Year
2025
Abstract
Insider threat is a wicked problem, and at nuclear facilities, a malicious insider event can have particularly grave and far-reaching consequences. Detecting and preventing intentional insider acts is difficult; furthermore, there is no standard methodology to measure the effectiveness of insider threat mitigation (ITM) programs at nuclear facilities. Security program effectiveness can be measured in many ways, including vulnerability assessments, performance evaluations, penetration testing, etc. Unfortunately, none of these approaches specifically addresses ITM in a holistic fashion. The presentation will describe a practical approach for nuclear facilities to implement an ITM program self-assessment process, including preparing for self-assessment, conducting the self-assessment, reviewing the self-assessment results, and measuring progress against security enhancement goals.