Sekuro
Get in Touch
Get in Touch

+61 1800 735 876

Get in Touch
Get in Touch

Managing Insider Threats with ISM 1625/1626

Table of Contents

This blog will bring you through the Australian Information Security Manual (ISM), with a focus on controls ISM1625 and ISM1626 – two key measures for managing insider threats. It aims to highlight the relevance of these controls within the broader security framework and offer guidance on how to effectively implement mitigation strategies and address such threats. It also stresses the importance of obtaining sound legal advice to ensure compliance and protect organisational interests. This content is intended for anyone undertaking an Information Security Registered Assessors Program (IRAP) assessment, providing practical advice for navigating these key aspects of the ISM.

As organisations build controls to manage the ever-changing external threat landscape, they are now challenged with new threats from within. In the last few years, insider risk concerns have grown significantly, now accounting for a large proportion of internal data leaks.

An insider threat is when an insider either intentionally or unintentionally uses their access to conduct activities that could cause harm to, or negatively affect the organisation. To counter the threat, a strong and positive security and integrity culture is required.

An approach to building a robust trusted insider risk program requires a whole business approach, it’s not simply an IT department problem. An insider risk program should focus on four main pillars, these pillars align with the Attorney Generals department’s advice and are outlined below.

The Four Pillars of Insider Risk Management

Onboarding Security Checks

Employee screening and background checks

Training

Conduct employee training and security awareness sessions

Monitoring

Conduct regular risk assessments and invest in threat detection tools

Reporting Mechanisms

Enable reporting systems and enforce a culture of security and trust

The Four Pillars of Insider Risk Management

Onboarding Security Checks

Employee screening and background checks

Training

Conduct employee training and security awareness sessions

Monitoring

Conduct regular risk assessments and invest in threat detection tools

Reporting Mechanisms

Enable reporting systems and enforce a culture of security and trust

Pillar One: Onboarding Security Checks

Trusted insiders can circumvent existing controls to ensure their approaches are successful. Early detection and response are vital to prevent larger-scale losses and mitigate further harms. In this context, consideration should also be given to the risk posed by potential new personnel. This can be identified and addressed during recruitment and onboarding processes.

Employee screening good practices and checks:

  • Many historical cases of espionage and insider attacks involve individuals facing financial difficulties or seeking a lucrative payout. Financial strain can drive employees to compromise security for personal gain. For example, Yahoo’s 2022 lawsuit, which alleged that their former employee stole large amounts of Intellectual Property (IP) upon securing a competitor job offer. Conducting credit checks as part of employee screening helps identify financial distress, such as debt accumulation, which can be an early indicator. This proactive measure supports broader risk management strategies to protect against espionage and data breaches.
  • Outsourcing a background check agency could help the business in collecting financial information on candidates while respecting their privacy for any public knowledge of substantial financial debt.
  • Through the interview process these red flags should be sought out and a health candidate profile should be considered in making the best decision and hire for the business. 
  • Past performances or track records of any insider cases, companies etc. should not be held against the individual or candidate but rather questions should be asked around the manor or instance so the hiring business can make the best possible educated and fair decision based on the interview and onboarding process. 
  • Geopolitical space: it would also be wise to consider the geopolitical space and any national corporate espionage with a strong standing track record, ex China stealing military PI through cybercrime and espionage.

Pillar Two: Training

The initial education for new personnel should be integrated into the onboarding process. This training must be complemented by annual security awareness sessions and continuous communication regarding security, privacy, fraud, and corruption. Organisations should ensure that all insiders, whether permanent or temporary, receive the same level of training and awareness. This ensures personnel understand what constitutes a reportable incident and the process for reporting it. Clear policies should define insider risks and outline the specific steps for making a report.

The training of employees becomes compounded in its effectiveness when:

  • Employees are trained to recognise red flags, suspicious behaviour, and potential threats such as phishing emails.
  • Employees take appropriate security habits so they do not fall prey to attackers that could exploit their authenticated access to compromise the organisation. Building a healthy and positive ‘secure’ working culture will breed better overall secure practices across the individual and combined with the other pillars, can lead to less incidents.
Internal Training Photo | Sekuro

Thus, appropriate training of employees, especially high level or sensitive access individuals, is a very effective and important pillar in thwarting malicious attempts.

Pillar Three: Monitoring

Implementing strategies, processes, and tools to detect, prevent, and respond to potential security threats posed by individuals within an organisation is key. Insider risks can arise from malicious actions, such as intentional data theft or sabotage, as well as from unintentional behaviour, such as inadvertent data exposure or policy violations.

An insider threat approach needs to remain flexible and adaptable therefore monitoring of the program’s implementation is also critical to its success.

When deciding the correct approach, organisations should start by:

  • Establishing clear monitoring objectives: This can help provide direction to what is most important and keep excessive noise from bogging things down. Many times, organisations fall into the trap of wanting to capture or monitor ALL things. This is just simply not achievable for most average sized organisations and their cybersecurity/ risk budget. It can also become a resource restraint on an already lean cybersecurity staff. 
  • Conducting regular risk assessments: This will help the organisation continue to fine tune its monitoring, tracking, and logging, ensuring that as risk to the organisation changes, the monitoring plan and procedures change accordingly to remain inline.

Investing in Threat Detection and response tools:

  • Data Loss Prevention (DLP): Deploy DLP tools to monitor and restrict sensitive data from being emailed or transferred to external devices without authorization.
  • Security Information and Event Management (SIEM): Use SIEM platforms to correlate various data points, enabling faster detection of unusual patterns that might indicate insider threats.
  • Incident response automation: Implement automated response mechanisms to quickly contain potential threats, such as disabling accounts or quarantining compromised systems.
Risk Assessment Meeting | Sekuro

Common threat detection tools can help reduce the burden on the business, resources and help automate the collection and aggregation of monitoring data, logs etc. As great as tools are, they should always be accompanied with a well-trained staff and align to the purpose set out by the organisation, which should be driven by the results of the risk assessments.

Pillar Four: Reporting Mechanisms

Reporting enables employees, contractors, and other personnel to report suspicious behaviours, policy violations, and other activities that could pose risks to the organisation. Effective reporting systems encourage transparency, facilitate early threat detection, and reinforce a culture of security and trust.

Employees are more likely to report suspicious activity if they feel safe from retaliation. Clear policies against retaliation and strong protections for whistleblowers demonstrate organisational commitment to protecting employees who act in good faith. Channels should be available to all employees, including remote or contract workers, to ensure inclusivity across the organisation.

Additionally, organisations should seek legal advice during the development and implementation of a trusted insider risk program due to the nature of some controls having a level of surveillance and a wide range of legislation needs to be considered.

A good rule of thumb is to make all reporting as digestible and easily understood for audiences, not just in the cyber or IT space, but also in other levels of the organisation, as cybersecurity is a holistic team effort and only as strong as the weakest link.

Keeping the reporting clear and concise when moving outside of technical persons will help other departments understand their responsibility and the consequences of breaches, spills or intrusions. 

Cybersecurity is a holistic team effort and only as strong as the weakest link.

If organisations implement the above and begin to develop and maintain their insider threat mitigation program, you will most likely be meeting the control requirements for ISM1625 and ISM1626. Given the nature of the IRAP assessments, it will also be very important to document and maintain with the organisation’s relevant document change management program.

Support for ISM and IRAP Compliance

To meet your ISM or IRAP needs organisations need to ensure their controls are robust and well-aligned with ISM requirements. Sekuro has an expert GRC team ready to guide you through the entire IRAP process. Through ISM/IRAP gap assessments, we can help identify areas of improvement, create a tailored roadmap for addressing those gaps, and drive the necessary uplift efforts. Working alongside your security staff, we provide expert consultation, guidance, and hands-on support in developing or refining policies, protocols, and guidelines to strengthen your organisation’s security posture against insider threats.

GRC Services
Nicolas Baragar

Senior Consultant, GRC and IRAP, Sekuro

Nick is a Senior Consultant on Sekuro’s GRC and IRAP team, dedicated to providing ongoing support and driving effective program outcomes for clients. With over 15 years of experience in the IT and cybersecurity industry, Nick brings a broad depth of real-world knowledge gained through consulting across both the United States and Australia. His core philosophy centres on maintaining an equal balance between people, process, and technology to deliver practical, actionable, and simplified security solutions.

Chris Ekert, Managing Consultant, IRAP
Chris Ekert

GRC Managing Consultant, IRAP, Sekuro

Chris Ekert is a Managing Consultant and IRAP Assessor who leads the IRAP team across Australia, With a multidisciplinary team who specialise with Global Tech Giants across many frameworks. Chris's exposure and input across the wider Governance Risk and Compliance team gives the ability to partake and drive complex engagements.

Sekuro's Latest Insights

.

Blog

Managing Insider Threats with ISM 1625/1626

.

Blog

Is the 2025 Federal Budget Dropping the Ball on Australian Cybersecurity?

.

News

The Adversarial Mindset: Embracing a Proactive Approach to Security – or Staying Left of Bang

.

Cyber Resilience

From Practice to Performance: Building Cyber Resilience through Continuous Preparedness

.

Blog

Top Fragger to Team Leader: Navigating Cybersecurity with Counter-Strike Insights

.

Blog

Unpacking API Security: A Personal Experience with Apple’s Authentication and Access Control Vulnerabilities

Get in Touch

Discover the Smarter Way to Transform Your Organisational Security – Connect with Our Experts Today.

Complete the form and we will get in touch within 24 hours. 










    Solutions

    Application Security

    Cloud Security

    Data Security & Privacy

    Email Security

    Endpoint Security

    Governance, Risk & Compliance

    Managed Security Services

    Identity & Access Management

    Intelligence & Analytics

    Network & Infrastructure Security

    Offensive Security

    OT & IIoT Security

    Strategy & Architecture

    Resources

    Blog

    Case Studies

    About Us

    Our Team

    Technology Partners

    Join Us

    Contact Us

    [email protected]

    +61 1800 735 876

    +65 6610 9597

    Locations

    Australia

    L5, 727 George Street, Sydney 2000, NSW

    L5, 350 Collins Street, Melbourne 3000, VIC

    L2, Suite B, 293 Queen Street, Brisbane 4000 QLD 

    L12, 197 St Georges Terrace, Perth 6000 WA

    89 Pirie Street, Adelaide, 5000 SA

    Singapore

    10 Anson Road, #34-06, International Plaza, Singapore 079903

    Philippines

    16th floor, Bonifacio Stopover Corporate Center, 31st, Corner 2nd Ave, Taguig 1634

    Malaysia

    B-5-8 Plaza Mont Kiara, Mont Kiara 50480, Kuala Lumpur 

    United Kingdom

    1 St Katharine's Way, London E1W 1UN, United Kingdom

    Terms of Use

    Privacy Policy

    Cookie Policy

    ©2025 - Sekuro | All Rights Reserved

    Sekuro
    Linkedin Instagram X-twitter Facebook Youtube

    ©2025 - Sekuro | All Rights Reserved

    In the spirit of reconciliation, Sekuro acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today. We also extend our respect to all the indigenous peoples of the planet.

    Website design by Mindesigns

    Aidan Tudehope

    Co-Founder of Macquarie Technology

    Aidan Tudehope, Co-Founder of Macquarie Technology

    Aidan is co-founder of Macquarie Telecom and has been a director since 1992. He is the Managing Director of Macquarie Government & Hosting Group with a focus on business growth, cyber security and customer satisfaction. 

    Aidan has been responsible for the strategy and execution of the investment in Intellicentre 4 & 5 Bunkers, Macquarie Government’s own purpose-built Canberra data centre campus. This facility is leveraged to deliver Secure Cloud Services and Secure Internet Gateway.

    With a unique pan-government view on the cyber security landscape, we are invested in leading the contribution from the Australian industry on all matters Cyber policy related.

    Aidan holds a Bachelor of Commerce Degree.

    James Ng

    CISO, Insignia Financial

    James Ng, CISO, Insignia Financial

    James is a leader with a range of experience across various cyber security, technology risk and audit domains, bringing a global lens across a diverse background in financial services, telecommunications, entertainment, consulting and FMCG (Fast Moving Consumer Goods). He is currently the General Manager – Cyber Security at Insignia Financial and most recently was at AARNet (Australia’s Academic and Research Network) where he oversaw a managed Security Operations Centre (SOC) capability for Australian universities. Prior to this James was the acting Chief Information Security Officer for Belong and led the cyber governance and risk team at Telstra.

    Noel Allnutt

    CEO, Sekuro

    Noel Allnutt CEO | Sekuro

    Noel is a driven and award-winning IT leader. He has a passion for developing great teams and accelerating client innovation, and in enabling organisations to create a secure and sustainable competitive advantage in the digital economy. Noel also hosts the ‘Building Resilience Podcast,’ which explores the world of sport and deconstructs the tools and ethos of world-class athletes that can help create growth and optimise business and life.

    Audrey Jacquemart

    Bid Manager, Sekuro

    Audrey Jacquemart, Bid Manager, Sekuro

    Audrey is an innovative cybersecurity professional with a versatile profile spanning across Product Management, Presales and Delivery. She has worked within organisations from start-ups to large international organisations in Europe and APAC before joining Sekuro.

    Nicolas Brahim

    Principal Consultant, CRP and OT

    Nicolas Brahim, Principal Consultant, CRP and OT

    Nico leads Sekuro’s Cyber Resilience Program and OT Cybersecurity, ensuring continuous support and effective program execution for our clients. With over a decade in the security industry, including the creation and leadership of several Security Programs for IT and OT across Australia, New Zealand, Argentina, Chile and the US, his core philosophy emphasises an equal balance of people, process, and technology in delivering actionable and simple solutions.

    Trent Jerome

    Chief Financial Officer, Sekuro

    Trent Jerome

    Trent is a seasoned CFO with over 30 years’ experience in Finance. Trent has broad experiences across Capital raises, debt financing, M&A and business transformation. He is a CPA and member of AICD. Trent works with Boards around risk and risk mitigation plans and assists Boards in navigating the risk mitigation versus cost conversation.

    Ada Guan

    CEO and Board Director, Rich Data Co

    Ada Guan, CEO and Board Director, Rich Data Co

    Ada is the CEO and Co-founder of Rich Data Co (RDC). RDC AI Decisioning platform provides banks the ability to make high-quality business and commercial lending decisions efficiently and safely. With over 20 years of global experience in financial services, software, and retail industries, Ada is passionate about driving financial inclusion at a global scale.

    Before launching RDC in 2016, Ada led a Global Client Advisor team at Oracle Corporation, where she advised Board and C-level executives in some of the largest banks globally on digital disruption and fintech strategy. She also drove Oracle’s thought leadership in banking digital transformation for Global Key Accounts. Previously, Ada implemented a multi-million dollar program to deliver a mission-critical services layer for Westpac Bank in Australia and formulated the IT strategy that was the basis of an $800m investment program to transform Westpac’s Product and Operation division and complete the merger with St. George Bank. Ada is an INSEAD certified international director and holds an EMBA from the Australia Graduate School of Management, and a Master of Computer Engineering from the University of New South Wales, Australia. She also graduated from the Executive Insight Program at Michigan University Ross Business School and IESE Business School.

    Megan Motto

    Chief Executive Officer, Governance Institute of Australia

    Megan Motto, CEO, Governance Institute of Australia

    Megan Motto is Chief Executive Officer of Governance Institute of Australia, a national education provider, professional association and leading authority on governance and risk management. The Institute advocates on behalf of professionals from the listed, unlisted, public and not-for profit sectors.

    Megan has over 25 years of experience with large associations, as a former CEO of Consult Australia, as well as holding significant positions in Australia’s built environment sector and business chambers.

    She is currently a director of Standards Australia, a member of the ASIC Corporate Governance Consultative Panel and a councillor of the Australian Chamber of Commerce and Industry (ACCI) where she chairs the Data, Digital and Cyber Security Forum.

    Megan’s expertise spans governance, risk management, public policy and education. She holds a Bachelor of Arts/Bachelor of Education, a Masters of Communication Management and a Graduate Diploma of Corporate Governance and Risk Management. She is a Fellow of the Governance Institute of Australia, the Chartered Governance Institute and the Australian Institute of Company Directors and is also a member of Chief Executive Women. Megan is also an Honorary Life Trustee of the Committee for Economic Development of Australia (CEDA) and was a 2014 recipient of the AFR/Westpac 100 Women of Influence.

    Shamane Tan

    Chief Growth Officer, Sekuro

    Shamane Tan, Chief Growth Officer, Sekuro

    Sekuro’s Chief Growth Officer, Shamane Tan, is passionate about uniting minds and experiences, excelling in aligning C-Suite and Board members with cyber security imperatives. As the author of “Cyber Risk Leaders,” she unravels executive communication nuances and distils C-Suite expectations. 

    Her work extends to “Cyber Mayday and the Day After,” a roadmap for navigating crises by mining the wisdom of C-level executives from around the globe. It’s filled with interviews with managers and leaders who’ve braved the crucible and lived to tell the tale. Her most recent book, “Building a Cyber Resilience: A Cyber Handbook for Executives and Boards,” was featured on Forbes Australia’s top list of books for CEOs. 

    Shamane has also founded a transcontinental cyber risk and executive meetup spanning Sydney, Melbourne, Adelaide, Perth, Singapore, the Philippines, and Tokyo, fostering mentorship, women’s empowerment and thought leadership. As a strong advocate for the importance of having a voice and helping others use theirs, Shamane Tan has spoken at TEDx and global conferences, including FS-ISAC, RSA, Silicon Valley, Fortune 500 and ASX companies. 

    Recipient of the IFSEC Global Top 20 Cybersecurity Influencer award and named among the 40 under 40 Most Influential Asian-Australians, Shamane leverages her unique fusion of technical prowess and business acumen to help organisations progress on their security maturity journey.

    David Gee

    David Gee, CIO, CISO, NED, Board Advisor & Author

     

    David Gee, CIO, CISO, NED, Board Advisor & Author

    David has just retired in July 2024 and is building out his portfolio. He is an Advisor with Bain Advisory Network and also an Advisor to JS Careers (Cyber Recruitment) and Emertel (Software Commercialisation).

    He is a seasoned technology executive with significant experience and has over 25 years’ experience in CIO and CISO roles across different industries and countries. At Macquarie Group David served as Global Head Technology, Cyber and Data Risk. Previously was CISO for HSBC Asia Pacific. His career as a CIO spans across multiple industries and geographies including – Metlife, Eli Lilly and Credit Union Australia. He was winner CIO of the Year 2014, at CUA where he successfully completed a significant Transformation of Core Banking, Online and Mobile Banking systems.

    David is past Chairman for the FS-ISAC Strategy Committee and awarded Global Leaders Award in 2023 for his contributions to the cyber security industry. A regular conference keynote speaker and 150+ published articles for CIO Australia, Computerworld, iTnews and CSO (Cyber Security), David now writes for Foundry CIO.com and AICD.

    His most recent book – the Aspiring CIO & CISO was published in June 2024 and David is writing his second – A Day in the Life of a CISO with a number of CISOs from around the world for 2025.

    Naomi Simson

    Co-founder, Big Red Group and Former Shark Tank Judge

    Naomi Simson, Co-founder, Big Red Group

    INTRODUCTION

    For 25 years as an entrepreneur, Naomi Simson has been bringing people together whether it’s with her business experience, her speaking or writing. Passionate about small business and local community, Naomi is considered a home grown success story.

    Naomi had a corporate career with Apple, KPMG, IBM and Ansett Australia prior to becoming an entrepreneur. She is a prolific blogger, podcaster and business commentator, and appeared as the #RedShark in four seasons of Shark Tank Australia and she appears regularly on ABC The Drum. She is a non-executive director at Big Red Group, Australian Payments Plus, Colonial First State and Weebit Nano, as well as the Cerebral Palsy Research Foundation and the University of Melbourne Business and Economics Faculty.

    A true business leader and influencer, with more than 2.7 million LinkedIn followers, Naomi is Australia’s most followed person on the business networking platform. She has four seasons of her podcast ‘Handpicked’, and she has authored two best-selling books Live What You Love, and Ready to Soar, and is sought after speaker.

    FULL BIO

    For 25 years Naomi has been bringing people together whether it’s with her business experience, her speaking or writing. She is a strong advocate of business owners.

    Known as an entrepreneur and business leader; following the growth of RedBalloon which she founded in 2001, Naomi co-founded the Big Red Group (BRG) in 2017.

    Naomi had a corporate career with Apple, KPMG, IBM and Ansett Australia prior to becoming an entrepreneur. She is a prolific blogger, podcaster and business commentator, and appeared as the #RedShark in four seasons of Shark Tank Australia. She is a non-executive director at Big Red Group, Australian Payments Plus, Colonial First State and Weebit Nano. As well as the Cerebral Palsy Research Foundation and the University of Melbourne Business and Economics Faculty.

    A true business leader and influencer, with more than 2.7 million LinkedIn followers, Naomi is Australia’s most followed person on the business networking platform. She has authored two best-selling books Live What You Love, and Ready to Soar, and is an engaging, humorous and insightful speaker. She has four seasons of her Podcast – Handpicked.

    Naomi is relatable across a broad variety of audiences and topics, often drawing on her personal experiences to provide thoughtful and valuable views into topics; including the customer obsession, intentional leadership, growth mindset, personal development. She is a regular panellist on ABC The Drum.

    Peter Ngo

    Product Line Manager, Global Certifications, Palo Alto Networks

    Peter Ngo | Sekuro

    Peter leads the Commercial Cloud, Global Certifications organisation at Palo Alto Networks which oversees global cloud security compliance efforts to various frameworks and standards including IRAP, SOC 2, ISO, PCI, C5, ISMAP, and IRAP and more for 25+ cloud products.

    He has held many roles over the years covering areas of IT Operations, and Governance, Risk, & Compliance (GRC) for a wide range of industries including technology, insurance, and manufacturing.

    Peter holds various security and professional certifications, including the CCSP, CISSP, PCI ISA, CISA, CISM, CDPSE & ISO Lead Auditor, in addition to a Master of Science degree in Information Assurance. 

    Jack Cross

    CISO, QUT

    Jack Cross | Sekuro

    Jack Cross is an experienced business leader with expertise in digital technologies and risk management. Through a steadfast commitment to integrating people, processes, and technology, he champions the fight against cyber threats while mitigating organisational risks. 

    Over the past 15 years, Jack has navigated diverse leadership roles within the Defence and Education sectors, honing his skills in steering multidisciplinary teams through intricate and sensitive technical landscapes. In addition to this experience, he holds numerous formal qualifications such as: a Master of Systems Engineering (Electronic Warfare); CISSP; and CISM certifications.

    Nadene Serman

    Global CTO, Infotrack

    Nadene Serman | Sekuro

    Nadene Serman is a leading IT executive with a proven track record spearheading first-of-its-kind technology and business transformation for some of the most prominent organisations globally and in Australia. As the Global Chief Technology Officer of InfoTrack, she is a key protagonist of innovation as an enabler of InfoTrack’s next stage growth. Her energy, commercial acuity and strategic capability have fueled her success.

    Nadene leads with clarity, transparency and urgency, uniting people in complex, multi-layered technology and business execution, and go-to-market transformation and innovation. She tackles and resolves complex and seemingly intractable challenges while building support and collaboration – even in times of crisis. Her people-first, ‘think straight, talk straight’ approach makes her a formidable force.

    John Doe

    President Great Technology

    Cyber Resilience Program | Sekuro

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.