As you know, the Insider Threat Program has been in the works over the last few years.  Now with the “Conforming Change #2” all but passed and established this is what it will mean for us in industry.The Purpose of the Insider Threat Program,2015poster_web according to Executive Order 13587, is to “Deter, Detect, and Mitigate” insiders that could cause damage to national security and your company.  How “we” in industry do this to meet the minimum standards is:

  • Assign a Senior Official in your Company as the Insider Threat Official. (More than likely will be the FSO, sorry FSO’s)
  • Organize a Work Group to work together on Insider Threat. Your security consultant would be appropriate along with but not limited to or required:
    1. An HR Rep
    2. An IT Rep
    3. If you are a small company, it could be just your CEO/FSO and your JPAS Consultant
  • Work Group required to have specific training. The following should meet these requirements.
    1. Establishing an Insider Threat Program for your Organization (CI122.16)http://www.cdse.edu/catalog/elearning/CI122.html (1 hr)
    2. Integrating CI & threat Awareness into your Security Program
      http://www.cdse.edu/catalog/elearning/CI010.html (1.5 hrs- take a test, get a certificate)

 

  • Annual RefresherAnnual Training for your Cleared Employees to meet Insider threat requirements.The annual refresher training provided to you by EBIZ LLC / IST Pros already meets this requirement and has for some time.  This means your employees already receive Insider Threat Training if they do their annual refresher withEBIZ LLC! Follow the link to log in  if not yet done!

 

 

  •  Establish a Insider Threat Policy to outline your companies actions in these cases. Click Here for a rough outline provided by EBIZ LLC of a Insider Threat Policy.  Feel free to make changes to make it work for your company!