Turner James - Insider threat: prevention, detection, mitigration, and deterrence

1. Tables in Chapter 4
2. Tables in Chapter 5
3. Tables in Chapter 6
4. Tables in Chapter 7
5. Tables in Chapter 9
6. Tables in Chapter 13

1. Figures in Chapter 1
2. Figures in Chapter 2
3. Figures in Chapter 3
4. Figures in Chapter 4
5. Figures in Chapter 5
6. Figures in Chapter 6
7. Figures in Chapter 7
8. Figures in Chapter 8
9. Figures in Chapter 9
10. Figures in Chapter 10
11. Figures in Chapter 11
12. Figures in Chapter 13
13. Figures in Chapter 14
14. Figures in Chapter 15

Michael G. Gelles, Psy.D.

Butterworth-Heinemann is an imprint of Elsevier

The Boulevard, Langford Lane, Kidlington, Oxford OX5 1GB, UK

50 Hampshire Street, 5th Floor, Cambridge, MA 02139, USA

Copyright 2016 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN: 978-0-12-802410-2

For Information on all Butterworth-Heinemann publications visit our website at https://www.elsevier.com/

Publisher: Candice Janco

Acquisition Editor: Sara Scott

Editorial Project Manager: Hilary Carr

Production Project Manager: Punithavathy Govindaradjane

Designer: Mark Rogers

Typeset by MPS Limited, Chennai, India

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

Dr. Michael G. Gelles is currently a Managing Director with Deloitte Consulting, LLP Federal practice in Washington, D.C., consulting in the areas of law enforcement, intelligence and security. Dr. Gelles is a thought leader in insider threat associated with possible security risks, asset loss, exploitation, terrorism, workplace violence and sabotage. Dr. Gelles leads consults to government and private sector organizations in the area of insider threat, business assurance, organizational transformation, workforce planning, leadership development and strategic planning with a specific emphasis around people, mission and risk. Dr. Gelles has led the development of a number of Deloitte innovative solutions in addition to insider threat to include multigenerational workforce solutions and developing a secure cyber workforce. Previously, he was an executive in federal law enforcement and the chief psychologist for the Naval Criminal Investigative Service (NCIS) for more than 16 years. In that capacity, he assisted the NCIS and a multitude of other federal, state and local law enforcement agencies with criminal, counterintelligence and counterterrorism investigations and operations. Dr. Gelles has been involved in the investigation and debrief of numerous convicted insiders ranging from espionage to sabotage. He is an author of numerous articles and book chapters, as well as a book on threat management and risk assessment. Dr. Gelles received his Bachelor of Arts from the University of Delaware and his masters and doctorate degrees in psychology from Yeshiva University in New York. He completed his clinical and forensic training at the National Naval Medical Center and his advanced training at the Washington School of Psychiatry. He held past academic appointments in at the Uniformed Services University of the Health Sciences and at the Washington School of Psychiatry.

Ralph Sorrentino, US Chief Confidentiality Officer, Principal Deloitte Consulting LLP

The risks to an organizations critical assets are greater today than they have ever been. With business being conducted globally online, with a global workforce, the advent of technologies that make access to information available from anywhere on any device, the risks to data have increased significantly. Information can be accessed, downloaded, and ex-filtrated in seconds and in those short seconds an organizations proprietary information, client confidential data, can be stolen or exploited before anyone notices. Most important, the exploitation of an organizations assets can cause irreparable damage to brand, reputation, and public confidence, and in cases of the government, national security and public safety. Therefore, it is paramount to develop an insider threat program that allows the organization to prevent, detect, respond, and deter insider threats.

For the past decade, both private and public sector organizations have invested heavily in protecting their perimeter from external cyber attacks, while remaining vulnerable to the insider threat who can circumvent cyber defenses with malicious intent or unwitting complacency. This book addresses the insider threat: how to develop a program that protects an organizations critical assets through a proactive and holistic view of the organizations policies, business processes, technology, security awareness, and training.