We spoke with former Counter-Spy and Author John W. David
about his experiences with cold war espionage and applying it to counter the insider threat. John has written two books, Rainy Street Stories and Around the Corner. Both are essays of his experiences with the
cold war, terrorism, and espionage.
John offers several anecdotes and shares past experience
of how he has recognized spies and those who would recruit insiders. He weaves
relevant stories in the podcasts that are still applicable to a successful
insider threat program. Listen to the podcast to hear two of many major points
on running Insider Threat Programs.
Here are two points to get started:
1. Develop a culture of security by walking around.
Security managers should get away from their desks and
meet the employees that can work as risk management and security force
multipliers. The employees should be comfortable with the office staff and
understand what expectations are. One of the primary results of a good insider
threat program is ability to report credible information. Employees will feel
most comfortable report information to someone they trust and who has their
best interest in mind.
2. Provide insider threat training.
A trained employee base is a force multiplier. When
employees are trained to recognize suspicious behavior and what to do about the
observation, the entire team wins. John provides glaring examples of insider
threat indicators that were ignored, leading to years of successful espionage.
Training on the insider threat and teaching employees how to apply that
training are key to success.
In summary, John points out that the security manager
should be approachable to allow for reporting of any kind. Where an employee
feels comfortable with reporting suspicious activities, the odds of actually
reporting increase. The other factor is understanding what to report. A well
informed and cooperative workforce can lead to an effective insider threat
program.
Listen Here:
For more information, visit www.redbikepublishing.com
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".
No comments:
Post a Comment