Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Contributor I

Research volunteers requested for study about best practices for starting an insider threat program


About the Research

This research is about helping organizations in the private sector to start their insider threat programs with a smaller set of effective best practices.


After over four years of information gathering and reading dozens of papers, I identified the fact that, despite a large amount of best practice lists for insider threat programs, there was little to no advice on where to start in setting up a new program. So from the best practice lists that I knew, I selected five specific, concise lists, and then selected the practices which appeared most often, weighted them, and came up with a list of 11 propositions. The 11 propositions are what we will review in our discussion.


My Colorado Technical University email address is


About me:

I am an information security professional with over 25 years in information technology and 17 years in information security.  I took my first computer classes in 1989-1990. I worked at IBM for 7.5 years and took a bachelor’s degree in Computer Information Systems while working full-time. I entered information security in 1998 working in Identity and Access Management at IBM. I passed the CISSP exam in November of 2007.


After I finished the bachelor’s degree, I went on to get a Master’s in Information Assurance at Norwich University and finished in 2009. When I finished the Master’s, the then-Director of the MSIA program at Norwich, my mentor and friend Dr. Mich Kabay, offered me some advice. He said that he felt that I have the intelligence, the grit, and the ingenuity to move on to the next level in my education. He sincerely believed that my work could improve the state of security.


During Master’s studies in the Human Side of Information Assurance, I ran across the case of Robert Philip Hanssen, one of the more destructive and terrifying cases of insider threat in the United States. When I decided to take the Doctorate degree, I had two topics in mind, and ended up studying the insider threat.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

About the individual interview:


The interview is conducted over Skype with the audio portion recorded. First, respondents need to send an email address to my CTU email above so they can electronically sign the Informed Consent document required by law.


All research in the United States of America is governed by laws. The law that covers research with human subjects is the National Research Act of 1974. The National Research Act of 1974 established the National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research.


The Commission’s work developed the Institutional Review Board system and the codification of rules pertaining to their structure and function and to some general requirements of ethical considerations. The results of the commission’s work was a report that guides and restricts research within ethical guidelines. The commission’s report, named after the center where they met, came to be known as “The Belmont Report.”


The Belmont Report

The report outlines three basic ethical principles that underlie the US regulations and other systems of ethics in research. These principles are: Respect for Persons, Beneficence and Justice.  They are outlined below.


  • Respect for Persons: concerns protecting a person’s autonomy and treating people with respect.  It provides the basis for the requirement of obtaining informed consent from research participants.


  • Beneficence: requires maximizing benefits for the research project while minimizing risks to the research subjects.


  • Justice: ensures reasonable, non-exploitative and well-considered procedures are administered fairly (the fair distribution of costs and ) (University of Connecticut, n.d.).


Colorado Technical University and federal law mandates that students (that’s me) have to take classes and then pass an examination to certify that students understand and will follow the principles outlined in the Belmont Report and the laws of the United States. I conduct this research under the guidelines of the Belmont Report. I attest that I hold a current CITI training certificate that allows me to conduct this research.



University of Connecticut (n.d.). The Belmont Report and Federal Regulations. Retrieved from

3 Replies
Contributor I

Also, since someone recently said that they did not believe that I am who I say I am, please check out the December 2017 InfoSec Professional mag. on page 12. I am listed as a 2017 Women's Scholarship recipient. My picture is there . . it's really me!
Viewer III

Great topic! Very curious about the outcome. Succes!
Defender I

On good authority we can congratulate Jan @jbuitron who is now officially Dr. Shuyler Buitron. She successfully completed the research late Spring. I believe she is currently deciding how best to share the research results.



D. Cragin Shelton, DSc
My Blog
My LinkeDin Profile
My Community Posts