Insider Risk Evaluation and Audit

Abstract : The purpose of this study is to present the rationale, previous research, and process for developing a tool to be used for detecting insider risk within an organization. Based on past studies of insider behavior, the authors identify several areas of effective management intervention to mitigate the probability of damaging behaviors. For each area, a series of self-audit questions point to the presence or absence of policies, safeguards, or best practices that should be considered by security or other management personnel as proactive measures to minimize insider risk.