Building an Insider Threat Management Program

by David Stone


According to Verizon’s 2018 Data Breach Investigations Report, internal actors are the biggest threat to healthcare organizations.

To counter this threat, healthcare organizations need to take a holistic approach in the development of a comprehensive Insider Threat Management Program (ITMP). When building this program there are several important issues to consider:

  • What are the specific goals and objectives of the program?
  • How will the organization’s culture be impacted by the program?
  • How will the current information security program impact the ITMP?
  • What is the level of senior management support for addressing insider threats?
  • What is the organizational risk tolerance for insider threats?

As illustrated below, an ITMP should address four specific areas:

Four Areas of an Insider Threat Management Program

The following is a more detailed breakdown of what would be included in the ITMP. This information can be useful in assessing the degree to which an organization’s current information security program is addressing insider threats.

Insider Threat Management Program Table


Interested in learning more about Insider Threat Management Programs? Check out my professional background and send me an email!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.