Physical & Technical Measures
The need to apply any physical or technical security measures in order to mitigate the insider threat should be identified through the Role-Based Security Risk Assessment. These measures should be informed by assessments using the 3Ds (Deter, Detect, Delay) when countering forcible attack, or BAD (Barriers, Access, Detection) from the Surreptitious Threat Mitigation Process (STaMP) when countering surreptitious attacks. It is essential that the outputs are detailed in a clear Operational Requirements (OR).