Prof' Angela Sasse - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

Prof' Angela Sasse

Description:

Unauthorised disclosure of information. Direct sabotage (electronic or physical) ... Unauthorised behaviours. Suspicious behaviours ... Unauthorised behaviours ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 35
Provided by: Dunca45
Category:

less

Transcript and Presenter's Notes

Title: Prof' Angela Sasse


1
Prof. Angela Sasse
University College London
2
(No Transcript)
3
Understanding Identifying the Insider Threat
CPNI - Personnel Security Behavioural
Assessment Slides not to be reproduced without
prior permission
4
Content
  • Introduction to CPNI Personnel Security
    framework
  • Insider behaviour activities
  • Research
  • Factors increasing likelihood
  • Triggers
  • Behaviours of concern

5
CPNI
Introduction - CPNI
  • Holistic protective security advice to the
    national infrastructure to reduce vulnerability
    to terrorism and other threats

PHYSICAL SECURITY
ELECTRONIC SECURITY
PERSONNEL SECURITY BEHAVIOURAL ASSESSMENT
  • Reducing vulnerability to Insider threat

6
The Critical National Infrastructure
Telecommunications Energy Finance Government
Public Services Water Health Emergency
Services Transport Food
7
Holistic view of Protective Security
8
Elements of a good personnel security regime
9
Definition of an Insider
  • An Insider is someone who exploits, or has the
    intention to exploit, their legitimate access to
    assets for unauthorised purposes

10
Insider activities ..
11
Consequences of Insider activity
  • Damage to
  • Reputation
  • Relationships
  • Buildings assets
  • Disruption to
  • Processes procedures
  • IT systems

12
Types of Insider Behaviour
Insider
13
Who might be undertaking Insider activity?
  • Terrorists or their associates
  • Foreign Intelligence services
  • Disaffected employees
  • Single-issue groups
  • Commercial competitors
  • Journalists

14
Motivations of Insiders?
  • Financial gain
  • Revenge
  • Status/recognition
  • Friendship/loyalty
  • Ideological
  • Fear/coercion

15
Likelihood, Triggers, Opportunity Behaviours of
concern Current thinking
16
Current thinking
  • Review of US Insider research
  • Literature review of Disaffection
  • CPNI Insider study
  • case study approach range of past cases
  • identify common trends
  • develop guidance on reducing vulnerability
  • concludes 2009

17
Likelihood of Insider Activity
Specific triggers
18
Individual Vulnerabilities
  • Life events history of
  • Poor or chequered employment
  • Excessive or addictive use of alcohol, drugs or
    gambling
  • Petty crime
  • Financial weaknesses
  • Personal circumstances
  • Familial ties to countries of concern (competing
    identities)
  • Sympathy to specific causes/adversarial mindset
  • Difficult family circumstances
  • Change in financial situation
  • Personality predispositions
  • Low self esteem - desire for recognition/status
  • Thrill seeker - desire for excitement
  • Overinflated sense of worth/abilities desire
    for revenge when not recognised
  • Brittle - oversensitive, unable to accept
    criticism desire for revenge for perceived
    injustices

19
Organisational vulnerabilities
Certain situations have potential to increase
vulnerability
Poor organisational culture management
practices
20
Possible triggers?
  • Major life events
  • Bereavement
  • Divorce / marital problems
  • Change in financial circumstances
  • Work stressors
  • Organisational change
  • Demotion / lack of promotion
  • Perceived injustices
  • World events / crisis of conscience
  • Direct approaches

21
Opportunity
Likelihood in terms of Opportunity
Inadequate Personnel Security measures
Poor security culture
22
Opportunity
Insider activity can be facilitated by
23
Current thinkingPossible Indicators of Insider
threat
24
Possible Indicators of Insider Threat
  • Not one single factor
  • Clusters specific combinations
  • Alternative explanations
  • Changes from normal behaviour
  • Assessed in context of employees role
  • opportunity and capability to cause harm
  • Legality discrimination

25
Possible Indicators of Insider Threat
Behaviours of concern
Changes in lifestyle work behaviours
Individual vulnerabilities
Suspicious behaviours
Unauthorised behaviours
Greater the number of indicators present, greater
the risk
Some indicator groups are of more concern
Combinations and clusters
26
Examples of possible Indicators
  • Relatives / close friends in countries known to
    target UK citizens to obtain sensitive
    information and/or is associated with a risk of
    terrorism
  • Sympathy to specific causes/adversarial mindset
    (particularly if in conflict with nature of
    work/position)
  • Financial difficulties
  • Addictions
  • Specific personality traits

Individual vulnerabilities
27
Examples of possible Indicators
  • Obvious changes in financial status with no
    rational explanation
  • Sudden or marked changes in religious, political
    or social affiliation or practice which has an
    adverse impact on performance or attitude to
    security
  • Poor timekeeping / excessive absenteeism
  • Decreased quantity quality of work
  • Deteriorating relationships with colleagues/line
    managers (inc complaints)

Changes in lifestyle work behaviours
28
Examples of possible Indicators
  • Unusually high interest in security measures or
    history of unusually high security violations
  • Visiting classified areas of work after normal
    hours, for no logical reason
  • Unusual questioning of co-workers about
    information/areas which do not have access to
  • Abusing access to databases

Suspicious behaviours
29
Examples of possible Indicators
30
Detection
  • Utilisation of existing personnel security
    measures
  • Protective monitoring
  • automated alerts and audits to detect
    unauthorised entry/abnormal usage of IT systems
    or work areas
  • Aim -gt development of practical and reliable
    tools to support decision making about Insiders
  • Case studies have shown there was
  • evidence of behaviours of concern about Insiders
  • BUT
  • not collected together in one place so that an
    individual could make an informed judgement
  • lacked a framework to understand potential
    warning signs

31
Detection
  • We aim to develop checklists that could be
  • applied to an application form at recruitment
    stage to check past history and capture potential
    individual vulnerabilities
  • used to support appraisal and/or security
    interviews, whether by security professionals or
    line managers
  • used to structure confidential employee reporting
    schemes

32
Prevention Deterrence is key
33
Summary Key messages
  • Inter-relationships between factors in creating
    Insider events
  • Individual v Organisational v Triggers
  • Reducing cause opportunity is key (prevention)
  • Detection more complicated
  • Insider research is on-going
  • findings 2009
  • development of tools checklists to help
    identify those who may merit further attention

34
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Prof' Angela Sasse" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!