1 / 16

Joint Security Awareness Council Dallas April 15, 2009

Joint Security Awareness Council Dallas April 15, 2009. New Developments in Personnel Security Lynn F. Fischer Defense Personnel Security Research Center. PERSEREC Monterey California. Defense Personnel Security Research Center DoD research center

kosey
Download Presentation

Joint Security Awareness Council Dallas April 15, 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Joint Security Awareness CouncilDallasApril 15, 2009 New Developments in Personnel Security Lynn F. Fischer Defense Personnel Security Research Center

  2. PERSERECMonterey California • Defense Personnel Security Research Center • DoD research center • To improve the effectiveness, efficiency, and fairness of the personnel security system http://www.dhra.mil/perserec

  3. Joint Suitability and Security Reform • Automating and streamlining the process for making suitability and clearance determinations • Lead agencies: DNI, USD(I), OPM • Impact on contractor community

  4. Key features of the reform: • eApplication • eAdjudication for clean cases • Automated Record Checks • Expanded Focus Investigation • Enhanced Subject Interview • Replacement of Periodic Reinvestigation with Continuous Evaluation

  5. Joint Reform Timelines • Phased implementation • eAdjudication of clean cases underway • eApplication, new generation of e-QIP • Automated Records Checks mid-2009 • Many reforms in place by end of 2010

  6. Insider Threat Studies A Continuing focus by PERSEREC • Espionage trends and patterns • Changes in Espionage by Americans 1947-2007 • Allegiance in a Time of Globalization • Workplace Violence • Guidelines for Employers and Law Enforcement • The Threat to Critical Information Systems • Ten Tales of Betrayal

  7. Observations from IT Insider Case Studies: Increased risk where… • personal stress and adverse social climate are present in the workplace • management does not respond to disgruntlement in a timely fashion • system administrators are permitted exclusive control without oversight • Remote access privileges are not carefully controlled

  8. Insider Risk Audit and Evaluation Tool • Sneak Preview of a new product • Adverse Insider Behavior • Common causes of adverse behavior • Common safeguards to mitigate risk • Management intervention and proactive policies to address risk • To be posted on the PERSEREC website

  9. Functional Areas of Action to Mitigate Insider Risk • Recruitment • Pre-employment Screening • Policies and Regulations • Training and Education • Monitoring and Enforcement • Employee Intervention Planning

  10. Insider Risk Multipliers • Cultural Factors • Political Factors • Economic Factors • Sector-Specific Forces • Organizational-Specific Forces

  11. Pre-employment Screening • Verification of information on employment applications • Criminal background checks; online behavior • Credit reports and civil records • Testing for substance abuse • Psychological testing/honesty testing

  12. Training and Education • Initial indoctrination: policies and practices of the organization • Clear information about what needs protection of employee obligation • Non-disclosure agreements • Adversary awareness training • Reporting requirements

  13. Monitoring and Enforcement • Track and record at-risk behaviors • Timely response to employee disgruntlement • Consistent enforcement of policies • Keeping reporting channels open and receptive

  14. Employee Intervention Planning • Policies and practices for dealing with at-risk employees • Evaluation teams for employees facing negative personnel actions • Termination procedures to minimize the risk of recrimination and adverse behavior • Intensified monitoring of at-risk employees

  15. Uses of this Tool • Evaluation and Audit • Development of Strategic Risk Mitigation Plan • Vulnerability Assessment • Training and Awareness

  16. Questions and comments?

More Related