Many organizations recognize the importance of incorporating insider threat mitigation into an organization-wide risk management program. Unfortunately, some of these programs continue to suffer significant risk exposure because of ineffective program design, implementation, and management. This presentation will highlight the characteristics of an effective insider threat program; describe potential program pitfalls by providing examples of potential negative consequences resulting from insider threat program activities; identify strategies to incorporate positive incentives into a security program; and recommend practices for creating the appropriate organizational culture to recognize the value and be supportive of the insider threat program.

Learning Objectives:

• Identify the critical elements of an effective insider threat program
• Identify and avoid the potential pitfalls and negative consequences of an effective insider threat program
• Develop and implement policies and practices for creating an appropriate organizational security culture