The Insider Threat Defense Group has helped U.S. Government Agencies (Department of Defense, Intelligence Community) and a wide variety of private sector businesses, develop, implement, manage and enhance Insider Threat Programs.
Our training and services go beyond traditional compliance regulations: National Insider Threat Policy, NISPOM Conforming Change 2, Federal Information Security Management Act (FISMA), National Institute of Standards & Technology (NIST), Health Insurance Portability & Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), Gramm–Leach–Bliley Act (GLBA), Financial Industry Regulatory Authority (FINRA), General Data Protection Regulation, Etc.). These compliance regulations are very weak in the area of Insider Threat Detection and Mitigation. (Compliance Does Not Equal A Robust Security Posture)
In some cases, our clients contact us AFTER an Insider Threat incident has happened, asking us to help them develop an Insider Threat Program. We first look into the facts of the incident, and if it could have been prevented.
In most cases the organization was:
- Weak in the areas of security governance, polices, procedures, business processes
- Just checking the box of a compliance regulation
- Not thinking outside the box
- Not aware of the organization’s susceptibility (vulnerabilities and weaknesses) to insider risks
A robust and effective Insider Threat Program must be built on top of a solid foundation of security.
With over 10+ years of Real World Experience, we have helped organizations develop, implement and manage robust and effective Insider Threat Programs, using a methodical approach and ability to Think Outside The Box. We are confident that we provide our clients with the Gold Standard for successful Insider Threat Mitigation.
Insider Threat Program Consulting Services
- Executive Management and Stakeholder Briefings
- Insider Threat Program Development & Management Guidance (On-Site, Offsite)
- Insider Threat Program Legal / Privacy Guidance (by Licensed Employment Law Attorney)
- Insider Threat Vulnerability / Insider Threat Program Maturity Assessments
- Customized Services
Insider Threat Mitigation Solutions & Services
- Data Exfiltration Assessment (Executing The Malicious Insiders Playbook Of Tactics)
- Insider Threat Detection Tool Guidance / Pre-Purchasing Evaluation Assistance and Solutions
- Employee Continuous Monitoring and Reporting Services (External Data Sources)
- Dark Web Monitoring (For Detecting Theft / Sale Of Sensitive Business Data)
- E-Mail Phishing Testing / Cyber Threat Awareness Training
- Technical Surveillance Counter-Measures Inspections (Covert Audio / Video Device Detection)
Insider Risk Assessment Services
Our Insider Threat Enterprise Risk Management 360 (ITERM360™) methodology is proven, unique, holistic, comprehensive, repeatable and effective.
Our ITERM360 Assessment reviews over 13 different critical areas encompassing People, Business Processes and Technology. Our assessment will identify vulnerabilities and weaknesses that could enable Insider Risk.
The assessment will be conducted by a team of Insider Risk Experts.
Any information obtained during an assessment, will not be shared with other ANY individuals, other then the designated point of contact. All assessment team members will sign a Non-Disclosure Agreement, and are committed to protecting the confidentiality of the assessment findings.
The assessment will provide your organization with a confidential, independent and unbiased assessment of your organizations current security posture, identifying Insider Risks.
The assessment will go beyond security compliance regulations to ensure you have a complete picture of your organizations weaknesses and vulnerabilities.
The assessment will encompass documentation reviews, interviews with key stakeholders and direct observations of your work environment.
Our assessment process also Mimics the role of a Malicious Insider, to assume their point of view to achieve their objectives. We execute the Insiders Playbook Of Malicious Tactics, to find holes in an organizations security defenses, before a Real Malicious Insider does.
The detailed assessment report will identify weaknesses and vulnerabilities within the security posture of your organization related to Insider Risks.
The assessment report will propose risk mitigation strategies to reduce Insider Risks.
Words like qualitative, quantitative, metrics, risk scores, compliance, compliance requirements, security strategy, forecasting, analytics, benchmarks, etc. mean nothing to a determined Malicious Insider. These words also mean nothing when a security professional is briefing the CEO on how the Insider Threat incident happened.
Our ITERM360 Assessment has successfully helped our clients identify and mitigate very serious vulnerabilities and weaknesses, that if left unchecked could have had serious consequences.
Our ITERM360 Assessments can be customized to suit your organization security objectives.
Please contact our team of Insider Threat Mitigation Experts who are available to answer any questions you may have about our consulting services.