ETS were tasked with building a quality Insider Threat program in a forward looking four phase process that strongly mitigated the risk of existential harm from those with critical access.

• Questionnaire sent to the client team to initiate the gap analysis process
• Arranging on-site visit, interviews with key stakeholders/leaders, and initiating the gap analysis
• Identify – What is critical? Where is it located? Who has/needs access?

• Client shares internal policies, procedures, and guidelines for 7 functional areas (HR, IT, Software Engineering, Data Owners, Legal, Physical Security, Trusted Partners)
• ETS utilizes – Carnegie Mellon University Capabilities Maturity Model
• ETS document review, on-site visit, stakeholder interviews (remote and on-site), high risk areas identified
• Further Identifying – What is critical? Where is it located? Who has/needs access and where are the vulnerabilities.

• ETS provided Executive Summary, Process Reviews, Findings and Recommendations

• Policy, process, documentation creation or improvement
• Establish Governance model involving Human Resources, General Counsel, Ethics, Privacy, Communications, Chef Information Security Office, and Security
• Suspected Loss/Egress Incident Response Plans (Recognize, Report, Respond)
• Communications, training and awareness, initial roll-out, branding and messaging
• Other areas as decided in concert with client leadership
• High risk areas management guidance
• ETS provided training and awareness, new employee orientation, refresher training