1 / 24

5 Steps To Protect Your Company

Insider Threat:. 5 Steps To Protect Your Company. Katherine D. Mills CENTRA Technology, Inc. Introduction. 5 Step Process Creating a plan for your company Best Practices Transforming your company CI Indicators. Threat is Now: Recent Malicious Insiders.

dblackmon
Download Presentation

5 Steps To Protect Your Company

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Insider Threat: 5 Steps To Protect Your Company Katherine D. MillsCENTRA Technology, Inc.

  2. Introduction • 5 Step Process • Creating a plan for your company • Best Practices • Transforming your company • CI Indicators

  3. Threat is Now: Recent Malicious Insiders Major Nidal Hassan – Responsible for shooting at Fort Hood Texas Bradley “Chelsea” Manning – Unauthorized disclosure to WikiLeaks Edward Snowden – Unauthorized disclosure of NSA surveillance programs Aaron Alexis – Responsible for shooting at the Washington Navy Yard

  4. Other Malicious Insiders • Telecommunications employee • Aerospace engineer • Software engineer • Chemical contractor • Search insider threat • Hundreds of examples, costing the Government and companies millions

  5. Why Consider Insider Threat? • Protect national security and corporate assets • We don’t want to be in the news • Will be required by Government • Changes to NISPOM • Required by Sponsors • Want to ensure we are taking positive steps to protect our company and assets

  6. How to Begin… • Do your research: Tons of free resources available • CERT • Common Sense Guide to Mitigating Insider Threats • DSS • Insider threat video and brochures • FBI website and movie “Betrayed” • ONCIX website • ASIS • “Confronting the Insider Threat,” October 2013

  7. CERT • Common Sense Guide to Mitigating Insider Threats

  8. Defense Security Service • Insider Threat videos and Brochures

  9. Federal Bureau of Investigation • The Insider Threat Page • An Introduction to Detecting and Deterring an Insider Spy • Betrayed: The Trusted Insider

  10. ONCIX • National Insider Threat Task Force (NITTF) • National Insider Threat Policy and the Minimal Standards

  11. ASIS International: Security Management • Confronting the Insider Threat • By Laura Spadanuta, October 2013 of Security Management

  12. Steps to Building a Plan • Team • Assets • Procedures • Awareness • Document plan

  13. Step 1: Identify the Team • Identify team members who understand and can contribute to the mission: • COO • HR • Security • IT • Who will be responsible for: • Drafting the plan • Regular meetings • Budget approval • Reporting to sponsors and Government • Conducting an Investigation

  14. Step 2: Understand Your Assets Conduct a risk assessment Talk to management about assets: • What are the corporate jewels? • How well are they currently protected? • How sensitive are they? • What is the risk if they are leaked? • Who has access to the information?

  15. Step 3: Tighten Up Procedures • Tighten procedures • Termination procedures • Unclassified data handling and access • IT system access • Document expectations to staff • Violation policy

  16. Step 4: Security Education • Free cartoons, brochures, articles available • No need to reinvent the wheel! • Incorporate insider threat into annual refresher training • Monthly security news item on reporting • Update current policies and publicize • Ensure staff understand reporting; make it easy for staff to report confidentially

  17. Step 5: Draft a Plan • Document what you have learned • Steps 1-4: • Team • What are assets and overall risk • What procedures have been impacted • Security education program • Work-in-progress

  18. Confronting the Insider Threat “It is important for each company to identify what an insider threat is and to set a policy in place on how to deal with insider threats. The policies must outline certain types of behavior that warrant scrutiny, disciplinary action, or even termination so that companies have a basis from which to work when they do identify potential threats.” ASIS: Confronting the Insider Threat by Laura Spadanuta, October 2013

  19. Encourage Reporting • Encourage employees to report • Provide confidential means of reporting • Staff holding security clearance are required to report adverse information, including potential threats • Trust your instincts, if you see something, say something! • It is better to report something that turns out to be nothing than to not report a serious security issue

  20. Detecting the Insider Post incident investigations reveal family, friends, or coworkers notice a suspect’s indicators, but they fail to report concerns “Subjects often tell people close to them what they are doing, and sometimes even engage associates in the process. Former intimates (spouses, lovers, close friends – people with whom they spent a good deal of time) are a potentially important source of information in all investigations.”* *Source: Declassified Director of Central Intelligence Memorandum of 12 April 1990; Subject: Project Slammer Interim Report

  21. Threat Indicators • Apparent unexplained affluence or excessive indebtedness • Efforts to conceal foreign contacts, travel, or foreign interests • Access to information or IT systems without need-to-know • Exploitable behavior • criminal activity • excessive gambling • drug or alcohol abuse • problems at work • Questionable judgment or untrustworthiness

  22. Threat Indicators, cont. • Apparent mental, emotional or personality disorders(s) • Disgruntled • Working odd or late hours • Unreported foreign travel • Suspicious foreign contacts • Requesting access to information outside of official job duties including sensitive or classified information

  23. Summary of Best Practices • Know your people; recognize concerning behaviors as potential indicators • Protect your “crown jewels” • Pay close attention at termination • Monitor ingress and egress points (IT systems and physical security) • Baseline normal activity and look for anomalies • Work together across organization • Educate employees regarding potential recruitment

  24. Sources http://threatgeek.typepad.com/.a/6a0147e41f3c0a970b0177429dd0ce970d-pi

More Related