August’s security awareness topic: insider threats
Outline and scope
This month, the security awareness spotlight turns to “insider threats” - the threats originating within the organization.
“Insider threats” is a commonplace term but a misnomer. “Insider risks” would more accurate since there is more to this than just the threats posed by insiders. The NoticeBored
materials explore the vulnerabilities and impacts too.
“Insiders” in this context are primarily employees - both staff and management - of the
organization, those on its payroll. “Outsiders”, then, are third-party employees (particularly those working for competitors or other adversaries) and unemployed people – a much larger
group of course.
In the government/military context, ‘foreigners’ (citizens of other nations and cultures,
regardless of where they live) are generally considered outsiders too: we’ll have more to say about outsider threats in next month’s awareness materials. Subscribe to NoticeBored this
month and we’ll send you the matching pair!
August’s awareness module will:
Introduce insider threats, providing general context and background information (e.g. who are those threatening insiders, and in what sense do they threaten?);
Expand on the information risks (threats, vulnerabilities and impacts) arising from and involving insiders, particularly for the management audience;
Describe and promote the corresponding information security controls, which are numerous and varied (policies, procedures, practices, technologies …);
Leave the lasting impression that insider threats are real, antisocial and unacceptable.
Think about your awareness and learning objectives in relation to insider threats, or information risks involving workers. Are there any business angles or
concerns you’d like to emphasize in your awareness program? Any insider issues your organization has resolved, or for that matter is still struggling to address?
Oh, hang on a moment, does “insider threats” even feature as an awareness topic on your schedule ... ?
Contents listing of the module
Get this module
Subscribe to the NoticeBored service to receive this module, plus further batches of awareness goodies, fresh every month. We offer a wealth of creative materials on a market-leading range of topics making it easy and economic for you to run a world-class security awareness and training program.
Email us to set the ball rolling. Find out exactly what is provided in the latest pack and speak to us about getting your security awareness and training program quickly up to speed, for a lot less than you might think. We’re a small company with a big reputation for quality and innovation.
Follow along as we work on the next topic on NBlog. As well as clues about what’s coming up, we share hints and tips on making security awareness more