Insider Risk Services

Protect and Defend your Enterprise

Cyber threats to corporations are real and cause significant harm, however the threat posed by insiders – a company’s employees, contractors, and vendors – is substantial and can be even more costly and damaging.

Neutralizing insider risk, before it becomes a threat, event or incident, is vital in strengthening overall security and reducing organizational risk. Capgemini offers these services in building and maturing insider risk programs –

  • Insider Risk Assessment
  • Insider Risk Program Design and Implementation
  • Insider Risk Management Program Course
  • Insider Risk Quick Start
  • Investigative Response

Insider Risk Assessment

The Insider Risk Assessment Service evaluates and measures your organization’s existing capabilities to prevent, detect, and respond to insider threats by following a structured insider risk assessment process aligned with NIST, ISO, NISPOM, and other industry leading practices and standards. It includes a thorough review of administrative, technical, and physical controls that may be exploited by an insider, and provides a complete current state evaluation of your organization’s insider risk security posture.  An Insider Risk Assessment:

  • Identifies core strengths and vulnerabilities associated with managing insider threats
  • Determines alignment with compliance requirements, such as NIST, ISO and NISPOM
  • Provides a gap analysis to identify the most critical areas of concern
  • Proposes risk treatment recommendations to help inform decision makers on next steps

To know more download the Insider Risk Assessment brochure. 

Insider Risk Program Design and Implementation

The Insider Risk Program Design and Implementation Service is a natural next step following an Insider Risk Assessment. Our team of insider risk highly-skilled professionals can augment your internal resources to design a holistic insider risk program. The team develops or modifies relevant business processes, organizational policies, and security awareness training, as well as integrates appropriate technology to enable your organization to counter threats while minimizing business disruption. While building a comprehensive insider program, Capgemini can assist you with the following elements:

  • Demonstrate the program’s value proposition to Executive advocacy
  • Establish an Executive Steering Committee and Operational Working Groups
  • Identify key stakeholders—from Human Resources, Legal, Information Technology (IT), Security, Privacy, and Compliance and Ethics
  • Write new, or revise existing policies and procedures to align with the program roadmap
  • Create awareness campaigns and communication strategies
  • Identify, prioritize, and classify critical corporate assets, people, processes, data, and technology
  • Develop Consequence Management processes and workflows to manage insider events

To know more download the Insider Risk Program Design and Implementation services brochure.

Insider Risk Management Program Course

The Insider Risk Management Program Course, introduces insider risk stakeholders including program, information and physical security, human resources employees, personnel within enterprise risk management functions, ethics and compliance investigators, legal counsel, line managers, and security professionals to the complexities of insider risk and underlying Key Risk Indicators (KRI’s).  This course culminates with the participants examining realistic scenarios that evaluate and triage KRIs to identify an insider risk. Instruction performed by experienced former law enforcement, counterintelligence, and industry professional subject matter experts includes:

  • Goals of an Insider Risk Program and an overview of the current risk landscape
  • Recognition of categories and examples of Insider Risk activity
  • Key risk indicators, risk tolerance, and risk appetite
  • Identification and discussion of Trusted Business Partner Challenges
  • Workplace violence versus Insider Risk and key concepts of workplace violence triage
  • Data collection, data sensitivity, storage, use, and access requirements
  • Articulation of program communication requirements

To know more download the Insider Risk Management Program brochure.

Insider Risk Quick Start

The Insider Risk Quick Start evaluates and measures your organization’s existing capabilities to prevent, detect, and respond to insider threats. It follows a structured insider risk assessment process aligned with NIST, ISO, NISPOM, and other industry best practices and standards. It includes a high-level review of administrative, technical, and physical controls that may be exploited by an insider to harm your organization and its critical assets.  An Insider Risk Quick Start is meant to quickly uncover program gaps, introduce industry best practices to stakeholders, and provide overview recommendations for future insider risk program activities. Completion of an Insider Risk Quick Start:

  • Identifies core strengths and vulnerabilities associated with managing insider threats
  • Determines if you meet applicable compliance requirements, such as NIST, ISO, NISPOM, and other industry best practices and standards
  • Identifies the most critical areas of concern and proposes next steps including high-level risk treatment recommendations for decision makers

To know more download the Insider Risk Quick Start factsheet.

Insider Risk Investigative Response Service

Do you suspect an insider risk event has occurred? Our Investigative Response Service is customized to your organization’s specific needs, and our experienced professionals will work with you to develop an investigative plan, gather facts, collect evidence, and guide the investigation’s detailed day-to-day execution related to the insider event or incident. Our Insider Risk Investigative Response Service can:

  • Provide subject matter expertise and instruction
  • Gather all relevant facts and ensure the proper collection and storage of electronic evidence
  • Conduct cyber forensic analysis
  • Compile investigative facts and documents and facilitate sharing of information between your organization, Capgemini, and law enforcement
  • Identify procedural gaps and make recommendations to prevent future occurrences

 To know more download the Insider Risk Investigative Response Service datasheet.

Talk to our cybersecurity expert

Contact us

By submitting this form, I understand that my data will be processed by Capgemini as indicated above and described in the Terms of use .   *
Thank you for filling out my form!

We are sorry, the form submission failed. Please try again.