Skip to content

Continuous Improvement

Last Updated 24 September 2020

Continuous Improvement

Measuring the effectiveness of an insider threat programme is an important way to ensure resources are being focused in the right areas. Continuously assessing the threats and vulnerabilities to an organisation's assets and the mitigations that have previously been put in place, can be done in a number of ways.

  • Maintain reference to the organisation's risk register to ensure threats and vulnerabilities remain current and that risk mitigators remain effective and necessary. Risk assessment is a continual process.
  • Protective Security Management Systems (PSeMS) can help provide a solid overall framework for integrating security into an organisation. Part of this work involves defining metrics to help measure success of various security mitigations.
  • CPNI's Personnel Security Maturity Model can help baseline an organisation's insider threat programme, providing guidance for advancing insider threat mitigation.
  • CPNI's SeCuRE tool helps organisations measure their security culture.
  • Each security campaign should allow for evaluation of impact to assess lessons learnt. CPNI has evaluation materials available to help with this.

Existing Products


Did you find this page useful? YesNo
Thank you for your feedback. If you have any further suggestions on how this information can be made even more useful to improve your experience, feel free to share details below.
Thank you for your feedback. Sorry to hear that you haven't found this information useful. Please help us improve your experience and share how we can make this information more useful for you.