This GTAG helps internal auditors understand insider threats and related risks by providing an overview of common traits of main players, key risks, and potential impacts. Additionally, the guide presents security frameworks, techniques, considerations, and resources that can help during the planning and execution of audit engagements.
Key terms in the insider threat universe are defined, and the guide offers recommendations auditors can use to improve existing insider threat programs or create new programs. It distinguishes between malicious and nonmalicious incidents and describes behaviors that may precede a threat action.