https://community.isc2.org/t5/Governance-Risk-Compliance/Internal-Threat-Control-Framework/m-p/55266#M763 <P>Hi all,</P><P>&nbsp;</P><P>I would like to do an assessment on our control environment to mitigate risk associated with insider threats.&nbsp;</P><P>&nbsp;</P><P>Can someone recommend a control framework to use for this or have a template they are willing to share?</P><P>&nbsp;</P><P>Thanks&nbsp;</P> Fri, 18 Nov 2022 00:03:53 GMT thecloseman 2022-11-18T00:03:53Z https://community.isc2.org/t5/Governance-Risk-Compliance/Internal-Threat-Control-Framework/m-p/55266#M763 <P>Hi all,</P><P>&nbsp;</P><P>I would like to do an assessment on our control environment to mitigate risk associated with insider threats.&nbsp;</P><P>&nbsp;</P><P>Can someone recommend a control framework to use for this or have a template they are willing to share?</P><P>&nbsp;</P><P>Thanks&nbsp;</P> Fri, 18 Nov 2022 00:03:53 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Internal-Threat-Control-Framework/m-p/55266#M763 thecloseman 2022-11-18T00:03:53Z https://community.isc2.org/t5/Governance-Risk-Compliance/Internal-Threat-Control-Framework/m-p/55270#M764 <P>Not knowing your industry, I might suggest that you start with the following resources:</P><P>&nbsp;</P><P><A href="https://www.cisa.gov/sites/default/files/publications/fact-sheet-insider-threat-mitigation-program-092018-508.pdf" target="_blank">https://www.cisa.gov/sites/default/files/publications/fact-sheet-insider-threat-mitigation-program-092018-508.pdf</A></P><P>&nbsp;</P><P><A href="https://www.cisa.gov/insider-threat-mitigation" target="_blank">https://www.cisa.gov/insider-threat-mitigation</A></P><P>&nbsp;</P><P>Lots of information that will hopefully assist you.</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P> Fri, 18 Nov 2022 02:52:41 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Internal-Threat-Control-Framework/m-p/55270#M764 dcontesti 2022-11-18T02:52:41Z https://community.isc2.org/t5/Governance-Risk-Compliance/Internal-Threat-Control-Framework/m-p/55293#M765 <P>dcontesti pointed to what I would consider an excellent resource from CISA.</P><P>The below I found useful, but the 'meat and potatoes', so to speak, can be found starting on page 28 I believe.</P><P><A href="https://www.cisa.gov/sites/default/files/publications/Insider%20Threat%20Mitigation%20Guide_Final_508.pdf" target="_blank" rel="noopener">https://www.cisa.gov/sites/default/files/publications/Insider%20Threat%20Mitigation%20Guide_Final_508.pdf</A></P> Sun, 20 Nov 2022 08:30:37 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Internal-Threat-Control-Framework/m-p/55293#M765 mtwining86 2022-11-20T08:30:37Z