.
-
Security Culture
A good security culture in your organisation is an essential component of a robust protective security regime and helps to mitigate against insider threats and external people threats.
-
Continuous Improvement
The Insider Threat programme should be continuously reviewed to measure the effectiveness of any resources used and that it correctly reflects the current threats and vulnerabilities in your organisation.