Insider Threat Mitigation Practical Tools and Products
The Focus Groups supported the Insider Threat Mitigation International Working Group by conducting in-depth analysis on five key topics identified by participants at the 2019 Symposium: national policy and regulatory frameworks, trustworthiness and reliability, cybersecurity, physical protection and technical measures, and security culture.
Focus Group Products
Personnel Vetting for Nuclear and Radioactive Materials Security
The cornerstone of a robust nuclear security regime is the development of a national legislative and regulatory framework that provides the legal basis for physical protection of nuclear and other radioactive materials. Find out how other INFCIRC/908 member states approach personnel vetting for nuclear and radioactive materials security by reviewing the findings from this 2023 survey.
Download Personnel Vetting PracticesBehavioral Observation Exercise
This realistic scenario explores employee behavioral changes to determine whether an insider threat is present. Using Mentimeter questions, work to identify whether an employee is a potential insider adversary, what kinds of further investigation might be warranted, and how to get more information about the situation. Exercise materials are available in English, Arabic, and French.
Download the Behavioral Observation ExerciseEnglish | Arabic | FrenchNuclear Facilities: Cybersecurity Critical Positions – Best Practices Guide for Insider Threat Mitigation
While cyber outsider adversaries remain a key concern of nuclear facilities worldwide, the cyber insider adversary poses a unique challenge to operational and security teams. By focusing on critical cybersecurity roles and responsibilities common to most, if not all, nuclear facilities, it is possible to provide practical guidance to prevent and protect against the emergence of a cyber insider threat.
Download Nuclear Facilities Best PracticesRadiological Facilities: Cybersecurity Critical Positions – Best Practices Guide for Insider Threat Mitigation
Users of radioactive sources, such as research institutes, universities, medical facilities, or commercial companies, need to consider potential cybersecurity risks. In addition to offering mitigation recommendations to associated risks, this document provides practitioners an overview of common cybersecurity roles and responsibilities at radiological facilities that pose unique insider threat mitigation challenges.
Download Radiological Facilities Best PracticesCybersecurity Survey Applied to Nuclear and Radioactive Facilities
This survey provides a way to assess the maturity of a nuclear and radiological facility’s cybersecurity posture. By surveying facility operators, radiation protection officers, security personnel, and operations managers, users can better understand how cybersecurity is handled at a specific facility and begin to identify proactive steps for preventing insider threats. Available in English and Spanish.
Download the Cybersecurity SurveyEnglish | SpanishNuclear Facility Risk Management Exercise: Cybersecurity and the Insider Threat
Acting as the head of cybersecurity for a nuclear facility, conduct a systematic investigation of a potential threat. Use this cybersecurity risk management exercise to better understand why a structured approach to cybersecurity is critical in protecting nuclear and radiological assets and to identify methodologies and frameworks for building cybersecurity.
Download the Cybersecurity ExerciseCyber Insider Exercise for Radiological Sources
Cybersecurity isn’t just about outside adversaries. Understand how cybersecurity is affected by an insider attack and walk through a hypothetical scenario from an attacker’s and investigator’s perspective to identify vulnerabilities as well as mitigation opportunities. This exercise is available in long and short versions that can be used in an organization’s training.
Download the Cyber Insider TrainingInternational Working Group Events and Materials
Stay on top of IWG developments with regular updates, including newsletters and meeting summaries, which provide insights into recent activities and future plans.