What is an “insider risk program?” Many practitioners claim that they will “build you a ‘program’,” but most fail to understand what this means. This lack of understanding is largely the cause of the continuing and costly insider breaches that impact businesses everywhere. At ITMG, we believe an insider risk program consists of and requires synergy between an ecosystem of multiple interrelated functional components. Each of these components must be optimized to properly identify and manage critical asset impacts, vulnerabilities, and threats. Whether you’re seeking to build a complete program, build an initial operating capability, or enhance existing components, we can help you every step of the way.
Effective risk management requires obtaining the necessary visibility of asset impacts, asset vulnerabilities, and user behaviors, and most importantly – user interactions with assets. This requires the use and leveraging of various toolsets including both network and endpoint monitoring solutions. Our team of technical experts have decades of hands-on experience implementing DLP, UAM, SIEM, and UEBA solutions. We can assist with tool selection, implementation, integration, and policy tuning and development.
You are undoubtedly aware of the harm that insiders can cause your business. In fact, they cause 90% of all security incidents. Unfortunately, today’s piecemeal and ad hoc approach is simply not working. You need a holistic Insider Risk Management Program to effectively manage these threats and reduce the risk to your corporate assets. To that end, we will help you accomplish the four primary objectives – Know Your People, Know Your Assets, Obtain Visibility, and Respond to Actions.
Legal and Privacy
Implementing an insider risk program raises myriad privacy, regulatory compliance, operational liabilities, criminal and civil enforcement, and employment considerations. Each can have disastrous economic impacts on your business if not properly managed. As an experienced legal and operational practitioner in the area of compliance, employment, security, and criminal law, Mr. Thompson is uniquely positioned to advise your insider risk stakeholders on the parameters and best practices of implementing an insider risk program.