We work with executive management to gain program buy-in. We evaluate the client's current state of policies related to insider threat management, and develop a plan to achieve an effective insider threat management state. We create and deliver the program plan for change management and execution. The engagement includes an audit/assessment, plan development, change management support, and implementation oversight. Our job is to get the organization Culture of Security certified, and also help achieve NISPOM Change 2 compliance if needed.
Getting Soteritech Culture of Security certified involves insider threat program development and training across the organization.
- Contracting: We execute a non-disclosure agreement, establish a master services agreement and agree upon a statement of work to be completed.
Deliverables: NDA, MSA, SOW
- Assessment/Audit: We engage our audit partner Cotton & Company to evaluate the current state of the organization's insider threat protections, policies and approach. We assess/audit how successfully insider threat detection and determent systems have been implemented including evaluation of people, process, technology, and governance against industry and regulations.
Deliverables: Current state audit report
- Gap: We work with the client to gain buy-in for a determined end state across the many risk areas involving insider threats. These will include areas such as policy, governance, monitoring, tools, risk indicators and communication/reporting, as well as establishing an insider threat working group (or HUB).
Deliverables: Future state and gap report
- POAM: We develop a plan of action and milestones covering each of the gap areas, including a project timeline and change management plan.
Deliverables: POAM, project plan, change management plan
"We understand implementing an insider threat program within your organization can be a sensitive issue. We work with you and develop a change management plan to introduce these changes effectively in order to achieve a high rate of adoption."
- Delivery: We help you execute the plan and deliver insider threat training for Working Groups and Employees, as well as Dangerous Insider Threat Training for management and employees.
Deliverables: Executed future state, improved culture of security
- Certification: Upon completion of the program objectives, the organization will be granted a Culture of Security certification from Soteritech, LLC.