The potential for a person, program, or process to take advantage of a vulnerability, from within the organization and cause financial loss.
Threat arises from intention; risk does not.
Threat requires identification; risk does not.
Accidents happen… So does exploitation.
News stories involving some kind of data loss have become common. How can you assess whether or not conditions are ripe for data leakage from within your organization? What organizational and operational conditions need to be taken into account when considering the risk and the threat of data loss? Is your organization prepared for the legal implications of not taking a pro-active position on preventing a leak of organizational secrets?
When considering protection against data loss, it is useful to combine the perspective of both technical and legal experience. LuciData has uniquely recognized the links between internal information risk, eDiscovery and computer forensics. Companies that don’t understand their internal information risk profile are much more likely to have an incident that leads to litigation and legal discovery of digital records, which in turn leads to business interruption and significant incremental costs. Our Internal Threat Risk Consulting Services are designed to rapidly assess the technical level of readiness within an organization to detect and prevent loss of information assets and advise clients on what technology products will best suit their needs.
The LuciData methodology for an Internal Threat Management engagement can be articulated as a series of phases, or steps, that have been validated against years of industry experience. The steps can be listed sequentially and in an ideal world, a company would address each step in order, one after the other. However, since the real world does not fit cleanly into models, the best representation of the steps is to map them in a manner that supports “structured flexibility”. The following diagram communicates the cyclical nature of the steps; concluding the seventh step takes one back to the start of the first.
This mapping allows for the likelihood of having different points of entry for a variety of reasons into the process. For example, new regulations may cause a company to review their policies to see whether or not they are in line. This in turn may cause a company to consider whether or not they have tools in place to enforce the existing policy, or any significant policy alterations. Rather than identifying an enforcement solution in something of a knee-jerk reaction, the company may find it is best to undergo an assessment of any gaps that might be keeping policies, procedures and technologies from being aligned. The results of the assessment may in turn point to policies (including standards and the more specific guidelines) that need to be tuned. Additionally, it may help point specifically to feature requirements for any enforcement tools under consideration.
- We assess all types of data and all risk vectors from network to endpoint and everything in between
- Working from a tools-generated baseline, LuciData recommends integrated solutions that combine policy, training and technical solutions
- Assessments are rapid, cost effective, and deliver powerful results
- We understand the key links between proactive and reactive risk assessment for both technical and business issues
- We deliver an integrated risk profile with specific recommendations on how to reduce business risk
- Our job to perform efficiently, effectively, on time and on budget