Available Now: A licensed, repeatable approach to insider threat program evaluation... based on a proven methodology from Carnegie Mellon
Annually organizations that have, or have access to significant intellectual property need to evaluate their Insider Threat program against an accepted standard. That standard is the Carnegie Mellon Software Engineering Institute's CERT Insider Threat Program Evaluation methodology. Soteritech is a licensed provider of these services, labelled our InsiderAssess® program.
We engage with our customers to perform a thorough evaluation of their insider threat programs. We inspect all facets of the program from policy, to procedure, to practice. We inspect organizational commitment, high-value asset identification, employee on-boarding agreements, training practices, incident response, information security, and a broad range of areas within the organization. Each evaluation area results in a score from 1 to 5 that represents the organization's effectiveness in that area. These scores then get "rolled up" into a single insider threat effectiveness ThreatScore report for the organization.
The result is a fair, independent assessment against industry best practices that is provided to each customer along with suggestions for remediation.