MRO develops new tools and resources to mitigate risk

This article is an update to Understanding Insider Threats – Midwest Reliability Organization (mro.net), which was published on May 5, 2023.

As a result of the risk identification work conducted in 2023, MRO and its organizational groups predict that the risk of insider threats will remain elevated in 2024. To help address this risk, MRO’s Security Department, with support of the Security Advisory Council, has created a checklist and benchmarking tool for registered entities to begin development of, or enhance existing, insider threat policies and procedures.

The checklist has both a policy section and a program section. The policy section builds the framework for an Insider Threat Program and recommends creation of a cross-departmental implementation group. The program section describes what the implementation group would be responsible for developing in fulfillment of the policy. The document describes essential considerations when developing an Insider Threat Program from the ground up, or in assessing an organization’s existing program for completeness. Because a broad range of organizational variations exist, the document is not all inclusive and can be tailored to the entity.

The benchmarking tool helps assess the maturity of an organization’s program. It is primarily based on the Insider Threat Program Maturity Framework authored by the National Insider Threat Task Force.

The intended audience of these documents is electricity industry security professionals. Neither will be available publicly. To request a copy, please complete this brief survey: https://www.surveymonkey.com/r/9W3G377.

– Lee Felter, MRO Principal Security Engineer