how to get started
play

How To Get Started IMPACT 2015 Phil Robinson 2 Video removed due - PowerPoint PPT Presentation

Jan 24, 2023 •242 likes •799 views

Insider Threat Programs: How To Get Started IMPACT 2015 Phil Robinson 2 Video removed due to size constraints 3 Theme Insider Threat is NOT ONLY about protecting data on your network Risk: Tolerance/Avoidance/Acceptance

  1. Insider Threat Programs: How To Get Started IMPACT 2015 Phil Robinson

  2. 2 Video removed due to size constraints

  3. 3 Theme — Insider Threat is NOT ONLY about protecting data on your network… — Risk: Tolerance/Avoidance/Acceptance — Company culture and willingness to adjust — Understand your business environment — Needs vs. wants vs. dollars — Advancement of your program – total assets protection

  4. 4 NISPOM CC#2 what we know today (27 April 2015) — When issued NISPOM Conforming Change 2 will require cleared industry to implement insider threat program — Industry has six-months to implement upon issuance of the NISPOM Conforming Change 2 — The NISPOM will outline minimum standards that include; — Establish and maintain an insider threat program — Designate insider threat senior official — Gather, integrate, and report — Conduct self-assessments of insider threat program — Insider threat training — Monitoring network activity — User acknowledgements — Classified Banners Source: DSS

  5. 5 Before you go Down that Road — Ask yourself a host of questions: — Why have an Insider Threat Program? — What does Insider Threat mean to your company? — What’s the stated goal? — What are the objectives? — Are you prepared to drive the message? — Do you have needed resources? — Do you have an SME on your team? — Do you have a network to bounce ideas off?

  6. 6 Before you go Down that Road — Do you have support? — Senior Leadership — Potential Stakeholders — Business — What’s your company’s tolerance / culture? — Size — Scope — Acceptance — “Insider Threat” the right phraseology

  7. 7 Before you go Down that Road — Assess your data – determine what needs to be protected under this umbrella — Perform a risk analysis of your data — Understand what you are protecting Bottom line: what do you really need? Compliancy only OR Value add

  8. 8 General Overview What is Insider Threat? — Definition CERT: A malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems. [focus: data loss prevention] Source: CERT

  9. 9 General Overview What is Insider Threat? — Definition DoD: Acts of commission or omission by an insider who intentionally or unintentionally compromises or potentially compromises DoD’s ability to accomplish its mission. These acts include, but are not limited to, espionage, unauthorized disclosure of information, and any other activity resulting in the loss or degradation of departmental resources or capabilities. [focus: protection of national security information] Source: DSS

  10. 10 General Overview What is Insider Threat? Industry - For Consideration: An Insider Threat is a current or former employee, contractor, or other business partner who exceeds or misuses, intentionally or unintentionally, access in a manner that violently or non- violently negatively impacts COMPANY’S assets; computer systems, networks, people, information, processes, reputation, facilities, equipment, operations, etc. This includes any person with authorized access to United States Government resources; personnel, facilities, information, equipment, networks, or systems while a representative of the company. [focus: protection of the company; extended to clients]

  11. 11 Existing Programs Robust Less Robust — Ad-hoc group called together — Formal Insider Threat Team with to handle events and assigned analysts and SMEs incidents or incident handled by response processes and — Defined insider threat response personnel plan — Use existing incident — Integrated information sharing and response plan or no response data collection including technical plan and behavioral indicators — User monitoring via host and — Focused across current and former network based analysis only employees, contractors, subcontractors, supply chain, and — Focused on current and other trusted business partners former employees Source: CERT

  12. 12 Existing Programs Less Robust Robust Your Company Economical GOLD plated — Ad-hoc group called together — Formal Insider Threat Team with assigned analysts and SMEs to handle events and incidents or incident handled — Defined insider threat response by response processes and plan personnel — Integrated information sharing — Use existing incident and data collection including response plan or no response technical and behavioral plan indicators — User monitoring via host and — Focused across current and network based analysis only former employees, contractors, subcontractors, supply chain, and other trusted business — Focused on current and partners former employees Source: CERT

  13. 
 
 
 
 
 
 
 
 
 13 A-typical Multifaceted Insider Threat Program Model 3 Source: ASIS D&C ITWG

  14. 14 Design Steps • High-level Example company-wide policies are approved and published • Determine technologies for • ITP is formally monitoring and launched and is analytics operational • Policies and • Formulate • Monitoring and procedures are incident Audit written to response procedures support the requirements initiated development • Audit and • Mitigation • Risk Security and operation of improvement procedures Risk all ITP elements requirements operational Management incorporated • Incorporate I (ESRM) counterintelligen • Completed ITP • Form IT Working processes M ce controls and Group (ITWG) plan is reviewed initiated to measures and approved as identify assets, P • Define critical • Security appropriate threats and positions and education plan L vulnerabilities • Select ITP model modify position • Develop modified to and components descriptions collaboration E • Integrate ESRM incorporate ITP based on plan for external and ITP metrics • Build consensus requirements relationships M criticality into an and advocacy analytical • Identify and among core • Corporate wide • Pilot ITP E review historical stakeholders structure ITP metrics/ N insider threat (Convergence) measures • Identify incidents developed requirements • In concert with T • Need & purpose General Council for core • Metrics elements: A for ITP and HR develop dashboard articulated corporate ITP Operations, designed T Analytics, policy • Obtain senior • Design Collaboration, I executive buy-in • Develop comprehensive and Education for program comprehensive education plan O charter plan and INITIATION timelines N FORMULATION EVALUATION Source: ASIS D&C ITWG

  15. 15 Program Road Map Example Source: INSA

  16. 16 A-typical Insider Threat Organizational Stakeholder Model HR Exec Security Sponsor Insider Threat Program Business Legal IT/SOC

  17. 17 The journey

  18. 18 Theme (principle tenants) — Insider Threat is NOT ONLY about protecting data on your network… — Risk: Tolerance/Avoidance/Acceptance — Company culture and willingness to adjust — Needs vs. wants vs. dollars

  19. 19 Know Your Company — Understand your company’s dynamics — Cultural acceptance of a program Naming convention sensitivities [Insider Threat] — Who/what org leads investigative activities today? — — Is security / risk a focus area supported by management? — What could be managements expectations? — Do you have the clout to “carry the message”? — How does a program benefit your company? — Identify, understand, and outline the need — Contractual & Regulatory Compliancy's NISPOM Conforming Change #2 (TBA – EOM July 15 >) — DFAR — FAR — DD254 — Contractual Source Documentation —

  20. 20 Know Your Company — Know if you have Proprietary Information — Where your government information is housed — Classified — Sensitive — Technology — Do elements of a program already exist? — Fraud — Counterintelligence (NISP) — Physical Security — Information Systems Security — Ethics hot line — Etc… — Leverage client driven requirements

  21. 21 The Art of the Deal its all in how you communicate — Frame the conversation to your benefit — Guide opinions and direct your team — Acceptance and tolerance of others’ opinions — Guard against your AAA Security Practitioner stubbornness (my way or hi-way attitude) — Learn how to compromise — Does the end state concur with your goal?

  22. 22 Make a Convincing Case — Build a Communication Plan — Design your message so that it carries on its merits — Level set message to particular audiences / individuals — Know what you communicate — Who you communicate with — Understand their tolerance for the discussion — Work the halls of the company — Start to message your intentions with stakeholder departments — Insert verbiage in your traditional security awareness materials

Recommend

Kum & Go Where & means more. Kum & Go Who we are Where We Started Where We Started

Kum & Go Where & means more. Kum & Go Who we are Where We Started Where We Started

Kum & Go Where & means more. Kum & Go Who we are Where We Started Where We Started Founded in 1959 by Bill Krause and his father in-law Tony Gentle The 3 rd and 4 th generations of the Krause Family lead Kum & Go

587 views • 24 slides
OUTLINE CONTEXT WHY WE STARTED WHERE WE STARTED WHAT HAVE WE DONE? WHAT WERE

OUTLINE CONTEXT WHY WE STARTED WHERE WE STARTED WHAT HAVE WE DONE? WHAT WERE

OUTLINE CONTEXT WHY WE STARTED WHERE WE STARTED WHAT HAVE WE DONE? WHAT WERE OUR KEY OUTPUTS? WHO HAVE WE ENGAGED WITH DURING THIS TIME? WHAT LESSONS ARE WE TAKING AWAY FROM THIS? WHATS NEXT? CONCLUDING REMARKS

561 views • 32 slides
? P12 2 Getting Started/Lab Programming Lab Programming Program of Requirements PRELIMINARY

? P12 2 Getting Started/Lab Programming Lab Programming Program of Requirements PRELIMINARY

2 Getting Started/Lab Programming MODULE 2 LAB PROGRAMMING October 2013 2 Getting Started/Lab Programming 1. Getting Started 2. Scoping the Project 3. Lab Programming What is programming? Information gathering Organizing and

526 views • 36 slides
Building Community Ross Derewianko Macbrained_YVR WHERE I GOT STARTED Started at Ping

Building Community Ross Derewianko Macbrained_YVR WHERE I GOT STARTED Started at Ping

Building Community Ross Derewianko Macbrained_YVR WHERE I GOT STARTED Started at Ping Identity in 2012 Got to learn this new tool we bought called Jamf pro CCA for V8 2014 Started - Vancouver JUG First JUG 20 Registered, topic

255 views • 21 slides
Drupal & USWDS: Its Time to Get Things Started Why dont we get things started?!

Drupal & USWDS: Its Time to Get Things Started Why dont we get things started?!

Drupal & USWDS: Its Time to Get Things Started Why dont we get things started?! Brian Seek Dustin Boeger TOC Introductions Getting Started Colors Fonts & Other Settings Custom Styling & Components

580 views • 42 slides
AG AGRICON MUS MUSHROOMS By Jan Conradie How w we e got ot St Started Started doing

AG AGRICON MUS MUSHROOMS By Jan Conradie How w we e got ot St Started Started doing

AG AGRICON MUS MUSHROOMS By Jan Conradie How w we e got ot St Started Started doing research in 2008 Graduated from Elsenburg Collage in 2008 with B.C. Agric Worked on a mushroom farm in Wester Cape in January 2010 Purchased

1.01k views • 15 slides
How it started, where we hope it is going Knowledgeable and informed persons started meeting in

How it started, where we hope it is going Knowledgeable and informed persons started meeting in

How it started, where we hope it is going Knowledgeable and informed persons started meeting in 2013 to discuss the watershed Nooksack Tribe Natural Resources Department successfully applied for a competitive grant from the Bureau of Indian

281 views • 13 slides
You want me to select for WHAT? Getting started in a new WHAT? Getting started in a new subject

You want me to select for WHAT? Getting started in a new WHAT? Getting started in a new subject

You want me to select for WHAT? Getting started in a new WHAT? Getting started in a new subject area Virginia Kay Ginger Williams An ALCTS Webinar An ALCTS Webinar Presented December 2, 2009 Law? At least I know something know

209 views • 20 slides
Getting Started With Amazon Web Services Rich Trouton Apple CoE @ Before we get started,

Getting Started With Amazon Web Services Rich Trouton Apple CoE @ Before we get started,

Getting Started With Amazon Web Services Rich Trouton Apple CoE @ Before we get started, theres two things Id like to mention. The first is that, all of the sides, speakers notes and the demos are available for download and Ill be

951 views • 93 slides
Since 2016 have 24 patients started KD or MAD, in 2019 started 11patients. 10 have ended

Since 2016 have 24 patients started KD or MAD, in 2019 started 11patients. 10 have ended

Since 2016 have 24 patients started KD or MAD, in 2019 started 11patients. 10 have ended the treatments 1 diseased (pneumonia) 13 patients still in treatment 11 Patient nt 3 Seizure free 4 30-50% better 3 To early

190 views • 5 slides
Constraint Handling Rules - Getting started Prof. Dr. Thom Fr uhwirth | 2009 | University of

Constraint Handling Rules - Getting started Prof. Dr. Thom Fr uhwirth | 2009 | University of

Constraint Handling Rules - Getting started Prof. Dr. Thom Fr uhwirth | 2009 | University of Ulm, Germany Page 2 Getting started Table of Contents Getting started How CHR works CHR programs and their execution Page 3 Getting started

478 views • 33 slides
M A R R I A T K T L I F E S T Y L E I N F L U E N C E R let's get started ABOUT US... About

M A R R I A T K T L I F E S T Y L E I N F L U E N C E R let's get started ABOUT US... About

M A R R I A T K T L I F E S T Y L E I N F L U E N C E R let's get started ABOUT US... About the profile Marria tkt is a professional instagram account that rocks ! It's all about lifestyle - travel style - fit & fashion and gives the

315 views • 8 slides
Getting Started with KuttyPy Jithin B.P February 22, 2019 Jithin B.P Getting Started with

Getting Started with KuttyPy Jithin B.P February 22, 2019 Jithin B.P Getting Started with

Getting Started with KuttyPy Jithin B.P February 22, 2019 Jithin B.P Getting Started with KuttyPy Download necessary files Network connect to wifi network homepc , password industry4.0 Download Zip open a web browser

287 views • 13 slides
iRODS Tutorial I. Getting Started iRODS Tutorial Preview I. iRODS Getting Started unix

iRODS Tutorial I. Getting Started iRODS Tutorial Preview I. iRODS Getting Started unix

iRODS Tutorial I. Getting Started iRODS Tutorial Preview I. iRODS Getting Started unix client usage II. iRODS Data (Grid) Administration installing server and iCAT setting up users adding new resources to a data grid/zone

718 views • 42 slides
On-site and Telemedicine Behavioral Health Services Company History Nitin Nanda, MD Started in

On-site and Telemedicine Behavioral Health Services Company History Nitin Nanda, MD Started in

On-site and Telemedicine Behavioral Health Services Company History Nitin Nanda, MD Started in Asana Integrated Medical Aligned Telehealth Started 2000 Group Started in 2002 in 2013 Founded as private Adopted hospitalist group

414 views • 7 slides
Getting Started With Perl Jonathan Worthington Scarborough Linux User Group Getting Started

Getting Started With Perl Jonathan Worthington Scarborough Linux User Group Getting Started

Getting Started With Perl Jonathan Worthington Scarborough Linux User Group Getting Started With Perl What is Perl? A programming language Created by Larry Wall Perl 1 released in 1987 Current version is Perl 5.8.x Perl 6

874 views • 62 slides
Who is Victoria? I started my career working in Organisational Psychology as a Culture and

Who is Victoria? I started my career working in Organisational Psychology as a Culture and

Who is Victoria? I started my career working in Organisational Psychology as a Culture and Engagement Consultant and quickly realised that whilst I loved what I did, I wasnt having the impact I desired. In 2015 I started Zella Wealth with

582 views • 24 slides
BIBLICAL SURVEY Good Gone Bad Lesson 3 Part 1 When it started it was really good! When it

BIBLICAL SURVEY Good Gone Bad Lesson 3 Part 1 When it started it was really good! When it

From here To here BIBLICAL SURVEY Good Gone Bad Lesson 3 Part 1 When it started it was really good! When it started it was really good! Eden = pleasure or delight When it started it was really good! Adam =

872 views • 42 slides
What you should know after day 2 An introduction to WS 2018/2019 Part I: Getting started

What you should know after day 2 An introduction to WS 2018/2019 Part I: Getting started

What you should know after day 2 An introduction to WS 2018/2019 Part I: Getting started What is R How R is organized Installation of R and Rstudio Organize your R session Getting Started with R Part II: Basics R as

304 views • 4 slides
1983- Datsons Engg. Works established. Area 3000 Sq Mtr 1984- Started Supply to TATA

1983- Datsons Engg. Works established. Area 3000 Sq Mtr 1984- Started Supply to TATA

1983- Datsons Engg. Works established. Area 3000 Sq Mtr 1984- Started Supply to TATA motors 1997 Started Supply to Toyota 2000 Become ISO 9001-2000 Certified Company 2004- Started exports to Mexico to GE Electrical.

1.31k views • 42 slides
Welcome Getting Started With Eclipse Setting Up Eclipse A First Project Getting Started With

Welcome Getting Started With Eclipse Setting Up Eclipse A First Project Getting Started With

Setting Up Eclipse A First Project Welcome Getting Started With Eclipse Setting Up Eclipse A First Project Getting Started With Eclipse CS2112 Fall 2015 August 26, 2015 Getting Started With Eclipse Setting Up Eclipse A First Project Step

448 views • 11 slides
- Furigas started in 1972 as manufacturer of atmospheric burners. - Premixed technology +

- Furigas started in 1972 as manufacturer of atmospheric burners. - Premixed technology +

Secondment at Bekaert Company - Furigas started in 1972 as manufacturer of atmospheric burners. - Premixed technology + condensing boilers started in the 1980s - Driven by low NOx and higher efficiency demands - NIT was bought from

377 views • 6 slides
Open Source Development and Sustainability A Look at the Bouncy Castle Project How It Started

Open Source Development and Sustainability A Look at the Bouncy Castle Project How It Started

Open Source Development and Sustainability A Look at the Bouncy Castle Project How It Started Early Days Started with a low level API as one of us was playing around with the J2ME, built a provider on top of it. Added functionality for

356 views • 23 slides
Yhc: Past, Present, Future Neil Mitchell The Past Started by Tom, fork of nhc He

Yhc: Past, Present, Future Neil Mitchell The Past Started by Tom, fork of nhc He

Yhc: Past, Present, Future Neil Mitchell The Past Started by Tom, fork of nhc He didnt tell anyone! Some students found out Me, Andrew, Mike, Bob Started helping seemed fun Never an official York project The

266 views • 5 slides

More recommend