Skip Navigation

Insider Risk Assessments

We understand risk! (Most security practitioners don’t!!)

Read Why

Understanding your risk posture is an essential step in developing an insider threat program strategy. Our assessments explore the entire organization, including your assets, business environment, threats,
vulnerabilities, security governance, and legal issues. We merge technical, behavioral, process, and policy issues into a single, actionable framework designed to capture all of the Key Risk Factors (KRFs) bearing on the prevention, detection, and mitigation of insider threats.

Our proprietary one-of-a-kind insider risk assessment methodology combines the best practices of traditional assessment methods (NIST, ISO and COBIT) with real-world intelligence-grade risk assessment approaches. The purpose is to identify, understand, and prioritize risks with an emphasis on proportional and tailored solutions. Our assessment methodology is the only one developed by former Intelligence Community experts with experience in preventing, detecting, and managing today’s most complex and unique insider threats.

Our assessment is the only methodology that provides you with a clear and granular understanding of:

  • Insider risk security posture based on our proprietary Key Risk Factors
  • Critical assets based on our proprietary Key Impact Factors
  • Insider threats posed to your organization based on our proprietary Key Threat Factors
  • Vulnerabilities to your assets based on our proprietary Key Vulnerability Factors
  • Insider risks posed by third-parties and trusted business partners

Measurable

​Our proprietary review methodology and framework provides an objective measure of your current insider risk management capabilities across the ten insider threat program components.

Effective

Understanding your strengths and weaknesses will allow you to more effectively manage insider risks.

Value-Added

You will understand your 1) overall insider risk management operating capability level 2) your operating capability for each of the ten components 3) your strengths and areas of improvement for each of the ten components and 4) recommendations for improving each of the ten components. Our clients experience immediate return on investment as they are able to allocate resources in a more tailored and cost-effective manner and can answer the following questions:

  1. What is my organizations’ current insider risk management capability?
  2. Which components do I currently have and which do I need to develop?
  3. What is the maturity level of each?
  4. What is the level of effort required to achieve an Initial Operating Capability?
  5. What is the level of effort required to achieve a Full Operating Capability?
  6. What are the resource requirements to achieve IOC/FOC?
  7. Which components should I create first to maximize effectiveness and utilize resources most efficiently?

Baseline Assessments

A baseline review will provide you an objective programmatic and operational insight into your current insider risk management capabilities. The findings will allow you to fully understand your current strengths, any shortfalls, and areas for improvement. You will not only obtain an objective review of your current components, but also recommendations and strategies for building out additional components to augment your current operating capability. The results can serve as talking points with senior executives and provide a basis for subsequent business cases pursuing specific component improvements or buildouts.

Red Team Assessments

Our Red Team models how real-world insiders might compromise and exfiltrate sensitive corporate information. In addition to evaluating the compromise methods of insiders, we also test your insider threat incident response procedures. After a red teaming exercise, you’ll have a better understanding of your organization’s security posture as it relates to specific insider threat personas and events and you’ll know where to focus your future efforts for improvement.

Insider Risk Assessments

Understanding your risk posture is an essential step in developing an insider threat program strategy. Assessments should explore the entire organization, including your assets, business environment, threats, vulnerabilities, security governance, and legal issues. Assessments should strive to answer the following questions:

  • What is my organization’s current insider risk management capability?
  • Which components do I need to develop?
  • What is the maturity level of each?
  • What is the level of effort required to achieve an Initial Operating Capability?
  • What is the level of effort required to achieve a Full Operating Capability?
  • What are the resource requirements to achieve IOC/FOC?
  • Which components should I create first to maximize effectiveness and utilize resources most efficiently?