Prioritization based framework of Best Practices for Mitigating Insider Threats in Organizations

Over the years, insider threat incidents have been regarded as critical due to their potential to cause significant organizational damage, including the loss of sensitive information, financial loss, and reputational harm. This study aims to explore best practices for mitigating insider threats in organizations and to develop a taxonomy of practices that effectively address these threats. We have identified 52 best practices and categorized them into four knowledge areas: compliance, top management, human resources, and technical issues. These categories offer organizations a structured framework to integrate into their daily operations for effective threat mitigation. Furthermore, the analytic hierarchy process (AHP) method has been employed to evaluate the relative importance of the practices within each knowledge area. Our findings reveal that the technical knowledge area (0.355) is the most significant category, followed by the human resources category (0.258). This developed AHP-based taxonomy of best practices can enhance awareness and management activities to assess and improve the approach to addressing these critical risks.