Consultancy
Protecting Your People and Your Assets
Why start an insider risk programme? There are several answers:
- It’s an insurance policy against your strategy, protecting innovations, intellectual property and trade secrets that generate future revenues.
- It’s an employee well-being initiative, fulfilling an organisation’s duty of care responsibilities.
- It’s a unifying and sharing catalyst, aligning diverse functions with purpose.
It’s also a complex undertaking. Our expertise is in helping organisations cut through this complexity by designing, implementing and improving insider risk programmes appropriate to their situation. We can assess the maturity of insider risk countermeasures, knit together existing investigative processes into a unified model, think strategically about roadmap priorities or suggest detailed metrics to demonstrate programme value – our focus is determined by your needs.
Organisations just starting their insider risk journey will need to progress through the three phases outlined below. Signpost Six offers tailored solutions for each phase, helping you adapt to changing threat environments and mature your programme to the next level.
Assess
Insider risk analysis & assessment
To understand where you need to go, you must first understand where you are. Many companies already assess elements of insider risk individually but rarely evaluate how these countermeasures combine into a holistic approach. That is our speciality. We analyse threats, organisational context and current countermeasure maturity to identify countermeasure gaps that expose the organisation to unnecessary risk.
Phase IDesign
Insider risk strategy and prioritised road map
The gap analysis conducted in Phase I informs the design of an insider risk programme. Working together with you to understand your culture and stakeholder sensitivities, we help shape the initial programme strategy and roadmap. The strategy is further shaped during the stakeholder validation process and recommended pilot.
Implement
General programme implementation and learning
The hard work of implementation requires quick wins and sustained momentum. In this phase we can take on the role of interim programme manager, setting up the programme and handing it over to your insider risk team once it is functional and trained. Our insider risk starter kit contains all the documents a programme manager needs to stand up a programme quickly - governance charters, policies, tailored metrics, run books, among other helpful documents. We also have numerous training options to get that first (and last!) stakeholder on board.
Phase IIIOngoing Support
- Programme assessment/evaluation
- Insider risk manager and investigator coaching
- Case management
- Integrated communication and training plan
- UEBA and DLP target operating models
Want to know more?
