Insider Threat Leading Practices
February 18, 2026
Copyright Notice All content is protected by international copyright laws. You may reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that, other than for your own personal use, is strictly prohibited and may constitute a violation of copyright law, resulting in civil and criminal penalties. Contact copyright@theiia.org for permission to use our materials.
Misuse of authorized access to an organization’s critical assets is a significant and complex threat that requires a coordinated, proactive, enterprisewide effort to sufficiently address. This tool is designed to assist auditors in preparing an audit program for insider threats.
Additional resources to use with this IIA Audit Tool
Auditing Insider Threat Programs
Insider Threat Assessment Using NIST Cybersecurity Framework