Doug Sampson, Founder & CEO at Soteritech The Human Side of Insider Threats Copyright © 2016 Soteritech LLC.

Slides:



Advertisements
Similar presentations
Museum Presentation Intermuseum Conservation Association.
Advertisements

The Risk Management Process (AS/NZS 4360, Chapter 3)
Alexander Brandl ERHS 561 Emergency Response Environmental and Radiological Health Sciences.
Management and Operational Practices Addressing Staff Sexual Misconduct with Offenders March 2006.
COLLEGE OF INFORMATION SCIENCES AND TECHNOLOGY Office of HUMAN RESOURCES Inside our Office IST 440W April 11, 2011 HR Issues and Security.
The Australian/New Zealand Standard on Risk Management
Corporate Ethics Compliance *
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
Network security policy: best practices
Effective Performance Evaluations Presented By: Barrie Jaffe Lale Kumral.
September 18 th, 2014 Jason Banuski, PHR HR One President Senior HR Consultant peopletopayroll.com New York Statewide Payroll Conference Association.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
Cash, Bonuses, Insurance,
Managing Human Resources Describe compensation and benefits plans Recognize the goals of performance management By PresenterMedia.comPresenterMedia.com.
Torrington, Hall & Taylor, Human Resource Management 6e, © Pearson Education Limited 2005 Slide 22.1 Protection from Hazards Conflict between needs for.
Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.
Sten Gellerstedt, LO, Sweden ETUC seminar in RIGA October 2005 Sten Gellerstedt Research officer The Swedish Trade Union Confederation LO.
DPG HEALTH MEETING USAID CONFERENCE ROOM 6 NOVEMBER 2013 International Health Regulation (2005)
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
MODULE 3 Composition & Roles. TAT TEAM APPROACH UPON COMPLETION OF THIS MODULE, PARTICIPANTS SHOULD UNDERSTAND: 3 – 2  Composition of the Threat Assessment.
Occupational Safety and Health Reps, their role and functions in the EU.
URBAN STREAM REHABILITATION. The URBEM Framework.
ISO CONCEPTS Is a management standard, it is not performance or product standard. The underlying purpose of ISO 1400 is that companies will improve.
"In the name of Allah, The Most Gracious & Most Merciful"Most GraciousMost Merciful.
Copyright  2004 McGraw-Hill Australia Pty Ltd PPTs t/a Occupational Health and Safety by Margaret Stewart and Frank Heyes Slides prepared by Frank Heyes.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Substance Abuse in the Workplace: Supervisory Training FIRSTCALL presents:
MGT 301 Class 2: Chapter 1 Introduction to Human Resource Management FEIHAN AHSAN BRAC University Sep 17th, 2013.
7/6/09Office of Training and Professional Development1 Unit 3D: Safety Assessment Safety Permanency Well-being.
The Policy Company Limited © Safeguarding – Part 1 - Policy.
For more course tutorials visit
For More Best A+ Tutorials CMGT 400 Entire Courses (UOP Course) CMGT 400 Week 1 DQ 1 (UOP Course)  CMGT 400 Week 1 Individual Assignments.
Human Resource Management, 8th Edition
Facilitator/Trainer: Ben Ramsey GLM Management Consulting Group, LLC
MGMT 452 Corporate Social Responsibility
MOSH Adoption Team Training
Non Retaliation Policy
CHAPTER 2 – ROLES OF CONSTRUCTION PERSONNEL IN SAFETY AND HEALTH
Confronting an Employee during a Counseling Session
Cyber Security coordination in Europe CERT-EU’s perspective
Managing Global Human Resources
Organizational Behavior (MGT-502)
Workplace Violence.
بسم الله الرحمن الرحيم.
worksafe.vic.gov.au/itsneverok
COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES
Join In Be Secure Presentation
PRIVILEGED ACCOUNT ABUSE
URBAN STREAM REHABILITATION
Health and Safety! By jack Hughes.
Risk Management: why and how to protect your health center
بسم الله الرحمن الرحیم فرآیند رسیدگی به شکایات
PROTEÇÃO DAS MÃOS: LIÇÕES PARA TODA A VIDA
Behavioral Sciences and Social Medicine
Health and Safety Guidelines for Lone Working.
Detecting Insider Threats: Actions Speak Louder than Words
How to conduct Effective Stage-1 Audit
Organizational Culture and Workforce Diversity
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Communicating Expectations Through Job Descriptions
Chapter 7 Communication.
IS-907 – Active Shooter: What You Can Do
Violence in the Workplace
Awareness and Auditor training kit
Chapter 7 Communication.
Unit 4: Area Command.
Basic Systems Management Employing Security Policies
Contingency Planning for Accidental Surface Water Pollution​ GROUP HSE RULE (CR-GR-HSE-705) EXECUTIVE SUMMARY This rule sets specific requirements to be.
ISO 45001:2018 The importance of a Safety Management System
A Safety Management System (SMS) is: “A systematic approach to managing safety, including the necessary organizational structures, accountabilities,
Presentation transcript:

Doug Sampson, Founder & CEO at Soteritech The Human Side of Insider Threats Copyright © 2016 Soteritech LLC

● Yuan Li Context

● Edward Snowden Context

● Lt. Cmdr. Edward C. Lin Context

● Kun Shan “Joey” Chun Context

● IMPACT? Context

● Definition ● Why it’s important Insider Threat Program

● People ● Process ● Technology Insider Threat Program

● ObserveIT ● Fortinet ● Forcepoint ● Vormetric ● Identrix ● Lancope Technologies

● Executives ● Management ● Working Group/HUB ● Employees People

● Policy & employment agreement changes ● Enterprise risk assessments ● HUB and employee training ● Proactively managing employee issues ● Comprehensive termination procedures Process

Monitoring Process Inputs  Activity  Outputs ● Network monitors ● Ins Threat tools ● Anonymous tip line ● Other employees ● Perf appraisals ● HR activity ● Outside monitors Collection Evaluate, Communicate, Rate Comms Plan, Communicate, React

● Purpose ● Participants ● Prearranged agreements ● Activities HUB

Indicators ● Classified info handling ● Criminal activity ● Finances ● Interpersonal ● Leave of absence ● Loyalty ● Mental health ● Substance abuse ● Technical activity

● Notification comes in ● Triage within 10 minutes ● Initial level assigned ● Green (low risk potential, no further investigation needed) ● Yellow (unsure risk potential, needs immediate initial investigation) ● Red (sure risk, needs immediate investigation and action) Evaluations

● Person’s behavior is deemed normal for his or her job function and responsibility level ● Examples Green

● Questionable behavior that deserves further investigation. ● Widest reporting of incidents ● Could be broken down further ● Broad range of ● Communication ● Collection ● Consequence ● Examples Yellow

● Behavior unacceptable and against company policy ● Significant information gathering (proof) ● Severe consequences ● Examples Red

Communicate with certain groups based on severity scale ● Green – maintain internal log ● Yellow – involve HR, IT, Security Office, Legal and Exec (possibly Govt - COTR) depending on level ● Red – involve HR, IT, Legal, Security Office, Exec, COTR (if applicable) and Authorities Hub Communication

● Green – none ● Yellow – mild to moderate/intense ● Red – intense/severe Confrontation

● Logistics ● Who to have involved? ● How to prepare? ● What if they go sour? ● What to do? Conversations

Conversation Plan

● Pre-discussion preparations ● Situational awareness ● Discussion Part 1: Accusation ● Discussion Part 2: Consequences ● Successful outcomes ● Un-successful outcomes ● Monitoring Yellow Scenario: Employee overhead talking about the new rocket guidance kit to a fellow employee at a local restaurant

● HUB communications ● Pre-discussion preparations ● Situational awareness ● Discussion Parts 1&2 ● Successful outcomes ● Un-successful outcomes Red Scenario: Leaving the premises with prototype radar sensors

● Simulation/Role Play ● Repetition ● Culture of Security How to Get Better at the Conversation

Doug Sampson Soteritech, LLC Questions