Best Practices for Insider Threats

SIFMA has created an updated Insider Threat Best Practices Guide (“Guide”) to help provide a framework for firms’ insider threat mitigation programs, and to help them understand the legal, regulatory, and best practices context which shape insider threat management. 

This Guide addresses current rules and regulations around how firms should govern their insider surveillance, including federal, state and international privacy laws. The features of the Guide include sections detailing the core components of a good Insider Threat program, which are driven by the NIST Cybersecurity Framework – Identify, Protect, Detect, Respond and Recover. The Guide also includes updated use cases, in particular those that are specific to incidents that have occurred in the financial services sector.

Additionally, the Guide contains data collected from our Insider Threat Benchmarking Survey, which was completed by over 25 of our Members. The survey asked key questions regarding the contents of an Insider Threat Program, the manner and frequency of reporting, and the type of triggers a firm should look for to detect potential risks of insider behavior, among other helpful data.