Event/Conference Management Software - Using Insider Threat … · 2019-09-10 · Using Insider...
Transcript of Event/Conference Management Software - Using Insider Threat … · 2019-09-10 · Using Insider...
Using Insider Threat Profiles To Create
More Effective Early Warning Systems
“When someone shows you who they are, believe them the first time”.- Maya Angelou
“You don’t need a weatherman to know which way the wind blows”.- Bob Dylan
The job is not getting easier
Snowden
Nicholson
Manning
Ames
HanssenMontes
Mallory
Lonetree
Pollard
Walker
Madoff
Martin
Regan
Hasan
McVeigh
Alexis
Khazee
Justice
Claiborne
Underwood
Beliveau
Mo
LiewAwwad Robert
Just to name a few…
Cho
Ivins Ramos
El-Batouty
Lubitz
Security Failure
Action
PredispositionCritical Event
GrievanceIdeation
Planning & Preparation
The Insider Threat Kill Chain
The Power of Human Assessment
Self - DestructionSelf - Healing
Predisposition
Personality
Precipitating events = emotional change
Focused, Tailored, and Profile-Based Early Warning System
Focused
Tailored
Profile-based
The Framework13 Steps to a Better Early Warning System
Using a Whole Person, Whole Threat Approach
EnvironmentWithin Your Control
PersonalitySomewhat Outside Your Control
Precipitating EventsOutside Your Control
Tripwires
Early Warning…”and the wisdom to know the difference”
Determine your early warning program goals
Advertise your program
:
Create an empowered stakeholder team
Identify your critical materials, products,data and processes:
Identify everyone who has access to your critical items:Identify everyone who has accessto your critical items
Determine the early warning capability of your partners
Determine your leading vulnerabilities
Determine theInsider Profiles Most Relevant to Your Situation
Understand your insider profiles
Identify your ‘sensors’
Increase the awareness, appreciation and use of profiles and tripwires
Determine how you will respond:
Seek continuous program improvement
InsiderAttackProfiles
SabotageIP/Data Theft
FraudUnintentional
Workplace Violence
Sabotage
Angry, vengeful, vindictive, disengaged, destructive.
Confrontation with management Poor performance reviewFailed promotion effortWorkplace embarrassment Demotion or termination
Testing of security proceduresMisconfiguring products to cause failure
“Accidentally” breaking a critical machineDefacing company website pages
Contaminating a clean roomAltering enterprise software
Comparative Analysis – Applying the WPV Offender Model to Intentional Adulteration
Class Description Potential Motivations
1Criminal Intent, Outsider
Behavioral Health Patient Social Media Fame Seeker Copycat Extortion Economic motivation
2Customer/Client/Truck Driver
My load isn’t ready, you are costing me money
3Current/Former Employee or Contractor
I am upset with a coworker and adulterate to create problems for that person *I am upset with the company and adulterate as retribution and to harm the brand *Youthful stupidityI am not paid enough *
4 Domestic I am upset with a coworker and adulterate to create problems for that person
5 Ideological Radicalized Insider
* - Supported by actual incident in this briefing
The Food Industry as a Case Example
Recent Intentional Adulteration Incidents Which May Have Been Prevented with Trip Wires
IP/Data Theft
Entitled, narcissistic, anti-social, controlling.
Negative financial event Failed promotion effort
Poor performance reviewUnmet career aspirations
Resignation Termination
“Borrowing” office items for home useBringing in unauthorized equipmentAttempting privilege escalationConducing questionable downloadsViolating cyber security policyWorking out of profile hoursUnusual data transfers Stealing inventory
IP/Data Theft Case Study
Living beyond one's meansFacing debt collectionViolating enterprise policyUsing an enterprise server inappropriately Influencing use of a personally known supplierReporting minor fraudulent expensesUsing controlled, non-public information for insider tradingMaintaining unusually close association with a vendorDemonstrating excessive control over financial dutiesExhibiting shrewd or unscrupulous behavior
Insider Fraud Significant additional expenses Negative personal financial event
Unmet career aspirations
Egotistic, entitled, privileged, self-important
Insider Fraud Case Study
Flighty, unfocused, disorganized, scatter-brained, stressed, strained
Unintentional Insider Threat
New personal or professional
distraction
Personal cell phone/computer overuseUnwittingly providing sensitive infoInappropriately discussing sensitive mattersLeaving out sensitive documents or devicesPosting confidential details to social mediaConsistent failure to meet deadlines
Unintentional InsiderCase Study
Aggressive, detached, confrontational, controlling, unremorseful, and strained
Workplace violenceNegative family or relationship event
Emotional outburstsRefusing to work with othersFailure to communicateFailure to work in groupsDifficulty taking criticism Violating boundariesThreatening violencePhysical altercationsReflections of extremist beliefs
Workplace Violence Case StudyPhoto Courtesy of Long Beach Police Department
Val LeTellierASIS Defense & Intelligence [email protected]
David NiccoliniTorchStone Global
Frank PisciottaBusiness Protection Specialists
[email protected] Food Defense &
Agriculture Security Council
James SummersASIS Food Defense & Agriculture Security [email protected]
Jeff SiebenASIS IT [email protected]