In our weekly Library Card Series we highlight a selection from our resource library to help introduce the content to our industry partners.

In this weeks library series we will be going over the Cybersecurity and Infrastructure Security Agency’s (CISA) guide on Insider Threat Mitigation Resources. CISA has released a lengthy guide going through all topics about locating, assessing, and countering insider threats. Organization’s assets, systems, and networks, regardless of size or function, are susceptible to disruption or harm by an insider, or someone with institutional knowledge and current or prior authorized access. This status makes it possible for current or former employees, contractors, and other trusted insiders to cause significant damage. Insiders have compromised sensitive information, damaged organizational reputation, caused lost revenue, stolen intellectual property, reduced market share, and even harmed people.

This Insider Threat Mitigation Guide is an evolution in the series of resources CISA makes available on insider threats. This Guide draws from the expertise of some of the most reputable experts in the field to provide comprehensive information to help federal, state, local, tribal, and territorial governments; non-governmental organizations; and the private sector establish or enhance an insider threat prevention and mitigation program. Moreover, this Guide accomplishes this objective in a scalable manner that considers the level of maturity and size of the organization. Below is an overview of what to expect from the CISA guide.


In the first section of the Insider Threats Guide, CISA talks on the costs of insider threats, the return on investment for insider threat mitigation programs, and introduces the concept of an insider threat mitigation program.

Defining Insider Threats:

In the second section of the guide, CISA defines what an insider is and what an insider threat is. They also explain types of insider threats along with expressions of insider threats.

Building An Insider Threat Mitigation Program:

CISA explains the characteristics of a successful insider threat mitigation program, the core principles of the program, the keys for success, and how to establish a successful program.

Detecting and Identifying Insider Threats:

CISA provides an overview of threat detection and identification, progression of an insider threat towards a malicious incident, threat detectors, and threat indicators.

Assessing Insider Threats:

In this this section, CISA lays out the assessment process, violence in threat assessment, profiles, making a threat, posing a threat, leakage in targeted violence, awareness of scrutiny, use of a behavioral scientist, and case considerations for the involvement of law enforcement.

Managing Insider Threats:

CISA explains the characteristics of insider threat management strategies, intervention strategies, managing domestic violence, managing mental health, use of law enforcement in threat management, suspensions and terminations for persons of concern, monitoring and closing cases, and how to avoid common pitfalls.

Conclusion and Appendixes:

In the conclusion, the guide gives a recap of key points along with a final message. “The consequences of an insider incident can ripple through an organization and community with devastating outcomes and long-term negative impacts. As noted throughout this Guide, the goal is to help individuals, organizations, and communities to understand these threats, work toward preventing them, and provide practices that organizations of any size can consider to establish or enhance an insider threat mitigation program.”

MJBizDaily gives real evidence of insider threats within cannabis businesses. According to their article, For Marijuana Companies, Biggest Security Concern Comes From the Inside, roughly 90% of financial and product loss comes from employees. Dan Williams, CEO of Canna Security America says the following; “Almost all theft is internal that we’ve seen.” Steve Owens, CEO of Adherence Information Management, made a comment based on 2014 cannabis sales statistics from Colorado. Owens states that, “If you look at it being a $700 million market in Colorado, (employee theft amounts to) probably 2-3% of that.” Being prepared to deal with insider threats is crucial in protecting financial and physical assets from loss. Instead of waiting until an incident occurs, take action and prepare for all potential insider threat scenarios.


We encourage you to read the CISA Insider Threat Mitigation Resources guide to learn more.

To find more valuable resources covering a wide variety of topics, visit the resource section of our website, and check back to our blog every Tuesday for our Library Card Series where we highlight different resources from the library.