INSIDER THREAT RISK ASSESSMENTS-RISK MITIGATION SERVICES

HOME

ABOUT US

COUNTERESPIONAGE TRAINING COURSE

INSIDER THREAT

RISK ASSESSMENTS

INSIDER THREAT

RISK MITIGATION

TECHNOLOGIES

REFERENCE SECTION

CONTACT US

INSIDER THREAT RISK ASSESSMENTS / RISK MITIGATION SERVICES

* U.S. Federal Government

* Department of Defense

* DNI / Intelligence Community

* Defense Industrial Base

IMPORTANT ANNOUNCEMENT!!!

Per OMB Memos and a White House Press Release related to WikLeaks, it is very clear that the U.S. Federal Government (USFG), Department of Defense (DoD) and Intelligence Community (IC) are focusing much more attention on the protection of classified information. To support the OMB Memos and White House Press Release, CEUS is offering Insider Threat Risk Assessments / Risk Mitigation Services.

White House Press Release
U.S. Government Mitigation Efforts in Light of the Recent Unlawful Disclosure of Classified Information
Summary: As part of an integrated federal government approach to respond to the unlawful and irresponsible disclosure of classified information by WikiLeaks, the National Security Staff has been coordinating an interagency effort to examine the policies and practices surrounding the handling of classified information, and to put in place safeguards to prevent such a compromise from happening again.

OMB Memo M-11-06:
WikiLeaks - Mishandling of Classified Information
Summary: On November 28, 2010, the OMB directed departments and agencies that handle classified national security information to establish security assessment teams consisting of Counterintelligence (CI), Security, and Information Assurance (IA) experts to review the agency’s implementation of procedures for safeguarding classified information against improper disclosures.

OMB Memo M-11-08:
Initial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems
Summary: In furtherance of the OMB M-11-06 directive, please find attached a list of existing requirements and questions your department or agency assessment team should utilize, as an initial step, to assess the current state of your information systems security. As such, you also have a significant role regarding compliance by your department or agency with the subject of this memorandum.

Protecting U.S. National Security

The importance of protecting USFG, DoD and IC information systems, classified and sensitive information has never been greater. This protection starts with complying with existing non-waiverable USFG, DoD and IC security directives, instructions, policies, procedures, best practices and establishing an Insider Threat Risk Management Framework (ITRMF). Non-compliance and failure to implement an ITRMF with the proper security policies, procedures and controls, gives the Malicious Insider a greater change of success in causing serious damage to organizations reputation and U.S. National Security.

On a periodic basis the security posture of an organization should be re-evaluated. Discrepancies or new vulnerabilities discovered, should be documented and mitigation strategies established to prevent damage from Insider Threats.

CEUS Insider Threat Risk Management Services (ITRMS)
CEUS assists USFG, DoD and IC agencies in evaluating the security postures of their organizations. No other company can offer the expertise CEUS can. In the aftermath of the WikiLeaks incident, our CE-ITDP Training Course Instructor has been providing recommendations to USFG, DoD and IC agencies with advise on corrective actions, mitigation measures, and policy recommendations needed to combat the Insider Threat problem. CEUS ITRMS Auditors are Certified Information Systems Security Professionals (CISSP) and/or hold other security relevant certifications.

CEUS ITRMS Auditors will work closely with the individuals responsible for Insider Threat Risk Management within an organization (Counterintelligence, Security, Information Assurance). We can help USFG, DoD and IC agencies evaluate their security postures against the security directives, instructions, policies, procedures and best practices established by:

Presidential Executive Orders

Office of Management Budget (OMB)

Federal Information Processing Standards (FIPS)

Federal Information Security Management Act (FISMA)

National Institute of Standards and Technology (NIST)

Committee On National Security Systems (CNSS)

Department of Defense (DoD)

Director of National Intelligence (DNI)

Specific Agency Governing Documents

CEUS Insider Threat Risk Management Services Will:

Provide a confidential, independent and unbiased assessment of an organizations current security posture and risks.

Provide a proactive approach to security compliance and risk management, that anticipates, uncovers and resolves potential security vulnerabilities, threats and risks, before they arise.

Identify security risks resulting from missing or inadequate required security controls, and determining the extent to which the security controls are implemented / not-implemented, implemented incorrectly, operating as intended, and producing the desired outcome.

Recommend low cost corrective actions to improve the organizations security posture and implement a more robust Defense-In-Depth Risk Mitigation Strategies.

Prioritize security control implementation recommendations.

Serve to establish a formalized Security Assessment Process with a baseline of repeatable Security Assessment Procedures, thereby reducing future auditing costs.

Ensure that an organizations Insider Threat Risk Management Framework, that

encompasses People, Polices, Processes and Tools, is working seamlessly together,

thereby achieving security compliance and mitigating risks to the organization.

Provide low cost solutions for security compliance and risk management that are based on the knowledge and experience gained from the development, implementation and management of Insider Threat Defense Programs and Information Systems Security Programs for USFG, DoD and IC agencies.

Provide solutions that will deliver a more security compliant and low risk environment, thereby improving an organizations security posture in protecting the Confidentiality,

Integrity and Availability of an organizations networking infrastructure and its classified information.

Protecting Customer Data
CEUS ITRMS Auditors will obtain information during a security assessment that will not be shared with others. CEUS ITRMS Auditors will sign a Non-Disclosure Agreement (NDA) protecting the organizations Security Assessment Report. As a Security Compliance and Auditing provider, CEUS has an obligation to protect the confidentiality of all Security Assessment Reports and related information. CEUS recommends limiting access within an organization to the individuals that need to know the results of the Security Assessment Report. An agency specified point of contact(s) will be the only individual(s) that CEUS ITRMS Auditor(s) will discuss the result of a Security Assessment Report with.

Thinking your organization has mitigated security risks, is different then knowing you have. CUES can provide an organization with a confidential, independent and unbiased assessment of the organizations current security posture, identifying risks and recommending mitigation strategies. Just being in security compliance does not mean your organizations assets are properly protected. Protecting classified information is crucial. Failure is not an option.

Please contact us for more information about CEUS Insider Threat Risk Management Services.

insider threat, enterprise risk management, risk management framework, nist risk management framework, insider threat mitigation strategies, risk management services, insider threat risk assessments, omb 11-06, omb 11-08