Practice AT.L2-3.2.3 Details - Revision history

David at 01:18, 16 March 2025

2025-03-16T01:18:51Z

← Older revision		Revision as of 01:18, 16 March 2025
Line 13:		Line 13:
	'''Examine'''		'''Examine'''

	[SELECT FROM: Security awareness and training policy; procedures addressing security awareness training implementation;security awareness training curriculum;security awareness training materials; insider threat policy and procedures; system security plan;other relevant documents or records].		[SELECT FROM: Security awareness and training policy; procedures addressing security awareness training implementation; security awareness training curriculum; security awareness training materials; insider threat policy and procedures; system security plan; other relevant documents or records].

	'''Interview'''		'''Interview'''
Line 26:		Line 26:
	Potential indicators and possible precursors of insider threat include behaviors such as: inordinate, long-term job dissatisfaction; attempts to gain access to information that is not required for job performance; unexplained access to financial resources; bullying or sexual harassment of fellow employees; workplace violence; and other serious violations of the policies, procedures, directives, rules, or practices of organizations. Security awareness training includes how to communicate employee and management concerns regarding potential indicators of insider threat through appropriate organizational channels in accordance with established organizational policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role (e.g., training for managers may be focused on specific changes in behavior of team members, while training for employees may be focused on more general observations).		Potential indicators and possible precursors of insider threat include behaviors such as: inordinate, long-term job dissatisfaction; attempts to gain access to information that is not required for job performance; unexplained access to financial resources; bullying or sexual harassment of fellow employees; workplace violence; and other serious violations of the policies, procedures, directives, rules, or practices of organizations. Security awareness training includes how to communicate employee and management concerns regarding potential indicators of insider threat through appropriate organizational channels in accordance with established organizational policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role (e.g., training for managers may be focused on specific changes in behavior of team members, while training for employees may be focused on more general observations).
	=== FURTHER DISCUSSION ===		=== FURTHER DISCUSSION ===
	An insider threat is the threat that an insider will use their authorized access, wittingly or unwittingly, to do harm. Insider threat security awareness training focuses on recognizing employee behaviors and characteristics that might be indicators of an insider threat and the guidelines and procedures to handle and report it. Training for managers will provide guidance on observing team members to identify all potential threat indicators, while training for general employees will provide guidance for focusing on a smaller number of indicators.Employee behaviors will vary depending on roles, team membership, and associated information needs. The person responsible for specifying insider threat indicators must be cognizant of these factors. Because of this, organizations may choose to tailor the training for specific roles. This practice does not require separate training regarding insider threat. Organizations may choose to integrate these topics into their standard security awareness training programs.		An insider threat is the threat that an insider will use their authorized access, wittingly or unwittingly, to do harm. Insider threat security awareness training focuses on recognizing employee behaviors and characteristics that might be indicators of an insider threat and the guidelines and procedures to handle and report it. Training for managers will provide guidance on observing team members to identify all potential threat indicators, while training for general employees will provide guidance for focusing on a smaller number of indicators. Employee behaviors will vary depending on roles, team membership, and associated information needs. The person responsible for specifying insider threat indicators must be cognizant of these factors. Because of this, organizations may choose to tailor the training for specific roles. This practice does not require separate training regarding insider threat. Organizations may choose to integrate these topics into their standard security awareness training programs.

	'''Example'''		'''Example'''

David at 22:36, 15 March 2025

2025-03-15T22:36:31Z

← Older revision		Revision as of 22:36, 15 March 2025
Line 1:		Line 1:
	'''Source of Reference: The official [https://~~www~~.~~acq~~.~~osd.mil~~/cmmc/~~documentation.html~~ CMMC Level 2 Assessment Guide] from the ~~Office of the Under Secretary~~ of Defense ~~Acquisition & Sustainment~~.'''		'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 2 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).'''

	For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you.		For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you.

Wikiadmin: /* POTENTIAL ASSESSMENT METHODS AND OBJECTS */

2022-02-24T20:01:30Z

POTENTIAL ASSESSMENT METHODS AND OBJECTS

← Older revision		Revision as of 20:01, 24 February 2022
Line 20:		Line 20:

	'''Test'''		'''Test'''

	[SELECT FROM: Mechanisms managing insider threat training].		[SELECT FROM: Mechanisms managing insider threat training].

	=== DISCUSSION ===		=== DISCUSSION ===
	Potential indicators and possible precursors of insider threat include behaviors such as: inordinate, long-term job dissatisfaction; attempts to gain access to information that is not required for job performance; unexplained access to financial resources; bullying or sexual harassment of fellow employees; workplace violence; and other serious violations of the policies, procedures, directives, rules, or practices of organizations. Security awareness training includes how to communicate employee and management concerns regarding potential indicators of insider threat through appropriate organizational channels in accordance with established organizational policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role (e.g., training for managers may be focused on specific changes in behavior of team members, while training for employees may be focused on more general observations).		Potential indicators and possible precursors of insider threat include behaviors such as: inordinate, long-term job dissatisfaction; attempts to gain access to information that is not required for job performance; unexplained access to financial resources; bullying or sexual harassment of fellow employees; workplace violence; and other serious violations of the policies, procedures, directives, rules, or practices of organizations. Security awareness training includes how to communicate employee and management concerns regarding potential indicators of insider threat through appropriate organizational channels in accordance with established organizational policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role (e.g., training for managers may be focused on specific changes in behavior of team members, while training for employees may be focused on more general observations).

Wikiadmin: Created page with "'''Source of Reference: The official [https://www.acq.osd.mil/cmmc/documentation.html CMMC Level 2 Assessment Guide] from the Office of the Under Secretary of Defense Acquisition & Sustainment.''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == AT.L2-3.2.3 – INSIDER THREAT AWARENESS == === SECURITY REQUIREMENT === Provide security awareness training on recognizing and reporting potential indicators of..."

2022-02-24T20:01:18Z

Created page with "'''Source of Reference: The official [https://www.acq.osd.mil/cmmc/documentation.html CMMC Level 2 Assessment Guide] from the Office of the Under Secretary of Defense Acquisition & Sustainment.''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == AT.L2-3.2.3 – INSIDER THREAT AWARENESS == === SECURITY REQUIREMENT === Provide security awareness training on recognizing and reporting potential indicators of..."

New page

'''Source of Reference: The official [https://www.acq.osd.mil/cmmc/documentation.html CMMC Level 2 Assessment Guide] from the Office of the Under Secretary of Defense Acquisition & Sustainment.'''

For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you.

== AT.L2-3.2.3 – INSIDER THREAT AWARENESS ==
=== SECURITY REQUIREMENT ===
Provide security awareness training on recognizing and reporting potential indicators of insider threat.
=== ASSESSMENT OBJECTIVES ===
Determine if:
: [a] potential indicators associated with insider threats are identified; and
: [b] security awareness training on recognizing and reporting potential indicators of insider threat is provided to managers and employees.
=== POTENTIAL ASSESSMENT METHODS AND OBJECTS ===
'''Examine'''

[SELECT FROM: Security awareness and training policy; procedures addressing security awareness training implementation;security awareness training curriculum;security awareness training materials; insider threat policy and procedures; system security plan;other relevant documents or records].

'''Interview'''

[SELECT FROM: Personnel that participate in security awareness training; personnel with responsibilities for basic security awareness training; personnel with information security responsibilities].

'''Test'''
[SELECT FROM: Mechanisms managing insider threat training].
=== DISCUSSION ===
Potential indicators and possible precursors of insider threat include behaviors such as: inordinate, long-term job dissatisfaction; attempts to gain access to information that is not required for job performance; unexplained access to financial resources; bullying or sexual harassment of fellow employees; workplace violence; and other serious violations of the policies, procedures, directives, rules, or practices of organizations. Security awareness training includes how to communicate employee and management concerns regarding potential indicators of insider threat through appropriate organizational channels in accordance with established organizational policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role (e.g., training for managers may be focused on specific changes in behavior of team members, while training for employees may be focused on more general observations).
=== FURTHER DISCUSSION ===
An insider threat is the threat that an insider will use their authorized access, wittingly or unwittingly, to do harm. Insider threat security awareness training focuses on recognizing employee behaviors and characteristics that might be indicators of an insider threat and the guidelines and procedures to handle and report it. Training for managers will provide guidance on observing team members to identify all potential threat indicators, while training for general employees will provide guidance for focusing on a smaller number of indicators.Employee behaviors will vary depending on roles, team membership, and associated information needs. The person responsible for specifying insider threat indicators must be cognizant of these factors. Because of this, organizations may choose to tailor the training for specific roles. This practice does not require separate training regarding insider threat. Organizations may choose to integrate these topics into their standard security awareness training programs.

'''Example'''

You are responsible for training all employees on the awareness of high-risk behaviors that can indicate a potential insider threat [b]. You educate yourself on the latest research on insider threat indicators by reviewing a number of law enforcement bulletins [a]. You then add the following example to the training package: A baseline of normal behavior for work schedules has been created. One employee’s normal work schedule is 8:00 AM–5:00 PM, but another employee noticed that the employee has been working until 9:00 PM every day even though no projects requiring additional hours have been assigned [b].The observing employee reports the abnormal work schedule using the established reporting guidelines.

'''Potential Assessment Considerations'''
* Do training materials include potential indicators associated with insider threats (e.g., repeated security violations, unusual work hours, unexpected significant transfers of data, suspicious contacts, concerning behaviors outside the workplace) [a,b]?
* Do training materials include methods of reporting potential indicators of insider threats to management or responsible security personnel [b]?
=== KEY REFERENCES ===
* NIST SP 800-171 Rev 2 3.2.3