Human Resources Management Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009
Human Resources Management • Multiple levels of engagement • Leadership • Cyber security management team • Individual contributor • Network guests, teammates and customers • Risk Mitigation • Proactive/strategic activities • Crisis Management • Reactive/tactical activities
Risk Mitigation • Training and awareness • Regular schedule for employees/all levels of engagement (intake, periodic and termination) • General communications • Network management and security • Account management policy and procedure • Network access and administration • Layered defense • Disciplinary process
Crisis Management • Backup and recovery process • Investigations • Stakeholder identification and leadership responsibilities • Investigative process and follow-through • Disciplinary process • Communications
Key Questions to Manage Insider Threats Provided Updated: broader definition of user community, compliance, & measurement • Do we periodically awareness and training all employees in cyber security? • How strict are our password and account management policies and practices? • Are we logging, monitoring and, and auditing employee online actions? • What extra precautions are we taking with system administrators and privileged users? • Do we use layered defense against remote attacks? • Are we able to monitor and respond to suspicious or disruptive behavior? • Do we routinely deactivate computer access following employee termination? • What are our practices for collecting and saving data for use in investigations? • Have we implemented secure backup and recovery processes? • Have we clearly documented insider threat controls? • How do we attract, develop and retain critical cyber security technical and leadership talent, including those in functional areas requiring cyber security savvy? • Does our organizational structure support key functional integration to ensure threat mitigation and rapid crisis response? • How does our cyber security communications plan address and measure the effectiveness of threat awareness and training for all network stakeholders? • What is our monitoring and auditing operating procedure for online activity? • How up-to-date are our password and account management policies? • How do we ensure stakeholder compliance? • Do we use layered defense against remote attacks? • How does our SOP address elevated access possessed by system administrators and privileged users? • Have we assessed the need for protection of our social networking and share center sites? • How do we routinely audit network access throughout the network stakeholder lifecycle, especially at termination or out-processing? • Does our progressive discipline policy address our need for threat investigations involving any network stakeholder for suspicious or disruptive behavior? • How do we ensure integrity and continued operations of our employee database and related systems like recruiting, benefits, travel and payroll? • Do our performance management and compensation strategies provide adequate support for our cyber security mission?