The Software Engineering Institute (SEI) at Carnegie Mellon has a highly regarded free report called “Common Sense Guide to Mitigating Insider Threats” that outlines a number of best practices for dealing with insider threats. Here we highlight 19 practices that can have a significant positive impact on your ability to secure against the insider threat.
Practice 1: Consider threats from insiders and business partners in enterprise-wide risk assessments.
Practice 2: Clearly document and consistently enforce policies and controls.
Practice 3: Incorporate insider threat awareness into periodic security training for all employees.
Practice 4: Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior.
Practice 5: Anticipate and manage negative issues in the work environment.
Practice 6: Know your assets.
Practice 7: Implement strict password and account management policies and practices.
Practice 8: Enforce separation of duties and least privilege.
Practice 9: Define explicit security agreements for any cloud services, especially access
Practice 10: Institute stringent access controls and monitoring policies on privileged users.
Practice 11: Institutionalize system change controls.
Practice 12: Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions.
Practice 13: Monitor and control remote access from all end points, including mobile
Practice 14: Develop a comprehensive employee termination procedure.
Practice 15: Implement secure backup and recovery processes.
Practice 17: Establish a baseline of normal network device behavior.
Practice 18: Be especially vigilant regarding social media.
Practice 19: Close the doors to unauthorized data exfiltration.
For the complete report go to: http://www.sei.cmu.edu/reports/12tr012.pdf