1 / 16

Personnel Security Measures for Employee Risk Counter Terror Expo 2014 Conference 201

Personnel Security Measures for Employee Risk Counter Terror Expo 2014 Conference 201. OVERVIEW. Changing threat landscape Snowden Perfect storm - learning the lessons Monitoring: pitfalls and opportunities Start with people – holistic threat management

brinda
Télécharger la présentation

Personnel Security Measures for Employee Risk Counter Terror Expo 2014 Conference 201

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Personnel Security Measures for Employee RiskCounter Terror Expo 2014Conference 201

  2. OVERVIEW • Changing threat landscape • Snowden • Perfect storm - learning the lessons • Monitoring: pitfalls and opportunities • Start with people – holistic threat management • Taking action - some tools to help you

  3. SNOWDEN - CAREER

  4. SNOWDEN - DISCLOSURES

  5. MOTIVATION & RISK FACTORS Snowden - possible warning signs Lifestyle & circumstances Behaviours of concern Personality • Including: • Deception/ social engineering • Unauthorised access of sensitive material • Unusual hours • Conflict with supervisors • Including: • Low self esteem • Socially brittle • Arrogant • Manipulative • Narcissism • Including: • Health problems • Disrupted childhood • Frustrated ambition • Online persona • Adversarial mindset Motivation: ideological/ self-radicalised privacy advocate? Source: CPNI Insider Threat Study 2013

  6. LEARNING THE LESSONS The Perfect Storm: • No shared understanding of rules & procedures • Ignores security rules under pressure • Little appreciation of risks • Vetting • Audit & monitoring • Ineffective escalation • Privileged users & SYS Admin • No interest in staff behaviour • Does not query unusual requests

  7. MONITORING Insider threat detection not part of security culture Do you think that the threat from insiders is growing or diminishing? Is insider-threat detection an important part of your organisation’s culture? Please describe the extent to which you can predict insider threats before they conduct attacks. Almost half of the respondents felt that the threat from insiders was growing. 76% of managers said that they were only able to predict an insider attack with difficulty or not at all. A strong majority say that insider threat detection was not part of the culture. This suggests that there may be cultural challenges in changing both attitudes and behaviour on the topic. Early findings from ‘Cyber Insider’ Web-based survey N = 48 organisations

  8. PEOPLE HoMER – Holistic Threat Management Physical Security Employee Actions IT Security Tasking team Single point of accountability HR A basic protective monitoring capability using the holistic approach

  9. TAKING ACTION Some tools to help you…

  10. SECURE TOOL

  11. SECURE TOOL http://www.cpni.gov.uk/advice/Personnel-security1/Security-culture/

  12. AWARENESS RAISING Deterrent Communications

  13. SOCIAL ENGINEERING Communications & Cyber

  14. How to access these resources? • CPNI Website • www.cpni.gov.uk • CPNI YouTube Channel • NaCTSO Website • www.nactso.gov.uk • CPNI Sector Advisor • CTSA

  15. QUESTIONS? http://www.cpni.gov.uk/advice/Personnel-security1/

More Related