IR-4(7): Insider Threats – Intra-Organization Coordination

Control Family:

Incident Response


(Not part of any baseline)

Next Version:

Control Statement

The organization coordinates incident handling capability for insider threats across [Assignment: organization-defined components or elements of the organization].

Supplemental Guidance

Incident handling for insider threat incidents (including preparation, detection and analysis, containment, eradication, and recovery) requires close coordination among a variety of organizational components or elements to be effective. These components or elements include, for example, mission/business owners, information system owners, human resources offices, procurement offices, personnel/physical security offices, operations personnel, and risk executive (function). In addition, organizations may require external support from federal, state, and local law enforcement agencies.