Insider Threat and Insider Risk
Role summary
A role that includes but is broader that the current behavioural scientist/Personnel Security.
Role level
Typical role expectations
- Support in role in assessment of insider risk potential
- Supports insider risk investigations
- Maintains all logs/registers of insider risk/treats
- Actions as admin for all insider risk/treat incidents, near misses, etc
- Act as part of the Incident Response team where appropriate, providing support
- Supports Lead and Principle Insider Risk/Treat roles
Typical role expectations
- Lead assessor for insider risk potential
- Leads investigations of all incidents of insider risk
- Represent Security/insider risk interests at Managerial/Senior Leader level
- Monitor processes and procedures to reduce and promptly identify insider risk
- Shares best practice in reducing and identifying potential insider risk
- Act as part of the Incident Response team where appropriate and provide intelligence support during ongoing incidents
- Work closely with management teams to keep them updated on the latest insider risk/threats
- Horizon scanning for new and changing methods of insider threat/risk
- Establish mutual intelligence sharing with credible external sources
- Identify capability gaps and works to address these
Typical role expectations
- Oversees assessment for insider risk potential
- Activity work with and support policy makers in developing insider risk policy
- Liaise with other business units, ODGs, etc, to identify wide spread insider risk. This may also include sharing intelligence
- Advises on processes and procedures to reduce and promptly identify insider risk
- Shares best practice in reducing and identifying potential insider risk
- Influence, change, and impact security decisions with both internal and external stakeholders
- Support and lead the delivery of insider risk/threat assessments and action recommendations to stakeholders at executive level
- Act as part of the Incident Response team where appropriate and provide intelligence support during ongoing incidents
- Horizon scanning for new and changing methods of insider threat/risk
- Establish mutual intelligence sharing with credible external sources
Skills
| Skill | Associate | Lead | Principle |
|---|---|---|---|
| Protective security | Awareness | Working | Practitioner |
| Legal and regulatory environment and compliance | Awareness | Awareness | Practitioner |
| Risk understanding and mitigation | Awareness | Working | Expert |
| Threat understanding | Awareness | Working | Expert |
Core learning
Associate
NPSA – Foundation Course
NPSA – Insider Risk Mitigation Digital Learning
NPSA – Security Culture Digital Learning
Lead
Certified ISO27001 Practitioner
NPSA – Reducing Insider Risk guidance and tools
NPSA – Insider Risk
Principal
NPSA – Insider Risk Mitigation Framework
NPSA – Reducing Insider Risk guidance and tools
Certified Information Systems Security Professional