| dc.description.abstract | Public institutions need to understand the vulnerabilities and risks associated with insider threats
and implement sound information security practices to defend against them. It is important to
note that effective management of insider threats requires a risk-based and organizational-wide
approach that includes various stakeholders.
The research revealed several information security weaknesses that insiders are likely to exploit
in public institutions. The underlying cause of these weaknesses is public institution‟s failure to
fully or effectively implement information security programs, which involve assessing and
managing risk, implementing both technical and non-technical controls, developing and
implementing security policies and procedures, promoting security awareness and training,
monitoring the adequacy of security controls, and implementing appropriate remedial actions.
The proposed framework is drawn from existing information security best practices and
standards, as well as from the research findings to provide guidance for public institutions to
improve their position against insider threats. The proposed framework provides an enterprise wide solution to insider threats. The proposed framework consists of four security layers:
Information Security Governance, Insider Risk Management, Defense-in-depth strategy and
Continuous Information Security Improvement. Public institutions should deploy and enforce
controls at each layer to address the insider problem. The four layers do not operate
independently of each other, rather, the implementation of controls across all four layers form the
core of this approach | en_US |
