An insider threat is a malicious threat originated within an organization, institution or government facility by its workers with an intent to steal, sabotage, disrupt operation or expose internal data to induce harm.

In most of the companies, a security policy describes the basic parameters needed to be guarded against known and unknown threats. A security policy is implemented by following the rule document designed by both policy designers and system implementers to achieve a secure solution for business continuation with its everyday operations.

Fig 1.a Insider Threat most likely to happen in an organization according to Insider Threat Report 2018 (Ca.com, 2018)

1.b Problem Background

An organization backbone is employees however, the insider breaches caused by employee or leader or manager within an organization can be very costly and harder to detect the breaches of all the critical information.

Employees also fall the victim of social engineering target by hackers which they might not be aware of and one click or download of the software that has a malicious code can cause to access to the organization’s information system.

1.c Current Scenario

Many companies will find a boilerplate IT security policy inappropriate due to its lack of consideration for how the organization’s people actually use and share information among themselves and to the public (Paloaltonetworks.com, 2019) . Technical knowledge of protective measures for security is still poor in the context of most of the organization.

Chapter 2 Literature Review

According to the “2018 IBM X-Force Threat Intelligence” insider threat are the 60 percent cause of cyber attacks such as misconfiguration of network and server can expose the organization’s critical business data to public; a hacker can easily exploit those vulnerabilities and can severely hamper the enterprise beyond the recovery.

National Institute of Standards and Technology (NIST) special publication 800-14 explains the principles and practices for securing the information technology system (Uh.edu, 2019). The OECD Guidelines developed in 1992 include broad areas described accountability, awareness, ethics, multidisciplinary, proportionality, integration, timeliness reassessment and democracy.

Malicious insider or negligent worker tend to exploit their access and expose the data, it cannot be completely be eliminated but can be reduced risk posed by insider threat by reducing the chances of a breach. An organization’ security policy plays a major role in its decision and direction towards it goals and objectives. The types of policy summarized by 800-14 are as below:

Enterprise Information Security Policy (EISP)
Issue-Specific Security Policy (ISSP)
System-Specific Policy (SysSP)

An Enterprise Information Security Policy (EISP) sets strategy, direction, scope and tone and sits atop of the security efforts and is designed by the senior administration official such as Chief Information Officer . The EISP directs the basic structure of organization’s information security programs which supports to achieve the business value protection its valuable assets. The components of EISP includes:

The EISSP is based on corporate philosophy on security that directly supports the mission, vision and direction of the organization and sets strategic goals to tone for all security efforts within the organization.
It does not require continuous modification unless strategic goals direction of the organization is changed.
The purpose of EISSP is to fully articulate the involvement for assigning security responsibilities shared by all the member of the organization, practices and responsibilities of users.
It address the legal compliance.

The security policy and solution deployment is driven by security management concepts and principles, it is also important the rules realized by outlined security policy in an organization have to be supported from top-level management to all the way down to information technology infrastructure used for deploying the solution and providing it customer.

Most of the organization has followed the measure of enforcing a minimum basic information security policy with international standards for securing important assets and information in offices like headquarters and strong technical support for information security systems for its physical assets as well information of business value and protection from the breach. The top level management and security team must work together to prioritize security needs of an organization.

The insider attack can cause an organization:

● Disrupt the service/s provide to its customer/s

● Important documents flowed out to the internet

● Critical data or document could be falsified by invalid access

● The competitions will have advantages and could copy the ideas and also improve the ideas for their own benefit

Some of the case studies below are of insider threat :

● (https://www.cs.ox.ac.uk/files/6596/accidental_insider.pdf) a reported case in Salt Lake City concerns an employee of Good Data Systems was fired after losing a USB stick containing 6000 medical records, despite being regarded as a ‘terrific employee’

● (https://www.justice.gov/opa/pr/chinese-national-sentenced-economic-espionage-and-theft-trade-secret-us-company) While employed by a cleared company, Xu stole proprietary software and source code information for his own profit

The employee normally have the authorization to perform the everyday work activities, the challenge is detection of insider threat as companies hire staff and believes that hired people can be trusted and tends to have faith in their judgement when it comes to the organization’s best interest.