About the Research
This research is about helping organizations in the private sector to start their insider threat programs with a smaller set of effective best practices.
After over four years of information gathering and reading dozens of papers, I identified the fact that, despite a large amount of best practice lists for insider threat programs, there was little to no advice on where to start in setting up a new program. So from the best practice lists that I knew, I selected five specific, concise lists, and then selected the practices which appeared most often, weighted them, and came up with a list of 11 propositions. The 11 propositions are what we will review in our discussion.
My Colorado Technical University email address is email@example.com
I am an information security professional with over 25 years in information technology and 17 years in information security. I took my first computer classes in 1989-1990. I worked at IBM for 7.5 years and took a bachelor’s degree in Computer Information Systems while working full-time. I entered information security in 1998 working in Identity and Access Management at IBM. I passed the CISSP exam in November of 2007.
After I finished the bachelor’s degree, I went on to get a Master’s in Information Assurance at Norwich University and finished in 2009. When I finished the Master’s, the then-Director of the MSIA program at Norwich, my mentor and friend Dr. Mich Kabay, offered me some advice. He said that he felt that I have the intelligence, the grit, and the ingenuity to move on to the next level in my education. He sincerely believed that my work could improve the state of security.
During Master’s studies in the Human Side of Information Assurance, I ran across the case of Robert Philip Hanssen, one of the more destructive and terrifying cases of insider threat in the United States. When I decided to take the Doctorate degree, I had two topics in mind, and ended up studying the insider threat.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
About the individual interview:
The interview is conducted over Skype with the audio portion recorded. First, respondents need to send an email address to my CTU email above so they can electronically sign the Informed Consent document required by law.
All research in the United States of America is governed by laws. The law that covers research with human subjects is the National Research Act of 1974. The National Research Act of 1974 established the National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research.
The Commission’s work developed the Institutional Review Board system and the codification of rules pertaining to their structure and function and to some general requirements of ethical considerations. The results of the commission’s work was a report that guides and restricts research within ethical guidelines. The commission’s report, named after the center where they met, came to be known as “The Belmont Report.”
The Belmont Report
The report outlines three basic ethical principles that underlie the US regulations and other systems of ethics in research. These principles are: Respect for Persons, Beneficence and Justice. They are outlined below.
Colorado Technical University and federal law mandates that students (that’s me) have to take classes and then pass an examination to certify that students understand and will follow the principles outlined in the Belmont Report and the laws of the United States. I conduct this research under the guidelines of the Belmont Report. I attest that I hold a current CITI training certificate that allows me to conduct this research.
University of Connecticut (n.d.). The Belmont Report and Federal Regulations. Retrieved from
On good authority we can congratulate Jan @jbuitron who is now officially Dr. Shuyler Buitron. She successfully completed the research late Spring. I believe she is currently deciding how best to share the research results.