LEI3044: A successful threat management strategy can reduce the risk posed by a person of concern, prevent an insider incident, and protect the organization and its people.

Group Assignment : Insider Threat Mitigation

Surveys indicate that many workers are reluctant to report unethical practices, including stealing in the workplace. Although a law was passed to counter unethical corporate behaviour and protect workers who report unethical activities, many employees still face loss of their jobs or ridicule if they blow the whistle on corporate misconduct (Spherion, 2006) Further, it has been reported that nearly 25% percent of young workers aged 18 to 24 do not believe that stealing office supplies for personal use is wrong.

Many steal employer property, including pens, pencils, paper, self-adhesive notepads, and paper clips without regard to the activity’s illegality. Employee theft costs American business over $40 billion each year.

(Wulfhorst, 2006) Unethical behaviour, dishonesty and theft in the workplace often occur in a gradual incremental process. Theft, in particular stems from a complex set of causes. Foremost among them is simply that an opportunity to steal arises, because chances of getting caught are low.

Additional causes include low workforce morale, employees’ sense that they are being underpaid and minimal consequences for getting caught stealing (Walsh, 2000) As seemingly insignificant misconduct and theft go undetected, perpetrators often rationalize larger transgressions. Even high-level executives can become tempted to steal. Consider Dale Frantz, the former chief information officer of Auto Warehousing Company.

Frantz embezzled more than $500,000 from his company during 2007-2009 and was sentenced to nearly 6 years in prison. He used a number of strategies to steal the funds, including writing up fraudulent invoices for expense reports and changing legitimate reports to maximize his reimbursements. In addition, he used company funds to buy computer equipment that he resold on the Internet.

Question :

A successful threat management strategy can reduce the risk posed by a person of concern, prevent an insider incident, and protect the organization and its people.

As a team in the security department, you are required to build an insider threat mitigation program for your company.
a) Plan
i. Management responsibility
ii. Establish goals/objectives
b) Organize and equipment
i. Detecting and identifying insider threats
ii. Threat management team
iii. Assess insider threats
c) Train and execute
i. Suggest ways to execute the plan
d) Evaluation and Improvement
i. Audit
ii. Compliance