The focus on the "Insider Threat Problem" has
never been greater for the
U.S. Government, Department of
Defense (DoD), Intelligence Community (IC), Defense Industrial
Base Contractors (DIB), large and small businesses.
The importance of protecting the data, information systems and
networks that contain classified and sensitive information
(Intellectual Property, Trade Secrets, Personally Identifiable
Information (PII), Patient Health Care Information, etc.) has never
"Insider Threats Incidents" have been and can be very damaging
to U.S. National Security and businesses. The "Insider Threat"
is such a serious problem that the FBI and DHS issued an alert
in 2014 about the Insider Threat. Companies victimized by
current or former employees incur costs from $5,000 to $3
Who Is Responsible For Insider Threat Risk Management?
Many individuals might assume that the responsibility for protecting
data, information systems and networks from Cyber Threats and
Insider Threats, is the Information Technology (IT) Department.
However, Cyber Threats and Insider Threats should not be viewed as a
problem that can be solved with just security software and appliances;
User Activity Monitoring, IDS / IPS,
Firewalls, Web Filtering, Data Loss Prevention Tools, Etc.
Security controls that protect data, information systems and
networks, are not just technical, but management and operational
and cross many security disciplines and departments within an
The Insider has also become a big factor in many successful cyber
attacks and data breaches. Although technology introduces avenues
for threats to enter an organization, it is the Insider
(Malicious-Non Malicious), not the technology itself that puts
organizations' information in jeopardy.
For an organization to evaluate it security posture against the
Insider Threat, it must conduct an Insider Threat Risk Assessment
from an enterprise level.
An Insider Threat Risk Assessment will identify weaknesses,
vulnerabilities and threats in technical, management and operational
controls that may enable an Insider to perform malicious actions
against an organization. The results of the Insider Threat Risk
Assessment will be evaluated and risk mitigation strategies
developed to protect the organizations facilities, data, information
systems and networks from the Insider Threat.
Threat Risk Mitigation requires a holistic enterprise approach,
with support from senior management and other stakeholders
(Security, Counterintelligence, Human Resources, Information
Technology, Information Assurance, Legal, etc.) A weak link in
implementing the required security controls, procedures, or
communicating insider threat risks from an enterprise level can
be very costly and damaging to an organization.
Insider Threat Defense
Threat Risk Management Services
Insider Threat Defensehas extensive experience performing
Insider Threat Risk Management (Risk Assessment-Risk Mitigation
Solutions) for the U.S. Government, DoD, Intelligence Community,
Defense Industrial Base Contractors, large and small businesses.
Insider Threat Defense is excited to announce that a DoD Insider
Threat Program Checklist that was developed by our company in 2009,
was used, and still is by many DoD Commands, Services and Agencies to assess the
security posture of their organizations.
Insider Threat Defense can
provide your organization with a confidential,
independent and unbiased
assessment of your organizations current security posture,
identifying insider threat risks and recommending cost effective
Threat Defense goes beyond
security compliance regulations
to ensure your organizations assets are properly protected. We
go beyond security compliance, giving you a full picture of your
organizations weaknesses, vulnerabilities and threats. Our
holistic approach to assessing and mitigating the Insider Threat
uses a top to bottom approach. We assess the Insider Threat from
an enterprise level down all the way down to the Insider behind
Our Insider Threat Risk
Mitigation Auditors (ITRMA’s)
are Subject Matter Experts (SME's) in the areas of Insider
Threat Risk Mitigation. They are committed to helping you better secure
your organizations assets from malicious
Our ITRMA’s are Certified Information Systems Security
Professionals (CISSP), and hold other security relevant
Our ITRMA's support numerous U.S. Government Agency and private
sector Insider Threat Programs.
Protecting The Results Of Insider Threat Risk
Our ITRMA's will obtain
information during a security assessment that will not be shared
with other internal or external individuals or organizations.
ITRMA's will sign a
Non-Disclosure Agreement (NDA) protecting the organizations Insider Threat Risk Assessment Report
Our ITRMA's have an
obligation and commitment to protect the confidentiality of ITRAR
and related information.
National Insider Threat Policy - Insider Threat Risk Mitigation
General Responsibilities of Departments and Agencies 7)
Perform self-assessments of compliance with insider threat
policies and standards; the results of which shall be reported to
the Senior Information Sharing and Safeguarding Steering Committee
(hereinafter Steering Committee).
Enable independent assessments, in accordance with Section 2.1(d)
of Executive Order 13587, of compliance with established insider
threat policy and standards by providing information and access to
personnel of the Insider Threat Task Force (ITTF).
For more information or if you have any
additional questions, please contact us.