Search
Filters
Close

Global Technology Audit Guide (GTAG): Auditing Insider Threat Programs

Insiders have the advantage over external attackers because of their access to the organization’s systems and knowledge of the security environment, including vulnerabilities such as loosely enforced policies or flaws in systems design.

Organizations should consider policies, procedures, and technologies to mitigate insider threats against critical assets. This GTAG defines key terms in the insider threat universe and offers recommendations auditors can make to improve existing programs or to create new ones.

It also distinguishes between malicious and nonmalicious incidents and describes behaviors that may precede a threat action.

PDF

$0.00
$25.00
//when a customer clicks 'Enter' button we submit the "add to cart" button (if visible)
$25.00

This Practice Guide is provided as a service to members of The IIA. To learn more about the value of an IIA membership, click here. 

This GTAG helps internal auditors understand insider threats and related risks by providing an overview of common dangers, key risks, and potential impacts.

Additionally, the guide presents examples of security frameworks from globally recognized and accepted sources including Carnegie Mellon University Software Engineering Institute, the National Institute of Standards and Technology (NIST), and the U.S. Intelligence and National Security Alliance (INSA), controls, and other resources that can help during the planning and execution of audit engagements. Organizations should base their choice of framework on their unique situation, weighing factors such as their industry, size, complexity, and applicability of the selected framework.

For organizations that already have insider threat programs, this guidance can help internal auditors design assurance engagements to assess the program’s effectiveness.

Item number 10.1301.dl

This Practice Guide is provided as a service to members of The IIA. To learn more about the value of an IIA membership, click here. 

This GTAG helps internal auditors understand insider threats and related risks by providing an overview of common dangers, key risks, and potential impacts.

Additionally, the guide presents examples of security frameworks from globally recognized and accepted sources including Carnegie Mellon University Software Engineering Institute, the National Institute of Standards and Technology (NIST), and the U.S. Intelligence and National Security Alliance (INSA), controls, and other resources that can help during the planning and execution of audit engagements. Organizations should base their choice of framework on their unique situation, weighing factors such as their industry, size, complexity, and applicability of the selected framework.

For organizations that already have insider threat programs, this guidance can help internal auditors design assurance engagements to assess the program’s effectiveness.

Item number 10.1301.dl

Products specifications
Item Number 10.1301.dl