INSIDER THREAT SOLUTIONS

NISPOM 2 Insider Threat Program Development

 National Industrial Security Program Operating Manual—NISPOM Change 2 requires contractors to establish and maintain an insider threat program to detect, deter and mitigate insider threats.  Specifically, the program must gather, integrate, and report relevant and credible information covered by any of the 13 personnel security adjudicative guidelines that is indicative of a potential or actual insider threat to deter cleared employees from becoming insider threats; detect insiders who pose a risk to classified information; and mitigate the risk of an insider threat.  Contractors must have a written program plan in place to begin implementing insider threat requirements of Change no later than November 30, 2016.   

Sancorp Consulting, LLC can tailor an Insider Threat program template ready to assist your organization with the NISPOM 2 requirements but also support a more mature Insider Threat program that can be implemented, repeatable, and robust.

 

Certified SEI CERT Insider Threat Vulnerability Assessments 

Sancorp Consulting, LLC has partnered with Carnegie Mellon University Software Engineering Institute (SEI) CERT Insider Threat program to provide certified Insider Threat Vulnerability Assessments (ITVA) for your organization.  These assessments are tailored to evaluate your organization’s Insider Threat program, identify critical assets, and provide identified recommendations for remediation and increasing the maturity and success of your organizations Insider Threat program.

Advanced Analytics Technical Controls

 Sancorp Consulting, LLC can provide you with recommendations on tested system analytics and visualization tools to support system event and information management requirements.  These analytical technical controls provide an added layer of vigilance to support anomaly detection within your organization.

 

Continuous Evaluation/Monitoring

 In conjunction with technical system analytics controls, Sancorp Consulting, LLC can work with your organization to establish the required framework for policy, procedures, and employment of a cohesive continuous evaluation and monitoring program with separation of duties, legal, behavior, triage, and response recommendations.

 

System Integrity/Penetration Testing

 Working with our cyber operations strategic partners, Sancorp Consulting, LLC can support system integrity and testing of your organization’s internal technical controls to insure the monitoring mechanisms are detecting and identifying anomalies within your data systems and physical access to your critical areas.

 

Incident Response Plans

 Developing a robust Insider Threat program requires technical and nontechnical controls, policy development, and implementation.  A critical aspect of an Insider Threat program is the systematic approach to responding to an incident. Training and rehearsing the incident response plan with developed vignettes and scenarios highlights the efficiency and areas for improvement within an organization’s Insider Threat program. Sancorp Consulting, LLC can provide support in developing an Insider Threat response plan—integrating decision response matrix, identifying key personnel, and supporting training and evaluation of the program.

 Sancorp Consulting, LLC focuses on evaluating an organizations daily operations and business practices to identify vulnerabilities or gaps that will affect operational readiness and liability to an organization from internal and external factors. If an incident occurs within your organization are you able to respond with a systemic approach—minimizing subjective decisions and instead establishing a baseline Decision Matrix that helps an organization link senior management, supervisors, and essential controls/personnel to react and provide an effective response to an incident.

•        Tailored organization Incident Response Plan

•        Evaluation and rehearsal of existing plans

•        Decision Matrix development and scenario training

•        Red team/Red Cell integration

 

 Training and Awareness

 An organization’s Insider Threat program is dependent upon its employees and leadership to help maintain vigilance, detect, and deter potential threats.  Sancorp Consulting, LLC assist organizations in training from C level staff on their roles and responsibilities to the critical employees supporting daily operations and critical functions.

 

Behavioral observations  

 Sancorp Consulting, LLC works in coordination with identified behavioral specialist to assess and support a tailored behavior and operational risk management program for an organization.  These tailored solutions include identifying high impact stress situations and remediation plans, critical decision making, coaching, positive environment measures, and support to employee transition plans.

 

Physical Security Measures and Assessments

 Providing a layered approach to an organization’s Insider Threat program includes those controls and measures necessary to minimize unauthorized physical access and detect anomalies to authorized, critical areas.  Sancorp Consulting, LLC provides robust technical and procedural physical security consultation to support an organization’s Insider Threat Plan and security posture.  

 

IDENTITY ACTIVITIES SOLUTIONS

 

BIOMETRICS:

Positive physiological identification of personnel is essential for verification in a global environment where increased identity theft, counterfeit activities, and corporate espionage are on the rise.  Our subject matter experts support biometrics requirements ranging from biometrics analytical support to strategic level consultation on biometrics system design and interoperability.  Examples of support range from commercial application of biometrics for one-to-one verification to enterprise level architecture design to support major operations and verification of personnel.

-PHYSICAL ACCESS VERIFICATION

-LOGICAL CONTROL AND VERIFICATION

-ACCOUNTABILITY

-TRANSACTION CERTIFICATIONS

 

 

EXPLOITATION/FORENSICS:

Our experts provide the most up-to-date forensically sound digital investigations available to support our client’s requirements to identify, preserve, and conduct data analysis of computers, media, and mobile device platforms.  Additionally, SANCORP CONSULTING LLC, supports enterprise level development of forensics programs including policy development, concept of operations integration, and tactical/training scenario development. 

-CELL PHONE

-COMPUTER

-DATA MANAGEMENT/IP

-CODE

-COMMUNICATIONS

 

 

IDENTITY/DATA INTELLIGENCE:

 Sancorp Consulting LLC provides subject matter expertise and technical experts to support your identity intelligence and data management requirements.  Integrating various identity modalities allows you to develop a comprehensive capability that integrates physiological identifiers, activities, and locations.  Expert analyst provide actionable identity products to support a variety of requirements.

 

-ACCESS VERIFICATION AND ACTIVITIES

-DIGITIAL SIGNATURES AND PATTERNS

-ACCESS CONTROLS/RESTRICTIONS