1 PERSONNEL SECURITY PART I: OVERVIEW (FOUNDATION BUILDING) PROFESSOR CRAIG T. JOHNSON IAE-684 “COMPLEMENTARY SECURITY”
1
PERSONNEL SECURITY
PART I: OVERVIEW (FOUNDATION BUILDING)
PROFESSOR CRAIG T. JOHNSONIAE-684 “COMPLEMENTARY SECURITY”
2
INTRODUCTIONS Name Employment/position Experience with Information Technology Objective in taking this course At the end, you hope to have_____from this course
4
INFRA-STRUCTURE ISSUES
Strategy Imperatives Technical Knowledge Assessing Trustworthiness Leadership Outsourcing Developing personnel
5
INFRA-STRUCTURE ISSUES (Continued)
Maslow’s Theory in the Security EnvironmentMerit ratingResource management and budgetsTeamwork in effecting changeCostFuture Architectures
6
Today’s Discussion Topics
Principles of basic personnel securityEstablishing the baselineDefining the “Trusted employee”“Making positive institutional deposits to counter dishonesty”
7
Reviewing the principles(Lecture vs. Readings)
Managing People Appraising, evaluating, developingDecision Making Leadership, delegation, case studyManaging Risk Risk analysis, self-assessments, audits
Managing Budgets Zero base reviews, money allocations, cost controls
8
“BEGIN WITH THE END IN MIND…” DEFINE ORGANIZATIONAL CULTURE SET STANDARDS AND APPLY CONSISTENTLY ESTABLISH METHODOLOGY FOR EVALUATION DEFINE THE “TRUSTED EMPLOYEE” ESTABLISH MECHANISM FOR RE-EVALUATION ASYMMETRICAL ASSESSMENTS QUALITY ASSURANCE FOLLOW-THROUGH FOR COMPLIANCE STRIVE FROM THE BEGINNING FOR EFFICIENCY
(Covey, 1990)
9
PROCEDURES FOR VETTINGTHOROUGH WRITTEN APPLICATIONMECHANISMS IN-PLACE FOR VERIFYING INFORMATION
SUBJECT INTERVIEWS THOROUGH CHECKS ON
QUALIFICATIONS/HISTORYTHOROUGH INTERVIEW WITH TRAINED /HR STAFFSUBSTANCE ABUSE TESTINGSPECIAL NOTE: SOME PROFESSIONS ALLOW POLYGRAPH RE-SCREENING TESTING & SHOULD BE CONSIDERED WHERE APPLICABLE
10
RE-PERIODIC ASSESSMENTS
COMPARTMENTALIZATIONSENSITIVE AREAS REQUIRE TRUSTED “MORE SCRUTINIZED” PERSONNELPERIODIC UPDATES TO VERIFY TRUSTWORTHINESSESTABLISH ENFORCEABLE POST EMPLOYMENT AGREEMENTSONGOING SETTING OF EXAMPLES SET FROM TOP DOWN OF THAT THE CULTURE IS RE-ENFORCED
11
WHAT IS A “TRUSTED EMPLOYEE?”PRINCIPLES
ETHICAL HONEST HAS A CONSCIOUS SELFLESS LOYAL DEDICATED FAIR-MINDED RELIABLE DUTY BOUNDED SUPPORTIVE
BEHAVIORS DISHONESTY THEFT MISAPPROPRIATIONS MALFEANANCE WRONGDOING EMBEZZLEMENT LYING MISREPRESENTATION DISLOYAL NOT RELIABLE
12
EMPLOYEE BEHAVIORS
SHOULD EMPLOYEES BE ALLOW TO MAKE PERSONAL CALLS ON COMPANY TELEPHONE LINES?CAN EMPLOYEES USE COMPANY COMPUTERS FOR PERSONAL USE?CAN A COMPANY FAX BE USED FOR PERSONAL USE?IS IT OKAY TO TAKE-OFF FROM WORK EARLY BUT CLAIM YOU WORKED THE FULL-TIME?HAS AN EMPLOYEE EATEN SOMEONE ELSE’S LUNCH FROM A COMMUNITY REFRIGERATER WITHOUT PERMISSION?
13
COMPARE AND CONTRASTADVERSE BEHAVIORS
COMPUTER FRAUDUNAUTHORIZE ENTRYHACKINGEMBEZZLEMENT/THEFT
ABUSE ACCESSABUSIVE EMPLOYEE WORK SCHEDULE/LEAVE
DISLOYALITY
UNDESIRED END-STATE
LOST CLIENTSDEBILITATE SECURITYVIOLATE PROTOCOLSLOST OF ASSETS/MORALE DISPLACEDPROLIFERATE DISHONESTYFOSTER ORGANIZATION INEPTNESS, INEFFICIENCY, AND NON-PRODUCTIVENESS
NO EMPLOYEE COMMITMENT
14
EMPLOYEE BEHAVIORS – II(UPPER LEVELS)
ARE SUPERVISORS & MANAGERS REWARDED FOR MAKING CORRECT ETHICAL DECISIONS?DO EMPLOYEES FEEL THEY ARE EMPOWERED TO MAKE DECISIONS WITH MANAGEMENT SUPPORT?DOES YOUR ORGANIZATION PRACTICE THE ‘FIVE PRINCIPLES’ OF ETHICAL POWER?
15
“MAKING POSITIVE INSTITUTIONAL DEPOSITS TO COUNTER DISHONESTY”
FIVE PRINCIPLES OF ETHICAL POWER FOR AN ORGANIZATION* PURPOSE PRIDE PATIENCE PERSISTENCE PERSPECTIVE
* Kenneth Blanchard & Norman Vincent Peale, “The Power of Ethical Management”, 1988.
16
“MAKING INSTITUTIONAL DEPOSITS TO COUNTER DISHONESTY” – DEFINED -1
“Purpose: The mission of an organization is communicated from the top. An organization is guided by the values, hope, and a vision that helps it to determine what is acceptable and unacceptable behavior.”*
* Kenneth Blanchard & Norman Vincent Peale, “The Power of Ethical Management”, 1988.
17
“MAKING INSTITUTIONAL DEPOSITS TO COUNTER DISHONESTY” – DEFINED - 2
“Pride: An organization feels proud of itself and of its structure. It knows that when it feels this way, it can resist temptations to behave unethically.”*
* Kenneth Blanchard & Norman Vincent Peale, “The Power of Ethical Management”, 1988.
18
“MAKING INSTITUTIONAL DEPOSITS TO COUNTER DISHONESTY” – DEFINED - 3
“Patience: An Organization believes that holding to its ethical values will lead to success in the long term. This involves maintaining a balance between obtaining results and caring how it achieve these results.”*
* Kenneth Blanchard & Norman Vincent Peale, “The Power of Ethical Management”, 1988.
19
“MAKING INSTITUTIONAL DEPOSITS TO COUNTER DISHONESTY” – DEFINED - 4
“Persistence: An organization has a commitment to live by ethical principles. It is committed to its’ commitment. It makes sure that all actions are consistent with its’ purpose.”*
* Kenneth Blanchard & Norman Vincent Peale, “The Power of Ethical Management”, 1988.
20
“MAKING INSTITUTIONAL DEPOSITS TO COUNTER DISHONESTY” – DEFINED - 5
“Perspective: Managers and employees take time to pause and reflect, take stock of where they are, evaluate where the are going and determine how they are going to get to there locations.”*
* Kenneth Blanchard & Norman Vincent Peale, “The Power of Ethical Management”, 1988.
21
Assessing Behaviors(Reviewing the literature)
Cert Coordination Center stressing importance of authentication Unauthorized users can jeopardize security information
Other considers? How to do it? Use hardware-based Assess Controls Remove excess defaults & groups
22
Assessing Behaviors(Reviewing the literature)Continued…
Disable non-interactive accounts Check or create appropriate passwordsExamples…
Configure computers to require ‘re-authentication’ after idle periods
Set log-in failure attempts at certain number
23
Assessing Behaviors(Reviewing the literature)Continued…
Protect your Web server against common attacks Denying attackers direct access to your web server
Changing web site contents Denying user access to your web server
Why this is important?
24
Assessing Behaviors(Reviewing the literature)
The product of these damaging actions are the result of threats Insider Threats – Former trusted employees with access to systems, facilities, information or technology
External Threats – People with the ability to commit unauthorized intrusions into your systems
The course will address these two dilemmas
25
Final Administrative Announcements
Check Blackboard for weekly announcements 1st announcement reminder: Email your term paper topics 1st announcement reminder: Email your presentation preference for sessions 11, 13, or 15.
28
Course Criteria
Review grading for the course Quiz # 1 5 points Quiz # 2 5 points Midterm 15 points Participation/student evaluations 5 points
Student Debate 10 points Student presentations 10 points Term paper15 points Extra Credit (if applicable 10 points Final Exam25 points
CJ & Associates, LLC 29
Future Events - Continued
Class debate scheduled for session 5. ROE will be provided to all class members and posted in Blackboard Class members assignments to come shortly
Midterm format will be easy and covering material from up to that point from lectures and readings. More on this later Khobar Towers case study Will be sent to you the before debriefings
SPECIAL REQUESTS 1st Call, term paper topics 1st Call, presentation dates for live sessions 6, 7, or 8. SPECIAL NOTE: All requests are first come first served.
Communication with the professor Small messages with no attachments to [email protected]
Messages with attachments to my personal email at [email protected] or submitted directly to the Digital Box in Capitol College portal
CJ & Associates, LLC 31
Review Class Etiquette and Operations
Reviewing Centra software Check marks for ‘yes’ and x for ‘no’
Raise hand to ask questions All students will have microphones issued in most every case
Classroom will be used for live sessions and for posting of reading assignments.
CJ & Associates, LLC 32
Review Class Etiquette and Operations – cont’
The explanation of the “secret message” of the week for live session attendance All classes will be recorded Professor office hours College Policies Plagiarism – “I use Plagiarism Check software”
Late papers – “Deductions from total grade” Format for papers – Strict adherence, please.