Potential indicators and possible precursors of insider threat include behaviors such as inordinate, long-term job dissatisfaction; attempts to gain access to information that is not required for job performance; unexplained access to financial resources; bullying or sexual harassment of fellow employees; workplace violence; and other serious violations of the policies, procedures, directives, rules, or practices of organizations. Security awareness training includes how to communicate employee and management concerns regarding potential indicators of insider threat through appropriate organizational channels in accordance with established organizational policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role (e.g., training for managers may be focused on specific changes in the behavior of team members, while training for employees may be focused on more general observations). 

Priority: High 

Category: Security Awareness Training 

Services Associated with AWS: 

  • AWS Identity and Access Management (IAM), AWS Security Hub, AWS Security Training and Certification

Objective Evidence:   

Administrative: documented policies, standards & procedures
Administrative: supporting documentation of role-based security training being performed
Administrative: Incident Response Plan (IRP) practices that cover the intake and triage of event reporting

Possible Technology Considerations :

  • Learning Management System (LMS)

What needs to be answered :  

Does security training include how to communicate employee and management concerns regarding potential indicators of insider threat? (Job dissatisfaction, attempts to gain access to info not required for their job, etc.)


  •  Insider Threat Recognition and Reporting Training
    Description This check ensures that security awareness training includes specific modules on recognizing and reporting potential indicators of insider threats Personnel are educated on the behaviors, warning signs, and patterns associated with insider threats They are trained to be vigilant and to promptly report any suspicious activities or concerns related to insider threats to the appropriate authorities or designated security personnel
  • Incorporate Insider Threat Awareness in Security Training
    Description This check verifies that insider threat awareness is integrated into the overall security training provided to personnel The training covers the concept of insider threats, common indicators, and the importance of reporting potential threats It emphasizes the role of each individual in maintaining a secure environment and mitigating insider threats
  • Promote a Culture of Insider Threat Awareness
    Description This check ensures that organizations foster a culture of insider threat awareness among their personnel This is achieved through ongoing security training, periodic reminders, and communication campaigns that emphasize the significance of recognizing and reporting potential indicators of insider threats It encourages all employees to be active participants in safeguarding against insider threats

More Details:  

Insider threat policies and training programs are in place for all company employees.