by David Stone
According to Verizon’s 2018 Data Breach Investigations Report, internal actors are the biggest threat to healthcare organizations.
To counter this threat, healthcare organizations need to take a holistic approach in the development of a comprehensive Insider Threat Management Program (ITMP). When building this program there are several important issues to consider:
- What are the specific goals and objectives of the program?
- How will the organization’s culture be impacted by the program?
- How will the current information security program impact the ITMP?
- What is the level of senior management support for addressing insider threats?
- What is the organizational risk tolerance for insider threats?
As illustrated below, an ITMP should address four specific areas:
The following is a more detailed breakdown of what would be included in the ITMP. This information can be useful in assessing the degree to which an organization’s current information security program is addressing insider threats.