Creating an Insider Threat Program.

Slides:



Advertisements
Similar presentations
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
Advertisements

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
Section Six: Foreign Ownership, Control, or Influence (FOCI)
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
Industrial Security 2010 Worldwide Security Conference.
Defense Security Service Facility Clearance Branch (FCB)
NISPOM Update for JSAC Workshop
The Department of Defense Intelligence Oversight Program
THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.
UNCLASSIFIED Foreign Ownership, Control, or Influence (FOCI) August 2009.
Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 July 08, 2010 Information Security Officer Meeting.
Risk Assessment Frameworks
Supplier Ethics: Program Checklist
1 Creating a Joint Personnel Adjudication System (JPAS) Analysis Report Michael S. Campbell Industrial Security Specialist Defense Security Service San.
Fraud Prevention and Investigation Branch. Fraud Prevention- Everyone’s Responsibility.
Complying With The Federal Information Security Act (FISMA)
Minnesota Adoption of the Green Book April 16, 2015 Jo Kane Internal Control & Accountability Specialist.
National Governor’s Association September 29-30, 2003 Salt Lake City, Utah.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,
Maureen B. Higgins Assistant Director, Agency Support & Technical Assistance Office of Personnel Management December 8, 2010.
OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security.
CORPORATE COMPLIANCE Tim Timmons Vice President Compliance and Regulatory Services Health Future, LLC.
OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil August 12, 2014 UNCLASSIFIED NISPOM Update.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Information Sharing Challenges, Trends and Opportunities
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
Department of the Navy Information Security Program
CENTRA T ECHNOLOGY, I NC. 1 5 Steps To Protect Your Company Katherine D. Mills CENTRA Technology, Inc. Insider Threat:
Chapter 22: Organization and Coordination of Counterterrorism Investigations.
DEFENSE SECURITY SERVICE DSS Role in International Security.
The National Security Bureaucracy. Key Agencies The State Department.
Peter Sakaris CISSP Booz Allen Hamilton, 1299 Farnam Street Suite 1230, Omaha, NE Office The Insider Threat.
UMBC POLICY ON ESH MANAGEMENT & ENFORCEMENT UMBC Policy #VI
Sample only Order at Security Awareness Training A threat awareness briefing. A defensive security briefing. An overview of the.
Unclassified/FOUO Intelligence Community Directive (ICD) 119 Media Contacts Training.
Indiana Regional Sewer District Association October 26, 2015.
NISPOM Update for Dulles ISAC
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Intelligence and Counterintelligence and Terrorism CHAPTER 8.
NISPOM Chapter 1 Basics General Requirements Reporting Responsibilities Steven Rivera, FSO July 10, 2013.
The Department of Defense Intelligence Oversight Program
Privacy Act United States Army (Managerial Training)
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
Providing access to your data: Handling sensitive data Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.
How To Conduct An Administrative Inquiry (AI) Due To A Security Violation
In support of the National Industrial Security Program (NISP) Presenter: Kenneth McKnight, FSO Presentation Date: May 2016.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Department of the Navy Security Enterprise Leadership Course Curriculum for Security Program Oversight 1.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device.
Information Security Officer Meeting
What county clerks should know about Idaho public defense reform
Providing Access to Your Data: Handling sensitive data
Cleared Employee Security Training
INSIDER THREAT AWARENESS
Unauthorized Disclosure Training
Derivative Classification Overview
FOIA, Privacy & Records Management Conference 2009
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
Intelligence Oversight U.S. Army Inspector General School 1
Electronic Surveillance, Post 9/11
Department of Energy Department of Energy Insider Threat Program Overview Energy Facilitators Contractors Group (EFCOG) Sandia National Laboratory (SNL)
Office of Departmental Personnel Security (AU-53) July 17, 2018
NPHS 1510 Federal and International
Office of Health, Safety and Security
Presentation transcript:

Creating an Insider Threat Program

Donald Fulton Counterintelligence Programs Manager Facility Technology Services, Inc.

Insider Threat 1 August 2014 – DSS/NISPOM Industrial Security Representatives NISPOM Conforming Change 2 pending ???? Insider Threat

Agenda History Key Terms Purpose Documents Resources Requirements Recommendations Agenda

The Reason PFC Bradley Manning Arrested 27 May 2010 700,000 documents Found guilty on 17 counts Sentenced to 35 years The Reason

Insider Threat Intelligence Analyst TS/SCI eligibility Emotional instability Security Violations Personal and government IT Behavioral Problems/Assault Poor security practices in unit Insider Threat

7 October 2011 Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information National Insider Threat Task Force Shall be binding on the executive branch E.O. 13587

National Insider Threat Task Force US Attorney General Federal Bureau of Investigation Director National Intelligence National Counterintelligence Executive Assist agencies in developing and implementing their insider threat programs, National Insider Threat Policy NITTF

Policy National Insider Threat Policy NITTF November 2012 Minimum Standards Policy

Acts of commission or omission by an insider who intentionally or unintentionally compromises or potentially compromises DoD’s ability to accomplish its mission. These acts include, but are not limited to, espionage, unauthorized disclosure of information, and any other activity resulting in the loss or degradation of departmental resources or capabilities. DoD Definition

Deter, detect, and mitigate compromises of classified information by malicious insiders Safeguarding classified information from exploitation, compromise, or unauthorized disclosure Does not erode civil liberties, civil rights, or privacy protections for government employees Purpose

Minimum Requirements Designate insider threat senior official Annual Reporting Oversight mechanism Analytic capability Establish reporting procedures Fully trained Insider Threat personnel (NITTF) Access to employee information Network monitoring (AIS) Employee training and awareness Six months to implement Minimum Requirements

Don’t Panic Designate Insider Threat Senior Official Annual Reporting Oversight mechanism Analytic capability Establish reporting procedures Fully trained Insider Threat personnel (NITTF) Access to employee information Network monitoring (AIS) Employee training and awareness Six months to implement Don’t Panic

Insider Threat Reporting Network Monitoring Attempts to expand access Disregard for security practices Suspicious behavior/contacts Attempts to expand access Financial vulnerabilities Foreign influence of connections Attempts to expand access Disregard for security practices Network misuse Removing/downloading classified Insider Threat

EO 13587 National Insider Threat Policy and Minimum Standards Insider Threat Senior Official Appointment Letter Insider Threat Awareness Training Company Insider Threat Policy Company Insider Threat Annual Report Documents

Resources National Insider Threat Task Force http://ncsc.gov/nittf/index.php Center for Development of Security Excellence http://www.cdse.edu Defense Security Service http://www.dss.mil/index.html Resources

Senior Official Cleared at the same level as Facility Clearance Senior Management/KMP level May be Facility Security Officer Company Senior Leadership must support Must have appropriate authority Senior Official

Training Within 30 days for initial Annual refresher Mirrors current NISPOM requirement for security training Training

Reporting Potential Threat Activity Insider Threat Senior Official Human Resources Personnel Security Physical Security Network Monitoring Employee Reporting Disciplinary Action Counterespionage Investigation Potential Threat Activity Reporting

Analysis Insider Threat Analysis Physical Security Human Resources Information Technology Legal/Law Enforcement Counterintelligence Analysis

Agenda History Key Terms Purpose Documents Resources Requirements Recommendations Agenda

Donald Fulton Counterintelligence Programs Manager Facility Technology Services, Inc. dfulton@factechs.com 571-203-0245 Ext. 2206 http://factechs.com/ Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.