Important Compliance & Legal Disclaimer
Legal compliance and employee privacy requirements for monitoring vary significantly by state, country, and industry. The informational frameworks provided below do NOT constitute legal advice. Organizations must consult qualified legal counsel, privacy officers, and human resource leadership prior to executing monitoring programs.
How to Use the Insider Risk Body of Knowledge
The ITMG® Insider Risk Body of Knowledge is a public knowledge hub for understanding insider risk, insider threat, and insider risk exposure management. It is designed to help practitioners, executives, legal and privacy stakeholders, HR leaders, analysts, investigators, data owners, and risk leaders find practical, well-organized guidance without duplicating the Insider Risk Capability Framework™.
The Body of Knowledge is the applied learning layer. The Insider Risk Capability Framework™ remains the canonical capability and maturity model. The BoK explains concepts, use cases, tools, procedures, standards, laws, personas, metrics, and examples, then links back to the IRCF™ where formal capability alignment is needed.
What the BoK is for
What the BoK is not
Recommended navigation paths
#### For executives
Start with What is insider risk?, Insider risk vs. insider threat, What is insider risk exposure management?, Why programs fail when they manage only alerts, and Insider risk metrics and KPIs. Then explore RiskTKO® and the Guided Exposure Assessment.
#### For program leaders
Start with How to build an insider risk program, How to mature an insider risk program, the IRCF™ hub, governance topics, procedures, templates, and the standards hub.
#### For analysts and investigators
Start with the Insider Threat Matrix hub, use cases, monitoring topics, analysis topics, investigation procedures, evidence concepts, and case studies.
#### For legal, privacy, and HR stakeholders
Start with Employee monitoring and trust, personnel assurance, oversight and compliance, laws and regulations, investigation governance, training, and workforce lifecycle use cases.
#### For technology and data teams
Start with data protection, IAM, privileged access, AI and insider risk, tool-category pages, data exfiltration use cases, and access review procedures.
Standardized learning structure
Every page in the Body of Knowledge is structured around a consistent, multi-dimensional learning model. Readers will find clear definitions, real-world examples, canonical framework alignments, and practical next steps to ensure that learning easily translates into operational insights.
Navigating framework alignments
Framework alignments indicate which components of the Insider Risk Capability Framework™ (IRCF™) apply to a given topic. While the IRCF™ serves as the canonical capability and maturity source, the Body of Knowledge provides the corresponding applied context, examples, and educational material.
Transitioning from learning to execution
When public education transitions into active program implementation, the Body of Knowledge provides direct routing to RiskTKO®, Guided Exposure Assessments, and ITMG® advisory services. This ensures that readers have clear, professional pathways to operationalize their learning.
Insider Risk Capability Framework™ Alignment
Canonical Framework Context
The Insider Risk Capability Framework™ (IRCF™) represents the canonical capability and maturity model for enterprise programs. The Body of Knowledge acts as an educational and navigation layer that complements the IRCF™'s structured components.
Insider Threat Matrix™ Alignment
Behavioral Taxonomy Reference
The Insider Threat Matrix™ is a highly useful behavioral taxonomy for investigative alignment. By cross-referencing tactical threat behaviors, the Matrix enriches the capability-centric view provided by the IRCF™.