3. Role Based Security Risk Assessment

Understanding what security risks your organisation faces is essential for developing appropriate and proportionate security mitigation measures within the insider threat programme. A role based risk assessment, conducted by the Insider Threat Working Group, should:

  • Identify the critical assets in your organisation;
  • Identify the threat (based on intent and capability);
  • Assess the likelihood of that threat happening in your organisation;
  • Assess the impact to your business if the threat occurred;
  • Review the adequacy of existing countermeasures;
  • Propose new proportionate measures where required to reduce insider risks.

It is only the above activity that can effectively inform and shape the subsequent steps.

Existing Products