Managing the Insider Threat: No Dark Corners and the Rising Tide Menace

Cover
Half Title
Title Page
Copyright Page
Table of Contents
Foreword
Preface to the First Edition
Preface to Second Edition
About the Author
Part I Underpinnings
	Chapter 1 The Problem and Limits of Accepted Wisdom
		Introduction
		The Problem
		Terms of Reference
		Historical Approaches
			Types of Studies on Hostile Insiders
			Studies Focusing on Motivations
			Studies Focusing on Compilations and Cases
			Studies Focusing on Cyber Insiders and More Controls
			Losing Sight of Mortal Threats by Aggregating Cases Too Liberally
			Limits of Cyber-Centric Bias
		Implications
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
	Chapter 2 Groundbreaking Research and Findings
		Delphi Research on Insider Threat
			Initial Research Findings Confirming Accepted Wisdom
		Alternative Analysis Takes Shape
			Why Infiltrator vs. Disgruntled Careerist?
			Infiltrator’s Challenges vs. Defender’s Capacity
		Infiltrator Step 1: Get Through Screening
		Infiltrator Step 2: Gather Information
		Infiltrator Step 3: Exploit Vulnerabilities
		The Alternative
		Balancing Trust and Transparency: The Co-Pilot Model
			Contrast with Traditional Strategy
			New Insider Defenses
				Close Probation
				Transparency on the Job
				Team Self-Monitoring
		Comparison with Other Security Strategies
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
	Chapter 3 Agents of Change: Corporate Sentinels
		Introduction
			Key Activities
		Corporate Sentinels Examined
			Traditional Role
			Expertise and Alienation
				Sentinel Alienation
				Perfunctory Adaptation
				Imperial Overreach or Power Play
				Cronyism or Favor Exchange
				Transformational Role in a No Dark Corners Approach
		A Sentinel’s Guide to People Security
			Human Relationships
			The Dishonest Employee
			Management Responsibility in Loss Prevention
			Procedural Controls
			Pre-Employment Screening
			Personal Safety and Self-Defense
			Workplace Violence
			Unfair Labor Practices
			Security and Civil Rights
		On Balance
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
	Chapter 4 Agents of Change: Leaders and Co-pilots
		Introduction
		Leadership’s Attitude to Sentinels and Defenses
		Where to Begin
			Know Your World
			Start Somewhere
			At Least Ask
		Why Leaders Falter
		The Issue-Attention Cycle Meets Insider Threats
			Phase 1: Pre-Problem
			Phase 2: Alarmed Discovery
			Phase 3: Awareness of Difficulties
			Phase 4: Gradual Decline of Public Interest
			Phase 5: Post Problem
		Alternative Approach
			Another Opportunity: Rotational Assignments
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
Part II Sudden Impact Defenses
	Chapter 5 Rethinking Background Investigations
		Sudden Impact Defenses as Basic Essentials
		Background on Backgrounds
			Traditional Background Investigation Process
			Identity Verification
			What Gets Investigated and How
			Credentials and Credibility
			Where Blurred Accountability Comes with a Price
			Other Red Flags Often Unseen
			Adjudication of Adverse Findings
		Transformational Opportunities with a No Dark Corners Approach
			Making a Team Out of Warring Camps
			Alternative Process: Adjudication by Team vs. Fiat
			Resolving Differences
			Ramifications for the Entire Process
			Who Should Perform the Background Investigation?
				Case Study: A David Takes on Goliath in Pre-Employment Background Investigations
			An Overlooked Problem: Investigating the Non-Employee
				Access the Real Issue
			Knowledgeable Escort
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
	Chapter 6 Deception and the Insider Threat
		Introduction
		Deception’s Role
			Inadequacy of Defenses
		Representative Methods for Detecting Deception
			What Do Polygraph Examiners Know About Deception?
			The Reid Technique
				Background
				Key Features
				Limitations
			The Wicklander-Zulawski Method
				Background
				Key Features
				Limitations
			Scientific Content Analysis (SCAN)
				Background
				Limitations
		Other Techniques for Detecting Deception
			Cross-Examination
				Background
				Key Features
				Limitations
			Behavioral Detection
				Background
				Key Features
				Limitations
		The Deceiver’s Edge
			What Makes a Good Liar
		No Dark Corners Applications
			Interrogation
				Application
			Debriefing
				Application
			Interviewing
				Application
			Conversation
				Application
			Elicitation
				Application
		Where to Expect Deception from Trust Betrayers
			The Infiltrator’s Deception
				Deceptions Possible in Screening Process
				Deceptions Possible During Probation Period
				Deceptions Possible after Probation While Seeking Vulnerabilities:
			The Disgruntled Insider’s Deception
				Deceptions Possible in Screening Process
				Deceptions Possible During Probation Period
				Deceptions Possible after Probation While Seeking Vulnerabilities
			The Detection Dilemma
			Context-Based Anomaly Detection
				At Least Ask
				Know Your World
				Start Somewhere
			The What-if Discussion
				Sample Scenarios
			Scenario 1: A Bad Feeling Early On
				Questions to Explore
			Scenario 2: A Rising Tide of Concern
				Questions to Explore
			Deception’s Role in Scenarios
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
	Chapter 7 Lawful Disruption of the Insider Threat
		Introduction to a Mindset
			What Is Lawful Disruption?
			Defender Dilemmas
		Three Undermining Biases
			Prosecutorial Bias
			Investigative Bias
			Intelligence or Need-to-Know Bias
		Deciding How Far to Go
			Risks in Failure Analysis and Problem-Solving
		Representative Options: What Defenders Can Do Themselves
			Changes That Increase Perceived Effort for the Desired Attack
			Changes That Increase Perceived Risk for the Attacker
			Changes That Reduce the Anticipated Yield of the Attack
			Changes That Alter the Insider’s Guilt or Justification for Attacking
		Techniques of Lawful Disruption by Employee Level
			Leader Disruptions
			Corporate Sentinel Disruptions
			Team-Member Disruptions
		The Layered Offense
			Core Cast
			Scenario 1: Disrupting a Suspected Infiltrator
				Discussion
			Scenario 2: Disrupting an Insider Threat of Workplace Violence
				Discussion
			Scenario 3: Disruption Taking an Unexpected Turn
				Discussion
			Scenario 4: Disruption at the Top
				Discussion
			Comparative Observations
			Practice
				A Distress Call and Unpredicted Turn of Events
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
	Chapter 8 Mortal Insider Threats
		Trying to Kill You: Threats Mortal, Fatal, or Existential
			First Things First: A Question of Priority
			Protecting People and Property
				Defender’s Advantage in Dealing with Infiltrators
				Spillover Effects from Defending Against Existential Insiders
		The Big Three Mortal Insider Threats
			Sabotage with Cascading Impacts
			Decapitation Attacks Through Assassination
			Espionage Yielding Decisive Victory
		Problems of Threshold and Accumulation
			What Makes a Threat Mortal?
			Assistance with Evaluating Fatal Potential
				DHS Protective Security Advisors
				Local Task Force Entities with a Protective Mandate
			Red Teaming
				Where to Recruit Red Team Members
			Red Teaming Value to Countering Mortal Insider Threats
				Red Team Members from Within
				Drawing from the Risk or Vulnerability Assessment Team
				Red Teaming More for Mortal than Casual Threats
				Worse Case and Worst Case Scenarios
				When Red Team or Special Resources Are Not an Option
				Avoiding Warning Fatigue
			A Question of Perspective
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
Part III Defenses for Uncertain and Rising Tide Insider Threats
	Chapter 9 Anomalous Insider Threats
		From Sudden to Insidious: The Slow-Onset Insiders
			Cyberattacks – Insider or Other Threats?
			Threats of Violence
				Domestic or Intimate Partner Violence
				Threats on the Job
			Exploiting Employer Assets for Gain
				Financial Gain
			Self-Aggrandizement
		Unifying Themes and Need for a Systematic Approach
			The Threat Scale
		Application of Threat Scale to Insider Threats by Category
			Scale for Cyberattacks
				0: Nuisance Level
				1: Escalating Irritation
				2: Chronic, Active Disruption
				3: Unacceptable, Proximate Harm
			Scale for Threats of Violence
				0: Nuisance Level
				1: Escalating Irritation
				2: Chronic, Active Disruption
				3: Unacceptable, Proximate Harm
			Scale for Exploiting Assets for Gain
				0: Nuisance Level
				1: Escalating Irritation
				2: Chronic, Active Disruption
				3: Unacceptable, Proximate Harm
			Special Cases
				Sympathizers
				Lynch Mobs, Flash Mobs, and Overwhelming Crowds
				Citizen Unrest and Uprising
				Sporting Event Mayhem
				Undermining Contemporaries
				Prodigal Kin
				Misguided Redeemers
			Fleeting or Occasional Insider Threats – a Nebulous Category of Others
			Extortion as Another Indirect Threat
			Lessons of One-Off Cases
			Implication of Changing Workplace Dynamics for Insider Threats
		A Wider Perspective
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
	Chapter 10 Competing Loyalties and the Loyalty Ledger
		Introduction
		Loyalties Divided, Absent, or Misguided
			If Not Money, What?
			Erosion of Traditional Loyalty
		The Loyalty Ledger
			Loyalty Markers: A Baker’s Dozen
				Loyalty Markers 1–4
				Loyalty Markers 5 and 6
				Loyalty Markers 7–12
				Loyalty Marker 13
			Applying the Loyalty Ledger
			What the Loyalty Ledger Draws Out
			Altering the Balance
			Epiphany and Discussion
		Additional Phenomena and Complicating Factors
			Impact of Time
				Playing the Long Game
				Compressed Lifespans of Organizations
			Changing Issue Landscapes
			Impact of Availability Cascades
			Rise of Minority Rule as Sabotage Enabler
			Value and Limitations of the Loyalty Ledger
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
	Chapter 11 Friction and Turnaround
		Slow-Onset Challenges and Newton’s Law
		Slow-Onset Insider Defense Based on Intensity Level
			Level 1 Intensity
				Loyalty Ledger Application to Level 1
			Level 2 Intensity
				Loyalty Ledger Application to Level 2
			Level 3 Intensity
				Loyalty Ledger Application to Level 3
		Deploying Slow-Onset Insider Defenses
			Friction
			Turnaround
				Canonical Turnaround
				Radical Turnaround
				Key Steps
				A Note on Intangible Factors
				Salient Contrasts and Commonalities for Radical Turnaround
			Ambiguous Situations
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
	Chapter 12 Inoculation and the Last Meal Case Study
		Clear Thinking as Long-Term Inoculation
		The Clear Thinker’s Quiver
		The Lexicon of Pitfalls and Lifelines
			Pitfalls
				Availability Cascade
			Curse of the Indelicate Obvious
				Illusion of Explanatory Depth
				Luxury Belief
				Pluralistic Ignorance
			Lifelines
				Cartesian Doubt
				Euclidean Proof
				Prudential Algebra
				Problem Definition as Delta
				Tradeoffs
		Entries for a Clear Thinker’s Phrasebook
		The Last Meal Case Study and Workshop
			The Case for a Case
			Why the Last Meal Case and Workshop?
				Case Introduction and Sequencing
				Case Development
				Next Level
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
	Chapter 13 Consulting for No Dark Corners Implementation
		From Theory to Application
		The Inside-Outside Dilemma
			Recommended: Outside Diagnosis, Hybrid Prescriptions, Internal Implementation
			Institutional Insertion Points for a No Dark Corners Program
				Sudden Impact Response
				Post Mortem Redesign
				Strategic Anticipation
			Application Opportunities for No Dark Corners Consulting
				Consultant’s Role
				Objectives and Resources
				Metrics
				Value
				Fees, Compensation, and Effectiveness
			Making Change Happen
				Pilot Programs
				Exemplars
			Engaging 101: Some Features of Starting a No Dark Corners Assignment
			Delivering 101: Some Ways of Navigating a No Dark Corners Assignment
			Findings 101: Common Findings to Expect in a No Dark Corners Consulting Engagement
			Disengaging 101: Drawing the Assignment to a Close
		The Laser and the Flashlight
			Checking the Flashlight’s Bulb and Battery
		Conclusion
		Questions for Online or Classroom Discussion
		Exercises for Group Projects
		Notes
	Chapter 14 Answer Guide and Concluding Observation
		Chapter 1
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Chapter 2
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Chapter 3
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Chapter 4
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Chapter 5
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Chapter 6
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Chapter 7
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Chapter 8
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Chapter 9
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Chapter 10
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Chapter 11
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Chapter 12
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Chapter 13
			Questions for Online or Classroom Discussion
			Exercises for Group Projects
		Concluding Observation
		Notes
Index