Monitoring & Review
It is important that the risks an employee may pose are not only reviewed at the pre-employment stage. A programme of monitoring and review should be in place to enable potential security issues, or personal issues that may impact on an employee's work, to be recognised and dealt with effectively throughout their career.
There are different mechanisms to enable this, for example:
- Line management - ensuring line managers are well-equipped to endorse best practice security and engage with their staff to help them understand security behaviours. They play a key role in helping the organisation develop a good security culture.
- Staff vetting reviews - ensuring employees are regularly reviewed for security clearances helps to keep sight of any significant changes individuals may go through and how this may impact on their organisational engagement.
- Protective monitoring - using the organisation's IT audit logs to understand employee activity and behaviour. Spotting and investigating IT security breaches is the traditional remit of protective monitoring. In addition, it may be that subtler IT behaviour change can be seen which could point to a potential issue when combined with information from members of the Insider Threat Practitioners and Stakeholders.
- Effective reporting/assessment mechanisms - providing confidential mechanisms for individuals to report concerns about any employee (whether permanent, contractors, management, visitors or anyone else with access to an organisation's assets) allows everyone to play their role in reviewing the risk of others working in the organisation.