We work with executive management to gain program buy-in.  We evaluate the client's current state of policies related to insider threat management, and develop a plan to achieve an effective insider threat management state.  We create and deliver the program plan for change management and execution.  The engagement includes an audit/assessment, plan development, change management support, and implementation oversight.  Our job is to get the organization Culture of Security certified, and also help achieve NISPOM Change 2 compliance if needed.

culture_of_security7culture.jpg

Getting Soteritech Culture of Security certified involves insider threat program development and training across the organization.

  • Contracting:  We execute a non-disclosure agreement, establish a master services agreement and agree upon a statement of work to be completed.

Deliverables:  NDA, MSA, SOW

  • Assessment/Audit:  We engage our audit partner Cotton & Company to evaluate the current state of the organization's insider threat protections, policies and approach.  We assess/audit how successfully insider threat detection and determent systems have been implemented including evaluation of people, process, technology, and governance against industry and regulations.

Deliverables:  Current state audit report

  • Gap:  We work with the client to gain buy-in for a determined end state across the many risk areas involving insider threats.  These will include areas such as policy, governance, monitoring, tools, risk indicators and communication/reporting, as well as establishing an insider threat working group (or HUB).

Deliverables:  Future state and gap report

  • POAM:  We develop a plan of action and milestones covering each of the gap areas, including a project timeline and change management plan.  
Deliverables:  POAM, project plan, change management plan
"We understand implementing an insider threat program within your organization can be a sensitive issue.  We work with you and develop a change management plan to introduce these changes effectively in order to achieve a high rate of adoption."
  • Delivery:  We help you execute the plan and deliver insider threat training for Working Groups and Employees, as well as Dangerous Insider Threat Training for management and employees. 
Deliverables:  Executed future state, improved culture of security
  • Certification: Upon completion of the program objectives, the organization will be granted a Culture of Security certification from Soteritech, LLC. 
--> Contact Us for More Details
<-- Back to more of What We Do