Business Need/Problem
Today there are more compliance regulations around adequately protecting critical cyber infrastructure against the increasingly sophisticated and complex landscape of security and privacy threats and vulnerabilities. Company networks have seen an increase in the scale and frequency of security attacks and threats in recent years. This is a similar experience in both public and private companies across the world. A 2016 global security report made available through the Multi-State Information Sharing and Analysis Center (MS-ISAC) reported that attackers were increasingly part of well-organized and funded underground groups, generating millions of dollars in the underground economy, “where tools specifically developed to facilitate fraud and theft are freely bought and sold.”
As companies pursue an ambitious plan to modernize the IT environment to meet the needs of customers you must also pursue an aggressive strategy to execute its mandate to protect the IT investments and safeguard information assets from cyber threats.
Proposed Solution to Mitigate Gaps:
The implementation of an Insider Threat Program would enable your company to establish a comprehensive, ongoing program to continually evaluate threats and vulnerabilities to company IT systems and critical cyber assets; to provide expert-level consultative support for mitigation strategies to validate that existing vulnerabilities and threats are sufficiently mitigated to protect the company from significant economic loss.
An Insider Threat Program provided proactive detection and analysis of threats and threat modeling, has several key benefits that would be leveraged across the IT infrastructure:
- Delivers early warnings about emerging threats
- Prioritization of risks by knowledgeable and experienced program staff
- Allows for the measurement and assessment of risks and existing countermeasures
- Allocates clear ownership of risks, vulnerabilities, and corrective action measures
- Provides actionable cyber intelligence specific to the company, thus providing the company with time to protect critical assets
- Allows for aggregation of new and emerging threats and vulnerabilities relevant to the company’s environment and assets
- Accurately assess threat severity levels using industry and/or vendor resource feeds
- Being able to provide management with the right information for effective risk management and decision making
- Provides identification of root causes
- Allows for allocation and mobilization of resources accordingly to provide most effective mitigation
- Save time and effort by performing the analysis using automated tailored solutions
Precise Cyber Solutions Insider Threat Program operations will consist of the following key program components:
- Monitor the IT and cyber threat and vulnerability landscape
- Includes identifying new/emerging threats; prioritizing threat remediation based on knowledge gathered from various sources; and alerting the company to imminent threats
- Includes monitoring vendor warnings, patches and advisories; providing agencies with notice and appropriate strategies for mitigating the specific threat based on the understanding and knowledge of the technology environment within the company
- Centralize reporting and oversight of security events detected within company IT environments, allowing for coordinated incident detection and response capabilities
- Coordination with the to-be-established federal Cybersecurity liaison
- Conduct on-going testing and assessments as well as targeted regular security assessments for the company when threats and vulnerabilities are present or detected.
- Conduct training for the company
- Includes general threat and vulnerability training for the company users as well as specific training to perform security assessments and mitigate agency-specific threats and risks
- Lead and monitor enterprise risk mitigation activities
- Includes working with the company agencies to respond to findings from the assessments and implement risk mitigating solutions. Risk mitigation strategies will focus on achieving compliance with, as applicable:
- Federal and other regulatory statutes and policies.
- Produce timely enterprise level and agency-specific reports
- Includes executive and technical level presentations, agency progress against assessment findings and statistical analysis at the aggregate level that monitor the security and privacy “health” of the company.
Why Establish An Insider Threat Program?
Establishment of an effective Insider Threat Program is consistent with the United States National Strategy to strengthen communication capabilities, enhance data sharing, alert and early-warning systems, reduce cyber terrorism threats, protect critical infrastructure, and decrease the possibility of catastrophic economic loss and damage caused from cyber incidents.
