INSIDER THREAT SOLUTIONS
Sancorp’s in-depth knowledge of the threat from insider betrayal provides our team with invaluable insight into mitigation measures. Our team gains knowledge and methodologies from our strategic partner—Carnegie Mellon University’s Software Engineering Institute (SEI) CERT Partner Network. As SEI CERT Insider Threat partners, Sancorp leverages and utilizes over twenty years of research and development to provide a systematic approach to support an organization’s Insider Threat requirements. Our core competencies in Insider Threat defense include:
NISPOM 2 Insider Threat Program Development
We tailor our successful Insider Threat program template to assist organizations with the NISPOM 2 requirements. We also support a more mature Insider Threat program to implement repeatable and robust countermeasures to potential insider threats.
Certified SEI CERT Insider Threat Vulnerability Assessments
Sancorp Consulting, LLC partners with Carnegie Mellon University Software Engineering Institute (SEI) CERT Insider Threat program professionals to provide certified Insider Threat Vulnerability Assessments (ITVA) to support an organization’s security efforts. We tailor these assessments to evaluate an established Insider Threat program, identify critical assets, and provide identified recommendations for remediation to increase the maturity and success of an organization’s Insider Threat program.
Advanced Analytics Technical Controls
Our team provides customers with detailed recommendations on tested system analytics and visualization tools to support system event and information management requirements. These analytical technical controls provide an added layer of vigilance to support anomaly detection within an organization.
In conjunction with technical system analytics controls, Sancorp works with organizations to establish the required framework for policy, procedures, and employment of a cohesive continuous evaluation and monitoring program. Our team provides expert recommendations on separation of duties, legal, behavior, triage, and responses.
System Integrity/Penetration Testing
Working with our cyber activities strategic partners, Sancorp supports system integrity and testing of an organization’s internal technical controls to ensure monitoring mechanisms detect and identify anomalies within data systems and physical access to critical areas.
Incident Response Plans
Sancorp brings extensive experience in providing support to develop an Insider Threat response plan—integrating decision response matrix, identifying key personnel, and supporting training and evaluation of the program.
We focus on evaluating an organizations daily operations and business practices to identify vulnerabilities or gaps that will affect operational readiness and liability to an organization from internal and external factors. Implementing a systemic approach when an incident occurs minimizes subjective decisions and instead establishes a baseline Decision Matrix to help an organization link senior management, supervisors, and essential controls/personnel to react, providing an effective response to the incident. Sancorp specializes in:
Tailored organization Incident Response Plan
Evaluation and rehearsal of existing plans
Decision Matrix development and scenario training
Team/Red Cell testing/integration
Training and Awareness
Our team assists organizations in training from C level staff on their roles and responsibilities to the critical employees supporting daily operations and critical functions.
Sancorp coordinates and partners with identified behavioral specialists to assess and support a tailored behavior and operational risk management program for an organization. These tailored solutions include identifying high impact stress situations and remediation plans, critical decision making, coaching, positive environment measures, and support to employee transition plans.
Physical Security Measures and Assessments
Sancorp provides robust technical and procedural physical security consultation to support an organization’s Insider Threat Plan and security posture.
Sancorp’s unique and innovative approach resulted in the HQ USMC selection of Sancorp to head their Insider Threat Program and Analysis Center in 2018.
IDENTITY / DATA ACTIVITIES
Sancorp provides subject matter expertise and technical experts to support biometrics access control, media device forensics/exploitation, identity/data intelligence, and identity management requirements.
Organizations require the positive physiological identification of personnel for verification in a global environment where increased identity theft, counterfeit activities, and corporate espionage continues to rise. Our subject matter experts support biometrics requirements ranging from biometrics analytical support to strategic level consultation on biometrics system design and interoperability. The use of biometrics encompasses two primary activities:
Biometrics authentication for identification and access control. This process includes a one-to-one (1:1) comparison e.g. one known/unknown biometric against compared with one candidate biometric and providing a match/no match response.
Biometrics searching, this process includes a one-to-many (1:N) comparison and includes the searching of one or more biometric modalities (e.g. face, fingerprint, voice) against a database of biometrics (known as an automated biometric identity system or ABIS) in search of a match within the database.
Examples of Sancorp identity activity support includes:
Physical Access Verification
Commercial application of biometrics for one-to-one verification
Logical control and verification
Enterprise level architecture design
Staff proficient in forensic tools such as EnCase, Internet Evidence Finder, XRY, etc.
Computer media (hard drives, removable media, etc.) in search of identity data
Identification, extraction and reporting of digital communications
Searching a biometric against ABIS systems (1:N) to discover matches to known/unknown individuals
1:1 match reports (these reports compare physiological features between the searched biometric and the possible match)
Identification of Digital Signatures and Patterns
Utilizing a structured methodology to associate biometrics with biographic and behavioral activities to link together identity characteristics
Relational/Link Analysis expertise to visualize big data and networks
Social Media identity resolution
All Source integration with identity and biometric signatures to create robust personas
Sancorp’s enhanced understanding of identity activities and biometrics resulted in multiple awards (Prime and Sub) supporting Identity Activities for the USMC and the National Ground Intelligence center.
Sancorp staff bring significant military and federal experience in CI investigations, analysis, collections, operations, and awareness regarding foreign intelligence threats, the risks they pose, and the defensive measures necessary to safeguard classified and sensitive information. In addition, our staff bring decades of military and federal expertise in critical technology protection, developing CI Support Plans to mitigate the threat to personnel, technology, and resources through the development of structured protection processes created through collaboration with various stakeholder engagements. These CI Plans address threats to the supply chain along with research, development and acquisition to identify, resolve and/or mitigate threat.
Specific areas of Sancorp professional expertise include:
Defensive CI Briefings and Debriefings
Foreign Visits and Assignments
CI Cyber Defensive Measures
CI Training and Awareness
CI Support to Critical Programs
Supply Chain Risk Management
Research, Development and Acquisition Analysis
Liaison with federal counterparts such as the FBI, CIA, DHS, etc., to ensure full coverage of CI threats
Sancorp’s expertise in CI and Security resulted in an award from the USD(I) to provide impactful, objective, data-driven evaluations and studies regarding the DoD CI enterprise and the Defense Security Enterprise (DSE).
Our experts provide the most up-to-date cyber support to our customers in the ever-evolving world of digital communications. Support includes forensically sound digital media investigations to support our client’s requirements to identify, preserve, and conduct data analysis of computers, media, and mobile device platforms. Our teams support system integrity and testing of an organization’s internal technical controls to ensure the integrity of monitoring mechanisms to detect and identify anomalies within data systems and physical access to critical areas.
Hard Drives, SD Cards, Flash Drives, Cell Phones, GPS, etc.
Cyber Policy Development
Concept of Operations Integration
Tactical/Training Scenario Development
Cyber Anomaly Identification
System Integrity/Penetration Testing
Cyber & Network Security
Technology (hardware/software) recommendations and training
Sancorp supports Headquarters USMC, Plans, Policies and Operations with our Exploitation SME providing expertise regarding requirements from strategy to policy development support in support of the Expeditionary Forensics Exploitation Capability.