Many of CREO’s clients are managing sensitive projects that call for the most secure methods of data management. Such was the case with an Atlanta-based government contractor responsible for the disbursement of payments to 9/11 First Responders. This contractor’s projects usually involve transmission of government data and to secure the contract the company must comply with rigorous federal standards.
CREO was engaged to ensure the contractor was compliant with federal data management regulations and to establish an “insider threat” program. According to CREO Managing Partner, Mike Townley, “In the current environment, many of the most serious security threats are coming from sources internal to a company, whether through hostile actors or careless employees. An insider threat program is vital for any company hoping to thoroughly safeguard its data and, by extension, its ability to do business.”
CREO addressed the contractor’s challenges by creating a custom Crosswalk Map to determine compliance with NISPOM and FISMA regulations. “A Crosswalk Map helps us understand the security processes a company has in place and what more needs to be done to be compliant with regulations. Through this mapping exercise we can look across the company’s security infrastructure and efficiently assess where there may be gaps or areas of deficiency. It saves us a lot of time and ultimately saves our clients money.”
CREO also established an “insider threat” assessment process and produced a custom threat manual for the contractor. To implement the recommendations, Mike worked side-by-side with the client team to install new security protocols to meet the compliance standards. They then worked together to deploy the insider threat processes and test them for effectiveness.
As a result of CREO’s work and guidance, the contractor achieved full compliance with federal data management regulations in less than 6 months. The recommended improved processes have led to cost savings of $2 million to date.