Counterintelligence Model

Sitrof secures unstructured data by incorporating counterintelligence methodologies to your current information security management approach.

Counterintelligence ensures that security is executed according to plan and is more preventative, preemptive, and predictive.

The Sitrof model, designed to collaborate with your current implementation, operates with autonomy to provide independent oversight and segregation of duties in security management. It penetrates the activity stream of your enterprise to identify threats and vulnerabilities, close gaps, and strengthen the security culture.

Data leakage is occurring with alarming frequency not because organizations do not have security policies and procedures in place—but because they fail to adequately train their employees, monitor their actions for policy compliance, and enforce policies when they are violated.

The Sitrof counterintelligence model has the responsibility to determine:

  • What assets are being targeted for theft or misappropriation?
  • Who would benefit from having access to sensitive data?
  • How are the assets being targeted?
  • Who are the high-value human assets within the chain-of-trust that have access to these assets?
  • Are they being targeted as an inside channel for access to the assets?
  • How vulnerable are the targets to compromise and exploitation?

The counterintelligence model is developed first by conducting a review of policies, procedures, and work practices followed by an assessment of your organizations handling of unstructured data in the context of seven categories critical to security management.

  1. Human Resources—To understand how people create and share data
  2. Organization—To identify the dynamics of cross organizational collaboration
  3. Assets—To determine what is important and how security is applied
  4. Process—To assess critical processes where sensitive data is at risk
  5. Technology—To locate security tools and their effectiveness
  6. Physical—To gauge physical risk to data and corresponding controls
  7. Performance—To evaluate the effectiveness of training, monitoring, and audit functions