Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doug Sampson, Founder & CEO at Soteritech The Human Side of Insider Threats Copyright © 2016 Soteritech LLC.

Published bySarah Ramsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Doug Sampson, Founder & CEO at Soteritech The Human Side of Insider Threats Copyright © 2016 Soteritech LLC."— Presentation transcript:

1 Doug Sampson, Founder & CEO at Soteritech The Human Side of Insider Threats Copyright © 2016 Soteritech LLC

2 ● Yuan Li Context

3 ● Edward Snowden Context

4 ● Lt. Cmdr. Edward C. Lin Context

5 ● Kun Shan “Joey” Chun Context

6 ● IMPACT? Context

7 ● Definition ● Why it’s important Insider Threat Program

8 ● People ● Process ● Technology Insider Threat Program

9 ● ObserveIT ● Fortinet ● Forcepoint ● Vormetric ● Identrix ● Lancope Technologies

10 ● Executives ● Management ● Working Group/HUB ● Employees People

11 ● Policy & employment agreement changes ● Enterprise risk assessments ● HUB and employee training ● Proactively managing employee issues ● Comprehensive termination procedures Process

12 Monitoring Process Inputs  Activity  Outputs ● Network monitors ● Ins Threat tools ● Anonymous tip line ● Other employees ● Perf appraisals ● HR activity ● Outside monitors Collection Evaluate, Communicate, Rate Comms Plan, Communicate, React

13 ● Purpose ● Participants ● Prearranged agreements ● Activities HUB

14 Indicators ● Classified info handling ● Criminal activity ● Finances ● Interpersonal ● Leave of absence ● Loyalty ● Mental health ● Substance abuse ● Technical activity

15 ● Notification comes in ● Triage within 10 minutes ● Initial level assigned ● Green (low risk potential, no further investigation needed) ● Yellow (unsure risk potential, needs immediate initial investigation) ● Red (sure risk, needs immediate investigation and action) Evaluations

16 ● Person’s behavior is deemed normal for his or her job function and responsibility level ● Examples Green

17 ● Questionable behavior that deserves further investigation. ● Widest reporting of incidents ● Could be broken down further ● Broad range of ● Communication ● Collection ● Consequence ● Examples Yellow

18 ● Behavior unacceptable and against company policy ● Significant information gathering (proof) ● Severe consequences ● Examples Red

19 Communicate with certain groups based on severity scale ● Green – maintain internal log ● Yellow – involve HR, IT, Security Office, Legal and Exec (possibly Govt - COTR) depending on level ● Red – involve HR, IT, Legal, Security Office, Exec, COTR (if applicable) and Authorities Hub Communication

20 ● Green – none ● Yellow – mild to moderate/intense ● Red – intense/severe Confrontation

21 ● Logistics ● Who to have involved? ● How to prepare? ● What if they go sour? ● What to do? Conversations

22 Conversation Plan

23 ● Pre-discussion preparations ● Situational awareness ● Discussion Part 1: Accusation ● Discussion Part 2: Consequences ● Successful outcomes ● Un-successful outcomes ● Monitoring Yellow Scenario: Employee overhead talking about the new rocket guidance kit to a fellow employee at a local restaurant

24 ● HUB communications ● Pre-discussion preparations ● Situational awareness ● Discussion Parts 1&2 ● Successful outcomes ● Un-successful outcomes Red Scenario: Leaving the premises with prototype radar sensors

25 ● Simulation/Role Play ● Repetition ● Culture of Security How to Get Better at the Conversation

26 Doug Sampson Soteritech, LLC (@soteritech) doug.Sampson@soteritech.com 571-393-3801 Questions

Download ppt "Doug Sampson, Founder & CEO at Soteritech The Human Side of Insider Threats Copyright © 2016 Soteritech LLC."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
The Risk Management Process (AS/NZS 4360, Chapter 3)

The Risk Management Process (AS/NZS 4360, Chapter 3)
Alexander Brandl ERHS 561 Emergency Response Environmental and Radiological Health Sciences.

Alexander Brandl ERHS 561 Emergency Response Environmental and Radiological Health Sciences.
Management and Operational Practices Addressing Staff Sexual Misconduct with Offenders March 2006.

Management and Operational Practices Addressing Staff Sexual Misconduct with Offenders March 2006.
COLLEGE OF INFORMATION SCIENCES AND TECHNOLOGY Office of HUMAN RESOURCES Inside our Office IST 440W April 11, 2011 HR Issues and Security.

COLLEGE OF INFORMATION SCIENCES AND TECHNOLOGY Office of HUMAN RESOURCES Inside our Office IST 440W April 11, 2011 HR Issues and Security.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Corporate Ethics Compliance *

Corporate Ethics Compliance *
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
Network security policy: best practices

Network security policy: best practices
Effective Performance Evaluations Presented By: Barrie Jaffe Lale Kumral.

Effective Performance Evaluations Presented By: Barrie Jaffe Lale Kumral.
September 18 th, 2014 Jason Banuski, PHR HR One President Senior HR Consultant 315.463.0004 peopletopayroll.com New York Statewide Payroll Conference Association.

September 18 th, 2014 Jason Banuski, PHR HR One President Senior HR Consultant peopletopayroll.com New York Statewide Payroll Conference Association.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
Cash, Bonuses, Insurance,

Cash, Bonuses, Insurance,
Managing Human Resources Describe compensation and benefits plans Recognize the goals of performance management By PresenterMedia.comPresenterMedia.com.

Managing Human Resources Describe compensation and benefits plans Recognize the goals of performance management By PresenterMedia.comPresenterMedia.com.
Torrington, Hall & Taylor, Human Resource Management 6e, © Pearson Education Limited 2005 Slide 22.1 Protection from Hazards Conflict between needs for.

Torrington, Hall & Taylor, Human Resource Management 6e, © Pearson Education Limited 2005 Slide 22.1 Protection from Hazards Conflict between needs for.
Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.

Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.
Sten Gellerstedt, LO, Sweden ETUC seminar in RIGA 11 -12 October 2005 Sten Gellerstedt Research officer The Swedish Trade Union Confederation LO.

Sten Gellerstedt, LO, Sweden ETUC seminar in RIGA October 2005 Sten Gellerstedt Research officer The Swedish Trade Union Confederation LO.
DPG HEALTH MEETING USAID CONFERENCE ROOM 6 NOVEMBER 2013 International Health Regulation (2005)

DPG HEALTH MEETING USAID CONFERENCE ROOM 6 NOVEMBER 2013 International Health Regulation (2005)
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
MODULE 3 Composition & Roles. TAT TEAM APPROACH UPON COMPLETION OF THIS MODULE, PARTICIPANTS SHOULD UNDERSTAND: 3 – 2  Composition of the Threat Assessment.

MODULE 3 Composition & Roles. TAT TEAM APPROACH UPON COMPLETION OF THIS MODULE, PARTICIPANTS SHOULD UNDERSTAND: 3 – 2  Composition of the Threat Assessment.

Similar presentations

Ads by Google