M01_L01M01_L01Insider ThreatM01_L01linksReadOnlyTextpageLocationPage x of yhelpBtnHelp. Select this button to open the help panel.HelpButtonClickedexitBtnExit. Select this button to exit the course.ExitButtonClickedmainMenuBtnMain Menu. Select this button to access the main menu.MainMenuButtonClickedglossaryBtnGlossary. Select this button open the glossary.GlossaryButtonClickedresourcesBtnResources. Select this button to access the resources for the course.ResourcesButtonClickedhideCCBtnHide Captions. Select this button to hide the caption text.HideCCButtonClickedshowCCBtnShow Captions. Select this button to show the caption text.ShowCCButtonClickedturnAudioDescriptionsOffBtnTurn Audio Descriptions Off. Select this button to turn off audio descriptions.AudioDescriptionsOffButtonClickedturnAudioDescriptionsOnBtnTurn Audio Descriptions On. Select this button to turn on audio descriptions.AudioDescriptionsOnButtonClickedskipReverseBtnSkip Backward. Select this button to skip a few frames back.SkipReverseButtonClickedskipForwardBtnSkip Forward. Select this button to skip a few frames ahead.SkipForwardButtonClickedreplayBtnReplay. Select this button to replay the current screen.ReplayButtonClickedtranscriptBtnTranscript. Select this button for a transcript of the current page.ShowTextButtonClickedpauseBtnPause. Select this button to pause the course.PauseButtonClickedresumeBtnResume. Select this button to resume the course.ResumeButtonClickedpreviousPgBtnBack. Select this button to go to the previous screen.PreviousButtonClickednextPgBtnNext. Select this button to go to the next screen.NextButtonClickeddisaldr01_011their justifications. But how do you deter and detect people like this in your organization? How do you prevent one of yoursubordinates and your organization from becoming the next scandal to dominate the 24-hour news cycle? How doyou protect your mission?Identifying the Threatdisaldr01_022unexplained wealth, the unreported foreign travel, the requests for information that they do not have a need toknow. Since we know what to look for, why are insider threats so difficult to identify before they cause such irreparableUnited States Government resource, such as personnel, facilities, information, equipment, networks, orsystems, who wittingly or unwittingly causes harm to national security. Insider threat actions can result in graveunwitting insider can cause as much harm as a malicious insider, revealing sensitive information without evenrealizing it. Because the insider threat can be anyone in your organization, they can easily evade notice. The fact thatdifficult to identify these insiders, they can operate over an extended period of time, slowly stealing information andincrementally undermining the mission. Finally, due to either lack of training or reluctance to turn in their co-workers,employees tend not to report when insiders do display potential insider threat indicators.Protecting Against the Insider Threatdisaldr01_033So, how do you, as a senior leader, protect your organization and mission from the insider threat? Especiallywhen it is so difficult to identify? Countering the insider threat consists of three activities: deterring people from becominginsider threats, detecting when insiders might be at malicious work, and mitigating, or controlling, the harm they cando. The success of these activities relies on the fundamentals of good security. As a senior leader, you shouldmonitor organizational security practices. An important example would be your involvement with procedures forsafeguarding classified information and applying appropriate markings to help protect organizational files andremovable media. In addition to being alert to and reporting any suspicious activity, behavior, or potential security incident thatyou see, you must foster a culture where your employees do the same. Be sure personnel in your organization know thepotential indicators and required reporting procedures. Finally, always be diligent in ensuring that you andpersonnel in your organization are sharing information only with those individuals who are cleared at the appropriate leveland have a need-to-know. Balancing strict enforcement of need-to-know with the need for information sharing to achievemission objectives can be challenging. Minimizing the reach of an insider is essential to mitigating the damage theycan cause. Security personnel within your organization can assist you in protecting your mission and conducting thismitigate the damage insider threats cause by curtailing their reach andresponding proactively to potential insider threat indicators.Insider Threat Programdisaldr01_044As a senior leader, you play a vital role in establishing how your organization will go about gathering, integrating,analyzing, and responding to potential insider threat information. Beyond employing general security practices, youshould ensure that your agency creates a formal insider threat program. The goal of such a program is to deter, detect, andmitigate the insider threat. In October 2011, the White House issued Executive Order 13587, requiring agencies to establishtheir own insider threat programs. Subsequently, Presidential Memorandum Minimum Standards forExecutive Branch Insider Threat Programs outlined the minimum elements needed for agencies to implement effectiveprograms. Although current insider threat policy is specific to classified information, the principles can help you protectSenior Leader Role in an Insider Threat Programdisaldr01_055Other responsibilities,
Other senior leader responsibilities for an insider threat program:
Bullet Provide resource recommendations
Bullet Submit the implementation plan and annual report
Bullet Ensure proper handling and use of records
Bullet Consult with legal authorities
Sub Bullet Office of the General Counsel
Sub Bullet Civil liberty officials
Sub Bullet Privacy officials
Bullet Establish guidelines for record retention
Bullet Facilitate oversight reviews to ensure policy compliance
[Conclusion]disaldr01_066