1. H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009

2. H UMAN R ESOURCES M ANAGEMENT Multiple levels of engagement Leadership Cyber security management team Individual contributor Network guests, teammates and customers Risk Mitigation Proactive/strategic activities Crisis Management Reactive/tactical activities

3. R ISK M ITIGATION Training and awareness Regular schedule for employees/all levels of engagement (intake, periodic and termination) General communications Network management and security Account management policy and procedure Network access and administration Layered defense Disciplinary process

4. C RISIS M ANAGEMENT Backup and recovery process Investigations Stakeholder identification and leadership responsibilities Investigative process and follow-through Disciplinary process Communications

5. K EY Q UESTIONS TO M ANAGE I NSIDER T HREATS Do we periodically awareness and training all employees in cyber security? How strict are our password and account management policies and practices? Are we logging, monitoring and, and auditing employee online actions? What extra precautions are we taking with system administrators and privileged users? Do we use layered defense against remote attacks? Are we able to monitor and respond to suspicious or disruptive behavior? Do we routinely deactivate computer access following employee termination? What are our practices for collecting and saving data for use in investigations? Have we implemented secure backup and recovery processes? Have we clearly documented insider threat controls? How do we attract, develop and retain critical cyber security technical and leadership talent, including those in functional areas requiring cyber security savvy? Does our organizational structure support key functional integration to ensure threat mitigation and rapid crisis response? How does our cyber security communications plan address and measure the effectiveness of threat awareness and training for all network stakeholders? What is our monitoring and auditing operating procedure for online activity? How up-to-date are our password and account management policies? How do we ensure stakeholder compliance? Do we use layered defense against remote attacks? How does our SOP address elevated access possessed by system administrators and privileged users? Have we assessed the need for protection of our social networking and share center sites? How do we routinely audit network access throughout the network stakeholder lifecycle, especially at termination or out-processing? Does our progressive discipline policy address our need for threat investigations involving any network stakeholder for suspicious or disruptive behavior? How do we ensure integrity and continued operations of our employee database and related systems like recruiting, benefits, travel and payroll? Do our performance management and compensation strategies provide adequate support for our cyber security mission? Provided Updated: broader definition of user community, compliance, & measurement