Defense has helped U.S. Government Agencies
(Department of Defense, Intelligence Community) and
a wide variety of private sector businesses,
develop, implement, manage and enhance Insider
Insider Threat Defense training and services go
beyond traditional compliance regulations; National
Insider Threat Policy, NISPOM Conforming Change 2,
Federal Information Security Management Act (FISMA),
National Institute of Standards & Technology (NIST),
Health Insurance Portability & Accountability Act (HIPAA),
Payment Card Industry Data Security Standard (PCI-DSS),
Gramm–Leach–Bliley Act (GLBA), Financial Industry
Regulatory Authority (FINRA), General Data
Protection Regulation, Etc.). These compliance
regulations are very weak in the area of Insider
Threat Detection and Mitigation. (Compliance Does
Not Equal A Robust Security Posture)
In some cases our clients contact us AFTER
an Insider Threat incident has happened, asking us
to help them develop an Insider Threat Program. We
first look into the facts of the incident, and if it
could have been prevented.
In most cases the organization was;
Weak In The Areas Of Security Governance, Polices,
Procedures, Business Processes
Just Checking The Box Of A Compliance Regulation
Not Thinking Outside The Box
Not Aware Of The Organizations Susceptibility
(Vulnerabilities & Weaknesses) To Insider Risks
A robust and effective Insider Threat Program must
be built on top of a solid foundation of security.
With over 10+
years of Real World Experience,
we have helped organizations develop, implement and
manage robust and effective Insider Threat
Program's, using a methodical approach and ability
to Think Outside The Box.
We are confident that we provide our clients with
the Gold Standard
for successful Insider Threat Mitigation.
Insider Threat Program
Management and Stakeholder Briefings
Insider Threat Program Development & Management Guidance
Threat Program Legal / Privacy Guidance (By Licensed Employment Law
Threat Program Maturity Assessments
Insider Threat Mitigation
Solutions & Services
Threat Detection / User Activity Monitoring / Behavioral
Analytic Tool Guidance and Solutions
Continuous Monitoring and Reporting Services (External Data
Monitoring (For Detecting Theft / Sale Of Sensitive Business Data)
Testing / Cyber Threat Awareness Training
Surveillance Counter-Measures Inspections (Covert Audio / Video
Our ITERM360 Assessment reviews over 13 different
critical areas encompassing People, Business
Processes and Technology. Our assessment will
identify vulnerabilities and weaknesses that could
enable Insider Risk.
assessment will be conducted by a team of Insider
Any information obtained during an assessment, will
not be shared with other ANY individuals, other then
the designated point of contact. All assessment team
members will sign a Non-Disclosure Agreement, and
are committed to protecting the confidentiality of
the assessment findings.
The assessment will provide your organization with a
confidential, independent and unbiased assessment of
your organizations current security posture,
identifying Insider Risks.
The assessment will go beyond security compliance
regulations to ensure you have a complete picture of
your organizations weaknesses and vulnerabilities.
The assessment will encompass documentation reviews,
interviews with key stakeholders and direct
observations of your work environment.
Our assessment process also
the role of a Malicious Insider, to assume
their point of view to achieve their objectives. We
execute the Insiders Playbook Of Malicious Tactics,
to find holes in an organizations security defenses,
before a Real Malicious Insider
The detailed assessment report will identify
weaknesses and vulnerabilities within the security
posture of your organization related to Insider
The assessment report will propose risk mitigation
strategies to reduce Insider Risks.
Words like qualitative, quantitative, metrics, risk
scores, compliance, compliance requirements,
security strategy, forecasting, analytics,
benchmarks, etc. mean nothing to a determined
Malicious Insider. These words also mean nothing
when a security professional is briefing the CEO on
how the Insider Threat incident happened.
Our ITERM360 Assessment has successfully helped our
clients identify and mitigate very serious
vulnerabilities and weaknesses, that if left
unchecked could have had serious consequences.
Our ITERM360 Assessments can be customized to suit
your organization security objectives.