Insider threat program

Addressing cybersecurity threats from trusted insiders

Most security-minded professionals think of a cybersecurity threat as originating outside the organization. But one of the most potentially damaging threats comes from trusted insiders, whether intentionally or unintentionally.

Employees, contractors and partners have authorized access to many valued information assets. An active insider threat risk management program should be an integral part of security for every organization.

CGI offers strategic advisory and implementation services to help government and commercial clients address cybersecurity threats that come from trusted insiders. Our services are designed to help these organizations:

  • Focus on cultural and behavioral change to view seemingly normal, everyday actions of employees through an insider threat “lens”
  • Ensure collaboration and information sharing across human resources, information technology, cybersecurity, industrial security, legal and communications
  • Analyze and correlate disparate data sources to uncover potential risks and threats, thereby becoming more proactive at mitigating insider risks
  • Establish standard procedures to comply with insider threat program requirements such as those expected in the next National Industrial Security Program Operating Manual (NISPOM) release

Our advisory services include: defining a taxonomy for insider threats reflecting our client organization’s culture and operations; mapping their risk profile; and creating a playbook for response and mitigation. We use sophisticated methodologies and create a governance model for ongoing program management. These services also help clients use existing technology investments to increase visibility while identifying blind spots for potential investments. 

Our program implementation services include Insider Threat Program Office setup and ongoing monitoring services (provided remotely or at client sites).

As part of this program, CGI has been accepted as a Partner by the Carnegie Mellon University Software Engineering Institute (SEI). As an SEI Partner, CGI is licensed to provide official SEI services in Insider Threat Vulnerability assessments.