Insider Threat Solutions

Deter, Detect, and Mitigate

Cipher’s proprietary Insider Threat Maturity Model provides organizations with an easy-to-understand template for building effective Insider Threat Programs that are compliant with government-mandated standards. It also provides organizations with the opportunity to differentiate themselves from the competition by implementing a “Gold Standard” Program using a holistic approach to Insider Threat deterrence and detection.

Our team is comprised of experienced experts who understand what it takes to develop, implement, and integrate a comprehensive program that will best enable your organization to deter, detect, and mitigate potential and actual Insider Threats. We will ensure you meet the requirements set forth in Executive Order 13587 and NISPOM Change 2, further your mission requirements, and set your organization on the path to a robust, effective, and sustainable program. 


Our solutions target the broad spectrum of Insider Threat manifestations, including espionage, intellectual property theft, industrial sabotage, fraud/waste/abuse, and workplace safety. Our Insider Threat Solutions team will:

✔ Develop a custom tailored, industry-leading Insider Threat Program
✔ Adhere to standards developed and promulgated by the Office of the Director of National Intelligence and the Defense Security Service (DSS)*
✔ Ensure your organization passes all required inspections and certifications
✔ Design and execute workforce training and education programs
✔ Integrate your Insider Threat Program into existing risk mitigation programs
✔ Strengthen your defenses to protect against reputational and financial damage



The first step in a successful Insider Threat Program is deterrence. Training programs and employee engagement initiatives will help create a climate that makes it difficult for Insider Threats to arise.


In most cases, potential Insider Threats exhibit warning signs well in advance of any action. Key indicators and strategic monitoring can be used to detect a threat before a devastating breach occurs.


Once a perceived or actual Insider Threat is detected, the response must be swift and targeted to minimize the risk of reputational and financial damage.

*DSS will begin auditing against NISPOM Change 2 requirements in annual Security Vulnerability Assessments (SVAs) on cleared contracting companies starting in November 2016.  Failure to adhere to the new standards could result in serious consequences, including the loss of your facilities clearance.


In response to the growing threat to national security posed by malicious insiders with privileged access, the Department of Defense issued Change 2 to the “National Industrial Security Operating Manual (NISPOM)” on May 18, 2016. The Change requires defense contractors with facility security clearance (FCL) to: “establish and maintain an insider threat program to detect, deter and mitigate insider threats.” 

In this paper, Mark Kelton, Director of Insider Threat Solutions at Cipher and former Director of Counterintelligence at CIA, will walk you through the key considerations when implementing an effective Insider Threat Program, provide a brief historical background, and highlight common misconceptions. 



Fill out my online form.

Related Insights

Try K360 Check out our game-changing solution!