cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I

National Insider Threat Awareness Month 2020

Sorta feels like this thread belongs in the Threats forum:

National Insider Threat Awareness Month

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
5 Replies
tmekelburg1
Community Champion

I received this learning opportunity in my inbox yesterday from CISA and I wanted to share. I'm not sure if it would count for CPE, but if it does feel free to re-catagorize the post.

 

DoD C-InT SBS Summit


Resilience & Recovery


The Threat Lab and the Department of Defense (DoD) C-InT Program are proud to welcome you to the first annual DoD C-InT SBS Summit. We have created a 30-day virtual education, awareness, and training event as our contribution to National Insider Threat Awareness Month.

 

Every week in September, we will post new content related to our theme of Resilience & Recovery. Content will include webcasts, articles, books, training aids, and other open source resources created and curated by leading subject matter experts in research and practice.

 

You can sign up with the link below

 

https://www.cdse.edu/itawareness/index.html

 

 

tmekelburg1
Community Champion

Bravo to Dr. Danielle King on her presentation of "Why Does Resiliency Matter?" Lots of great material with a key takeaway for Leaders of organizations to help combat insider threats.

 

If employees identify with their group, aka place of work, they are then invested in the survival of that group and are less likely to do something that would hurt that group because it would also hurt them as well.

 

 

CraginS
Defender I

National Insider Threat Awareness Month, 2020

 

From the U.S. Office of the Director of National Intelligence (ODNI) we have September as National Insider Threat Awareness Month. co-sponsored by the National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task Force(NITTF) ], partnering with the  Department of Defense (DoD), the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI). Here is my small contribution to the awareness effort.

The challenge of dealing with insider threat begins with understanding that not all threatening insiders are intentionally acting maliciously.

  • Fully trustworthy individuals in the enterprise make mistakes, and sometimes those mistakes have serious consequences for safety or security. The actions may be the result of simple ignorance, laziness, or even rampant stupidity.
  • Similarly, trusted insiders sometimes intentionally violate standard policies or procedures, for what they consider valid reasons with good intentions, not realizing the potential damage to safety or security their actions present. (I discussed this situation in my INFOSEC World 2016 talk, Maybe It’s the Boss’s Fault.)
  • A third category of trusted “threatening insider” is the person who has been fooled by an outsider into taking an action, thinking it in full compliance with all policies and rules, but has in fact, jeopardized the safety or security of the enterprise, just as the malicious outsider had planned. For example, there are many finance clerks who have paid phony invoices for toner cartridges never delivered, and thousands of workers who have fallen for the fraud of phishing, spear phishing, and whaling e-mails.
  • Finally, there are the trusted insiders who intentionally take malicious action. This last category may be the most dangerous, and the most difficult to deal with, because they will work to hide their actions. This group includes the prankster, the greedy, the planted outsider (spy), as well as the formerly gruntled worker who has, for some reason, become dis.


Besides staying aware of  the four categories of threatening insiders, we must keep in mind the broad range of activities that may be involved. While the cybersecurity community may focus on information security and privacy, the full range of activities includes theft of money and goods, industrial and nation-state espionage, and even sabotage.

The last action, sabotage, leads us to a fascinating, and surprisingly useful even today, reference from the days of World War II, the Office of Strategic Services (OSS) Simple Sabotage Field Manual. In 2008 the Central Intelligence Agency, successor to the OSS, released a redacted declassified version of the manual to the public. This is the real deal, and worth a read for tips on activities to watch for in your organization. Of special interest to the information assurance or cybersecurity type,  dive into section 5(11), General Interference with Organizations and Production, beginning on page 28. Denizens of every modern bureaucracy will recognize quite a few suggested activities easily attributable to nominally trustworthy members of the enterprise. I guaranty you will be able to spot your coworkers in that section!

Note that since the release in 2008, Bruce Schneier pointed to the manual for discussion in his blog in both 2010 and 2016.

Finally, if you are curious about more from the OSS, the US Special Operations Command (SOC) has made available a library of seven OSS manuals.

 

(c) 2020 D. Cragin Shelton

[This essay is also available on my Randomness Blog and on LinkedIn.] 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
PuettK
Newcomer III

I would agree but you PhD's like to beat a dead horse -- keep it simple

CraginS
Defender I


@PuettK wrote:

I would agree but you PhD's like to beat a dead horse -- keep it simple


Ah, Kenneth, I think you may be confusing grandiloquence with idiomatic equine flogging.

I freely admit to the former, but not to the latter (with the exception of cert renewal harping).

 

\(*^*)/

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts