Free Trial
Price Quote

Secure InfoSolutions - Info Security Blog

Common Sense Guide to Mitigating Insider Threats

The Software Engineering Institute (SEI) at Carnegie Mellon has a highly regarded free report called “Common Sense Guide to Mitigating Insider Threats” that outlines a number of best practices for dealing with insider threats. Here we highlight 19 practices that can have a significant positive impact on your ability to secure against the insider threat.

Practice 1: Consider threats from insiders and business partners in enterprise-wide risk assessments.

Practice 2: Clearly document and consistently enforce policies and controls.

Practice 3: Incorporate insider threat awareness into periodic security training for all employees.

Practice 4: Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior.

Practice 5: Anticipate and manage negative issues in the work environment.

Practice 6: Know your assets.

Practice 7: Implement strict password and account management policies and practices.

Practice 8: Enforce separation of duties and least privilege.

Practice 9: Define explicit security agreements for any cloud services, especially access

Practice 10: Institute stringent access controls and monitoring policies on privileged users.

Practice 11: Institutionalize system change controls.

Practice 12: Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions.

Practice 13: Monitor and control remote access from all end points, including mobile

Practice 14: Develop a comprehensive employee termination procedure.

Practice 15: Implement secure backup and recovery processes.

Practice 17: Establish a baseline of normal network device behavior.

Practice 18: Be especially vigilant regarding social media.

Practice 19: Close the doors to unauthorized data exfiltration.

For the complete report go to:


to receive updates on products and security industry news.

[dc_social_feed id="657" style="dark"]

© 2016 Secure InfoSolutions, LLC. All rights reserved.
Terms of Service
Privacy Policy