Insider Threat Program Appraisal & Design

Energy Utility Case Study

Utility Builds Capabilities to Outpace Cyber Threats from the Inside Out

Revolutionary Security performed a comprehensive baseline of insider threat mitigation capabilities for a major Energy/Utility company. The appraisal included an evaluation of insider threat program components, technology capabilities, and an insider threat vulnerability assessment leveraging best practices from US-CERT.

Here are the project highlights:

 

Challenge

Solution

Results

No formal program.

Enabled monthly meetings amongst key stakeholders and partnered with corporate security to present. 

A champion organization, corporate security, was selected to present the program design to senior leadership.

Underutilized investment. UEBA vendor was only focused on DLP.

Expanded use case set to include both technical and behavioral indicators.

Specific use cases and prioritized data source integration into UEBA.

Siloed business units. Stakeholder organizations did not communicate cross-functionally.

Discovered a workplace environment improvement initiative that could provide behavioral indicators for insider threat.

Program chartered with a ConOps and key relationships forged identified stakeholder involvement.

Lack of situational awareness. Unsure of insider threat vulnerability landscape.

Identified gaps and made detailed recommendations used to articulate the risk exposure.

Closed a quarter of the gaps identified in the current-state baseline.

 

This is just one example. What could we do for your organization?

Let's discuss your cyber needs.