opexxx/mitigating insider threat

## mitigating insider threat
The Guide describes 22 best practices for mitigating insider threat based on the CERT Division's continued research and analysis of more than 3,000 insider threat cases.
Best Practices

1. Know and Protect Your Critical Assets
2. Develop a Formalized Insider Risk Management Program (IRMP)
3. Clearly Document and Consistently Enforce Administrative Controls
4. Beginning With the Hiring Process, Monitor and Respond to Suspicious or Disruptive Behavior
5. Anticipate and Manage Negative Issues in the Work Environment
6. Consider Threats From Insiders and Trusted External Entities in Enterprise-Wide Risk Assessments
7. Be Especially Vigilant Regarding Social Media
8. Structure Management and Tasks to Minimize Insider Stress and Mistakes
9. Incorporate Insider Threat Awareness Into Periodic Security Training for All Workforce Members
10. Implement Strict Password and Account Management Policies and Practices
11. Institute Stringent Access Controls and Monitoring Policies on Privileged Users
12. Deploy Solutions for Monitoring Workforce Member Actions and Correlating Information from Multiple Data Sources
13. Monitor and Control Remote Access from All End Points, Including Mobile Devices
14. Establish a Baseline of Normal Behavior for Both Networks and Workforce Members
15. Enforce Separation of Duties and Least Privilege
16. Define Explicit Security Agreements for Cloud Services, Especially Access Restrictions and Monitoring Capabilities
17. Institutionalize System Change Controls
18. Implement Secure Backup and Recovery Processes
19. Mitigate Unauthorized Data Exfiltration
20. Develop a Comprehensive Workforce Member Termination Procedure
21. Adopt Positive Incentives to Align the Workforce and the Organization
22. Learn From Past Insider Threat Incidents

https://insights.sei.cmu.edu/news/new-edition-of-common-sense-guide-to-mitigating-insider-threats-released
	The Guide describes 22 best practices for mitigating insider threat based on the CERT Division's continued research and analysis of more than 3,000 insider threat cases.
	Best Practices

	1. Know and Protect Your Critical Assets
	2. Develop a Formalized Insider Risk Management Program (IRMP)
	3. Clearly Document and Consistently Enforce Administrative Controls
	4. Beginning With the Hiring Process, Monitor and Respond to Suspicious or Disruptive Behavior
	5. Anticipate and Manage Negative Issues in the Work Environment
	6. Consider Threats From Insiders and Trusted External Entities in Enterprise-Wide Risk Assessments
	7. Be Especially Vigilant Regarding Social Media
	8. Structure Management and Tasks to Minimize Insider Stress and Mistakes
	9. Incorporate Insider Threat Awareness Into Periodic Security Training for All Workforce Members
	10. Implement Strict Password and Account Management Policies and Practices
	11. Institute Stringent Access Controls and Monitoring Policies on Privileged Users
	12. Deploy Solutions for Monitoring Workforce Member Actions and Correlating Information from Multiple Data Sources
	13. Monitor and Control Remote Access from All End Points, Including Mobile Devices
	14. Establish a Baseline of Normal Behavior for Both Networks and Workforce Members
	15. Enforce Separation of Duties and Least Privilege
	16. Define Explicit Security Agreements for Cloud Services, Especially Access Restrictions and Monitoring Capabilities
	17. Institutionalize System Change Controls
	18. Implement Secure Backup and Recovery Processes
	19. Mitigate Unauthorized Data Exfiltration
	20. Develop a Comprehensive Workforce Member Termination Procedure
	21. Adopt Positive Incentives to Align the Workforce and the Organization
	22. Learn From Past Insider Threat Incidents

	https://insights.sei.cmu.edu/news/new-edition-of-common-sense-guide-to-mitigating-insider-threats-released