1. www.ispcert.com Threat Awareness Briefing

2. www.ispcert.com Why Our Information Employee Responsibilities Threat Awareness and Defensive Information Methods of Contact Countermeasures Test CONTENTS

3. www.ispcert.com  Why go through process of Research and Development  Let someone else pay for R&D  Possible military application WHY OUR TECHNOLOGY?

4. www.ispcert.com  Research and development is an expensive endeavor. It is much cheaper to acquire technology through reverse engineering, requests for information or theft  It is illegal to provide any export to some countries. It is easier for them to think of creative methods of obtaining what they need.  Some products seem to have commercial application, but they may appeal to a dual use possibilities WHY OUR TECHNOLOGY?

5. www.ispcert.com Protect Proprietary, For Official Use Only and Sensitive Information  This information includes:  Vendor prices  personnel ratings  medical records  corporate financial investments and resources  trade secret information  corporate/government relations  corporate security vulnerabilities  financial forecasts and budget information EMPLOYEE RESPONSIBILITY

6. www.ispcert.com  Lock up in a drawer or cabinet  Restrict emailing or faxing  Develop a destruction policy  Everyone has a right to privacy, respect that right  Protect your business to the fullest PROTECT PROPRIETARY, FOR OFFICIAL USE ONLY AND SENSITIVE INFORMATION

7. www.ispcert.com Company Computer Security Safeguards  Use computers for authorized business  Establish and protect passwords  Visit only authorized websites  Use caution when downloading attachments  Save all work  Use classified systems for classified processing EMPLOYEE RESPONSIBILITY

8. www.ispcert.com  Password should be at least six characters long. More stringent measures apply to classified processing systems  Don’t share passwords or write them down  Use the internet for official company use  Download attachments if email comes from a reliable source  Save work regularly in case of loss  Follow procedures as established by the Information System Security Manager COMPUTER SECURITY SAFEGUARDS

9. www.ispcert.com  The following may indicate that you could be targeted:  Your access to active intelligence interest  Overseas locations where foreign intelligence operates  Located in the U.S. where foreign nationals can gain access to you  Ethnic, racial, or religious background that may attract the attention of a foreign intelligence operative EMPLOYEE RESPONSIBILITY

10. www.ispcert.com  You have no control over whether or not you are targeted  Your present situation may make you appear vulnerable, but it doesn’t mean you will be targeted  Also, you may be targeted even if your circumstances aren’t as above-It’s out of your control  You can control your actions and how you react to assessment and recruiting efforts.  Most foreign contacts are perfectly legitimate and well meaning  Be aware of situations out of the norm of regular business  Notify your FSO of suspicious contacts EMPLOYEE RESPONSIBILITY

11. www.ispcert.com  Foreign Threat  Economic – theft of technology and commerce  Classified information-solicitation for unauthorized disclosure  Intelligence-collection efforts  Conduct Risk Analysis  Who is targeting  What do they want  How do they get it THREAT AWARENESS AND DEFENSE

12. www.ispcert.com  Collection efforts  Elicitation  Eavesdropping  Surveillance  Theft  Interception THREAT AWARENESS AND DEFENSE

13. www.ispcert.com  Elicitation -Subtle form of questioning where conversation is directed to collect information. Differs from interrogation and may be hard to recognize  Example of Elicitation: in a recent case, Ben-Ami Kadish, a government employee, turned over secrets to Israel. His handler, who also handled a spy name Pollard, smoothly convinced him to turn over documents to while appealing to Kadish’s sensibilities toward Israel’s security. Kadish only received small gifts and private dinners  Eavesdropping -Listening in to get information  Surveillance- Watching target while remaining discreet COLLECTION EFFORTS DEFINED

14. www.ispcert.com  Suspicious Activities  Requests for information outside of need to know  Unauthorized reproduction of materials  Unauthorized removal/destruction of materials  Unexplained affluence  Regular, unexplained foreign travel  Maintains long hours in spite of job dissatisfaction Employees are required to report efforts by any individual to obtain illegal or unauthorized access to classified or sensitive information— This include proprietary information INSIDER THREAT Robert Philip Hanssen

15. www.ispcert.com  Very few news reports made of anyone breaking into a DoD contractor facility to crack or blow safes. Our threat stems from employee actions and how they respond to suspicious contacts.  Espionage of any type is a very draining process to the perpetrator. They are conflicted between loyalty, incentive and consequences.  Suspicious employee activities can take any form. It’s important to realize that these are just indicators and not confirmation. Your reporting is necessary to conduct an investigation or execute caution. THE REAL THREAT-INSIDERS

16. www.ispcert.com  Fax  Snail Mail  E-mail  Telephone  Personal Contact May seem innocent enough, but….  Legitimate business requests will come through appropriate channels  Personal Contact: Asks about project specifics, whether or not classified or proprietary details  Email address originated in a foreign country METHODS OF CONTACT

17. www.ispcert.com  Remain non-committal if approached  Report all suspicious activities to FSO  Practice smart information systems security  Escort visitors  Pay attention to surroundings  Secure building at the end of the day COUNTERMEASURES

18. www.ispcert.com  Don’t agree or disagree to a suspicious request. If you agree, you may find yourself under investigation. If you say “no”, the suspicious person may go to another target. Remain non- committal and report as many details as possible.  Have a strong visit control policy. Know where visitors are and how to identify them. Practice access control.  Secure work areas at the end of the day:  Lock safes  close and lock doors  clear desk and lock proprietary information in a file or desk drawer. COUNTERING COLLECTION EFFORTS

19. www.ispcert.com Click on the correct answers TEST

20. www.ispcert.com 1.Company financial forecasts and budget information should be: A.Locked in an office or deskLocked in an office or desk B.Given no special protectionGiven no special protection C.Put on the company websitePut on the company website 2.What forms of espionage are current threats to U.S. Companies A.EconomicEconomic B.CorporateCorporate C.Intelligence gatheringIntelligence gathering D.All the aboveAll the above 3.There is no need to report foreign correspondence as long as its not classified A.TrueTrue B.FalseFalse 4.Email contacts could be considered suspicious when they are addressed to: A.CompanyCompany B.DepartmentDepartment C.IndividualIndividual D.All of the aboveAll of the above TEST-SELECT THE CORRECT ANSWER

21. www.ispcert.com 5.How should one react to a suspicious request for information A.Agree to provide then contact the FSOAgree to provide then contact the FSO B.Say “no” and then contact the FSOSay “no” and then contact the FSO C.Remain non-committal and then contact the FSORemain non-committal and then contact the FSO 6.The following are are proper precautions employees can take to reduce threats EXCEPT A.Lockup all company information when finished working with itLockup all company information when finished working with it B.Write down password in cell phoneWrite down password in cell phone C.Surf only authorized websites and establish surf controlsSurf only authorized websites and establish surf controls TEST-SELECT THE CORRECT ANSWER

22. www.ispcert.com Go Back!

23. www.ispcert.com Go Back!

24. www.ispcert.com Go Back!

25. www.ispcert.com Go Back!

26. www.ispcert.com CERTIFICATE