Insider Threat Program

by | Apr 24, 2023 | Uncategorized

Establish an Insider Threat Program

We establish insider threat programs for your organization. An Insider Threat Program is required by NISPOM and inspected by DCSA. We can help you both protect your sensitive information and meet compliance objectives. Our strategy includes:

  • Appoint Insider Threat Program Senior Official (ITPSO)
  • Interact and leverage NISPOM
  • Coordinate with Facility Security Officer (FSO) if not serving as ITPSO
  • Identify sensitive information by format and location
  • Set triggers to determine threat activity
  • Establish incident reporting
  • Establish incident response
  • Appoint Insider Threat Program Working Group (ITPWG)
  • Document ITPWG activities
  • Provide ITP briefings and training
  • Prepare for DCSA audit

Establishing an Insider Threat Program Under NISPOM

Let us assist you with your Insider Threat Program (ITP). Our methodology is appropriate for large and small cleared defense contractors and possessing and non-possessing facilities. As a matter of fact, we apply the same methodology for non-DoD, commericial and non-profit organizations. Our process was developed after we answere the most important quesitons:

  • If we have the NISPOM, why do we need an insider threat program?
  • If the NISPOM is so thorough, what would an additional insider threat program look like?

Most organizations attack the problem with either an employee tracking or online activity reporting goal which creates a lot of risk to the organization and could lead to:

  • Legal or ethical violations
  • Lack of trust
  • Lack of confidence

We are not saying not to report, after all, reporting and monitoring activity is a NISPOM requirement. They should be leveraged, but do not indicate that someone is actually going to steal or sabotage.

After asking the above questions, we recommend a different solution. Of course the employee reporting and activity tracking solutions are important and part of the solution, but they should not be the end goal.

This book recommends a different application that can easily be implemented to both resolve insider threat issues and demonstrate compliance.

Establishing an Insider Threat Program Under NISPOM is our program based on our book of the same name. This is primarily for cleared defense contractors to meet Insider Threat Program requirements under the cognizance of the U.S. Government (Defense Counterintelligence and Security Agency (DCSA)).

Our recommended approach and practices help reduce vulnerabilities without negatively impacting the work force. You will learn to be innovative in your approach as well as leverage industry best practices for a more effective ITP. These solutions incorporate a systems-based approach that meets the following criteria:

  • Document what needs to be protected
  • Establish countermeasures to limit access
  • Meet reporting requirements for unauthorized access
  • Train the workforce

We provide subject matter expertise, insider threaet program processes, tools and templates that you can use immediately to document your progress and demonstrate program during reviews.

Looking for more than just Insider Threat Program services?

Check out our books and training.

To the series.

Jeff’s Books are here.

To the training

NISPOM Training is here.