A series of papers on the CERT site is well worth a look. As well as discussing the insider threat, the page has information on two risk analysis methods: OCTAVE and one I'd not heard of before: Mission Assurance Analysis Protocol (MAAP).
More information security management links
Welcome to NBlog, the NoticeBored blog
