2.8 Insider Threat Program
There is a growing need to have an integrated insider threat program to proactively address insider threats. An integrated program is holistic and covers fraud, theft of PII, theft of IP, bribery and corruption, cyber attacks, etc. An integrated program includes management of the various risks across the employee life cycle. Internal auditors may consider conducting a review of the organization’s Insider Threat Program, to ensure an integrated framwork exists among the various pillars such as Investigations, Cyber, Fraud, Ethics, Privacy, etc. This ensures the right processes are in place to help organizations detect threats earlier and respond efficiently to reduce the impact of an incident.