Insider-Threat

Case Study

ETS were tasked with building a quality Insider Threat program in a forward looking four phase process that strongly mitigated the risk of existential harm from those with critical access.

PHASE I – Pre-Assessment Survey and Liaison 

  • Questionnaire sent to the client team to initiate the gap analysis process
  • Arranging on-site visit, interviews with key stakeholders/leaders, and initiating the gap analysis
  • Identify – What is critical? Where is it located? Who has/needs access?

Phase II – Vulnerability Assessment/Gap Analysis  

  • Client shares internal policies, procedures, and guidelines for 7 functional areas (HR, IT, Software Engineering, Data Owners, Legal, Physical Security, Trusted Partners)
  • ETS utilizes – Carnegie Mellon University Capabilities Maturity Model
  • ETS document review, on-site visit, stakeholder interviews (remote and on-site), high risk areas identified
  • Further Identifying – What is critical? Where is it located? Who has/needs access and where are the vulnerabilities.

PHASE III – Report

  • ETS provided Executive Summary, Process Reviews, Findings and Recommendations

PHASE IV – Implementation Planning for Identified High Risk Areas

  • Policy, process, documentation creation or improvement
  • Establish Governance model involving Human Resources, General Counsel, Ethics, Privacy, Communications, Chef Information Security Office, and Security
  • Suspected Loss/Egress Incident Response Plans (Recognize, Report, Respond)
  • Communications, training and awareness, initial roll-out, branding and messaging
  • Other areas as decided in concert with client leadership
  • High risk areas management guidance
  • ETS provided training and awareness, new employee orientation, refresher training