3. Role Based Security Risk Assessment
Understanding what security risks your organisation faces is essential for developing appropriate and proportionate security mitigation measures within the insider threat programme. A role based risk assessment, conducted by the Insider Threat Working Group, should:
- Identify the critical assets in your organisation;
- Identify the threat (based on intent and capability);
- Assess the likelihood of that threat happening in your organisation;
- Assess the impact to your business if the threat occurred;
- Review the adequacy of existing countermeasures;
- Propose new proportionate measures where required to reduce insider risks.
It is only the above activity that can effectively inform and shape the subsequent steps.