Foundations Hub — Topic 10 of 10
Keyword: Insider Risk Body of Knowledge

How to use the Insider Risk Body of Knowledge

An orientation guide explaining the role of the Body of Knowledge, how it integrates with the Insider Risk Capability Framework™, and how to navigate its structured learning paths.

Topic Focus

Knowledge Base Navigation and Structure.

Role Focus

Cross-Functional / Governance

Important Compliance & Legal Disclaimer

Legal compliance and employee privacy requirements for monitoring vary significantly by state, country, and industry. The informational frameworks provided below do NOT constitute legal advice. Organizations must consult qualified legal counsel, privacy officers, and human resource leadership prior to executing monitoring programs.

How to Use the Insider Risk Body of Knowledge

The ITMG® Insider Risk Body of Knowledge is a public knowledge hub for understanding insider risk, insider threat, and insider risk exposure management. It is designed to help practitioners, executives, legal and privacy stakeholders, HR leaders, analysts, investigators, data owners, and risk leaders find practical, well-organized guidance without duplicating the Insider Risk Capability Framework™.

The Body of Knowledge is the applied learning layer. The Insider Risk Capability Framework™ remains the canonical capability and maturity model. The BoK explains concepts, use cases, tools, procedures, standards, laws, personas, metrics, and examples, then links back to the IRCF™ where formal capability alignment is needed.

What the BoK is for

Understanding insider risk and insider threat terminology.
Learning how insider risk topics connect to business exposure.
Finding use cases such as leaver risk, data exfiltration, privileged user misuse, shadow AI, contractor risk, and sabotage.
Understanding tool categories such as UAM, UEBA, DLP, SIEM, IAM, PAM, case management, and exposure management.
Learning about governance, monitoring, analysis, investigation, access, data protection, personnel assurance, compliance, training, and reporting topics.
Finding high-level procedures, checklists, templates, metrics, standards, laws, and case-study references.
Navigating from public education to RiskTKO®, Guided Exposure Assessments, ITMG® Academy, and ITMG® advisory support when deeper execution is required.

What the BoK is not

It is not a replacement for the Insider Risk Capability Framework™.
It is not legal advice.
It is not a full implementation manual.
It does not disclose RiskTKO® proprietary scoring, prioritization, workflows, dashboards, or assessment logic.
It does not provide detailed detection engineering, investigation playbooks, or control implementation recipes that should remain protected or service-led.

Recommended navigation paths

#### For executives

Start with What is insider risk?, Insider risk vs. insider threat, What is insider risk exposure management?, Why programs fail when they manage only alerts, and Insider risk metrics and KPIs. Then explore RiskTKO® and the Guided Exposure Assessment.

#### For program leaders

Start with How to build an insider risk program, How to mature an insider risk program, the IRCF™ hub, governance topics, procedures, templates, and the standards hub.

#### For analysts and investigators

Start with the Insider Threat Matrix hub, use cases, monitoring topics, analysis topics, investigation procedures, evidence concepts, and case studies.

#### For legal, privacy, and HR stakeholders

Start with Employee monitoring and trust, personnel assurance, oversight and compliance, laws and regulations, investigation governance, training, and workforce lifecycle use cases.

#### For technology and data teams

Start with data protection, IAM, privileged access, AI and insider risk, tool-category pages, data exfiltration use cases, and access review procedures.

Standardized learning structure

Every page in the Body of Knowledge is structured around a consistent, multi-dimensional learning model. Readers will find clear definitions, real-world examples, canonical framework alignments, and practical next steps to ensure that learning easily translates into operational insights.

Navigating framework alignments

Framework alignments indicate which components of the Insider Risk Capability Framework™ (IRCF™) apply to a given topic. While the IRCF™ serves as the canonical capability and maturity source, the Body of Knowledge provides the corresponding applied context, examples, and educational material.

Transitioning from learning to execution

When public education transitions into active program implementation, the Body of Knowledge provides direct routing to RiskTKO®, Guided Exposure Assessments, and ITMG® advisory services. This ensures that readers have clear, professional pathways to operationalize their learning.

Insider Risk Capability Framework™ Alignment

Canonical Framework Context

The Insider Risk Capability Framework™ (IRCF™) represents the canonical capability and maturity model for enterprise programs. The Body of Knowledge acts as an educational and navigation layer that complements the IRCF™'s structured components.

IRCF™ is the canonical capability source.Framework Hub

Insider Threat Matrix™ Alignment

Behavioral Taxonomy Reference

The Insider Threat Matrix™ is a highly useful behavioral taxonomy for investigative alignment. By cross-referencing tactical threat behaviors, the Matrix enriches the capability-centric view provided by the IRCF™.

The Insider Threat Matrix™ is an open-source investigative taxonomy maintained by Forscie Limited for computer-enabled insider investigations.

Frequently Asked Questions