Insider Threat Program Development

Case Study: Global Management Consulting Firm

Our client was uncertain how to comply with Federal Insider Threat Program regulations and required assistance in understanding their specific threats and risks and developing a program consistent with regulatory requirements to mitigate the risk of insider threat.

Defense Security Services (DSS) released an update to NISPOM called Change 2. This new policy required all private companies that hold a facility security clearance and employ cleared contractors to establish an insider threat program within their organization.

Big Sky delivered value to our customer with the following steps:

1. Insider Threat Plan Development:

We assisted our client in drafting an Insider Threat plan that was both compliant with NISPOM regulations and tailored to their specific threats, risks, and priorities. Major plan elements included:

  • Insider Threat Working Group operating materials, including a charter, governance structure, meeting rhythms, information management practices, and adverse reporting procedures that covered all corporate structures subject to DSS review.
  • Procedures to access, gather, share, integrate, identify and report information on potential or actual threats.
  • Process mapping of key information requirements, information owners, data flows, data storage, analysis, and reporting.
  • Steps and timeline to implement the Insider Threat Plan.

2. Insider Threat Training Development:

Big Sky produced trainings tailored to specific groups of employees to align with the new security program and procedures, including:

  • Insider Threat Employee Awareness Training
  • Insider Threat Program Personnel Training

3. Compliance Assessment and Gap Analysis:

Our team helped our client understand the gaps between their current state operations and NISPOM Change 2 mandates, providing them with a compliance dashboard and a roadmap of prioritized steps to achieve full compliance, as well as "above and beyond" elements the client was prepared to incorporate to establish a robust program.

Our client was 100% compliant upon inspection. In one case, the DSS representative noted that our client's internal insider threat processes were more robust than the ones in place at DSS!

If you're interested in how our team of insider threat experts can get the same results for your company, contact us today.

How to Combat the Insider Threat Through Process Improvement - Download Your Free Guide Now