Personnel Security - Part 1

1

PERSONNEL SECURITY

PART I: OVERVIEW (FOUNDATION BUILDING)

PROFESSOR CRAIG T. JOHNSONIAE-684 “COMPLEMENTARY SECURITY”

2

INTRODUCTIONS Name Employment/position Experience with Information Technology Objective in taking this course At the end, you hope to have_____from this course

CJ & Associates, LLC 3

READINGSChapters in the Fay text “Complementary Security”

4

INFRA-STRUCTURE ISSUES

Strategy Imperatives Technical Knowledge Assessing Trustworthiness Leadership Outsourcing Developing personnel

5

INFRA-STRUCTURE ISSUES (Continued)

Maslow’s Theory in the Security EnvironmentMerit ratingResource management and budgetsTeamwork in effecting changeCostFuture Architectures

6

Today’s Discussion Topics

Principles of basic personnel securityEstablishing the baselineDefining the “Trusted employee”“Making positive institutional deposits to counter dishonesty”

7

Reviewing the principles(Lecture vs. Readings)

Managing People Appraising, evaluating, developingDecision Making Leadership, delegation, case studyManaging Risk Risk analysis, self-assessments, audits

Managing Budgets Zero base reviews, money allocations, cost controls

8

“BEGIN WITH THE END IN MIND…” DEFINE ORGANIZATIONAL CULTURE SET STANDARDS AND APPLY CONSISTENTLY ESTABLISH METHODOLOGY FOR EVALUATION DEFINE THE “TRUSTED EMPLOYEE” ESTABLISH MECHANISM FOR RE-EVALUATION ASYMMETRICAL ASSESSMENTS QUALITY ASSURANCE FOLLOW-THROUGH FOR COMPLIANCE STRIVE FROM THE BEGINNING FOR EFFICIENCY

(Covey, 1990)

9

PROCEDURES FOR VETTINGTHOROUGH WRITTEN APPLICATIONMECHANISMS IN-PLACE FOR VERIFYING INFORMATION

SUBJECT INTERVIEWS THOROUGH CHECKS ON

QUALIFICATIONS/HISTORYTHOROUGH INTERVIEW WITH TRAINED /HR STAFFSUBSTANCE ABUSE TESTINGSPECIAL NOTE: SOME PROFESSIONS ALLOW POLYGRAPH RE-SCREENING TESTING & SHOULD BE CONSIDERED WHERE APPLICABLE

10

RE-PERIODIC ASSESSMENTS

COMPARTMENTALIZATIONSENSITIVE AREAS REQUIRE TRUSTED “MORE SCRUTINIZED” PERSONNELPERIODIC UPDATES TO VERIFY TRUSTWORTHINESSESTABLISH ENFORCEABLE POST EMPLOYMENT AGREEMENTSONGOING SETTING OF EXAMPLES SET FROM TOP DOWN OF THAT THE CULTURE IS RE-ENFORCED

11

WHAT IS A “TRUSTED EMPLOYEE?”PRINCIPLES

ETHICAL HONEST HAS A CONSCIOUS SELFLESS LOYAL DEDICATED FAIR-MINDED RELIABLE DUTY BOUNDED SUPPORTIVE

BEHAVIORS DISHONESTY THEFT MISAPPROPRIATIONS MALFEANANCE WRONGDOING EMBEZZLEMENT LYING MISREPRESENTATION DISLOYAL NOT RELIABLE

12

EMPLOYEE BEHAVIORS

SHOULD EMPLOYEES BE ALLOW TO MAKE PERSONAL CALLS ON COMPANY TELEPHONE LINES?CAN EMPLOYEES USE COMPANY COMPUTERS FOR PERSONAL USE?CAN A COMPANY FAX BE USED FOR PERSONAL USE?IS IT OKAY TO TAKE-OFF FROM WORK EARLY BUT CLAIM YOU WORKED THE FULL-TIME?HAS AN EMPLOYEE EATEN SOMEONE ELSE’S LUNCH FROM A COMMUNITY REFRIGERATER WITHOUT PERMISSION?

13

COMPARE AND CONTRASTADVERSE BEHAVIORS

COMPUTER FRAUDUNAUTHORIZE ENTRYHACKINGEMBEZZLEMENT/THEFT

ABUSE ACCESSABUSIVE EMPLOYEE WORK SCHEDULE/LEAVE

DISLOYALITY

UNDESIRED END-STATE

LOST CLIENTSDEBILITATE SECURITYVIOLATE PROTOCOLSLOST OF ASSETS/MORALE DISPLACEDPROLIFERATE DISHONESTYFOSTER ORGANIZATION INEPTNESS, INEFFICIENCY, AND NON-PRODUCTIVENESS

NO EMPLOYEE COMMITMENT

14

EMPLOYEE BEHAVIORS – II(UPPER LEVELS)

ARE SUPERVISORS & MANAGERS REWARDED FOR MAKING CORRECT ETHICAL DECISIONS?DO EMPLOYEES FEEL THEY ARE EMPOWERED TO MAKE DECISIONS WITH MANAGEMENT SUPPORT?DOES YOUR ORGANIZATION PRACTICE THE ‘FIVE PRINCIPLES’ OF ETHICAL POWER?

15

“MAKING POSITIVE INSTITUTIONAL DEPOSITS TO COUNTER DISHONESTY”

FIVE PRINCIPLES OF ETHICAL POWER FOR AN ORGANIZATION* PURPOSE PRIDE PATIENCE PERSISTENCE PERSPECTIVE

* Kenneth Blanchard & Norman Vincent Peale, “The Power of Ethical Management”, 1988.

16

“MAKING INSTITUTIONAL DEPOSITS TO COUNTER DISHONESTY” – DEFINED -1

“Purpose: The mission of an organization is communicated from the top. An organization is guided by the values, hope, and a vision that helps it to determine what is acceptable and unacceptable behavior.”*


17

“MAKING INSTITUTIONAL DEPOSITS TO COUNTER DISHONESTY” – DEFINED - 2

“Pride: An organization feels proud of itself and of its structure. It knows that when it feels this way, it can resist temptations to behave unethically.”*


18


“Patience: An Organization believes that holding to its ethical values will lead to success in the long term. This involves maintaining a balance between obtaining results and caring how it achieve these results.”*


19


“Persistence: An organization has a commitment to live by ethical principles. It is committed to its’ commitment. It makes sure that all actions are consistent with its’ purpose.”*


20


“Perspective: Managers and employees take time to pause and reflect, take stock of where they are, evaluate where the are going and determine how they are going to get to there locations.”*


21

Assessing Behaviors(Reviewing the literature)

Cert Coordination Center stressing importance of authentication Unauthorized users can jeopardize security information

Other considers? How to do it? Use hardware-based Assess Controls Remove excess defaults & groups

22

Assessing Behaviors(Reviewing the literature)Continued…

Disable non-interactive accounts Check or create appropriate passwordsExamples…

Configure computers to require ‘re-authentication’ after idle periods

Set log-in failure attempts at certain number

23

Assessing Behaviors(Reviewing the literature)Continued…

Protect your Web server against common attacks Denying attackers direct access to your web server

Changing web site contents Denying user access to your web server

Why this is important?

24

Assessing Behaviors(Reviewing the literature)

The product of these damaging actions are the result of threats Insider Threats – Former trusted employees with access to systems, facilities, information or technology

External Threats – People with the ability to commit unauthorized intrusions into your systems

The course will address these two dilemmas

25

Final Administrative Announcements

Check Blackboard for weekly announcements 1st announcement reminder: Email your term paper topics 1st announcement reminder: Email your presentation preference for sessions 11, 13, or 15.

26

CONTINUE TO SELF-IMPROVE(WORKING FROM THE CORE OUTWARD)

Closing commentsAs a reminder…

28

Course Criteria

Review grading for the course Quiz # 1 5 points Quiz # 2 5 points Midterm 15 points Participation/student evaluations 5 points

Student Debate 10 points Student presentations 10 points Term paper15 points Extra Credit (if applicable 10 points Final Exam25 points


Future Events - Continued

Class debate scheduled for session 5. ROE will be provided to all class members and posted in Blackboard Class members assignments to come shortly

Midterm format will be easy and covering material from up to that point from lectures and readings. More on this later Khobar Towers case study Will be sent to you the before debriefings

SPECIAL REQUESTS 1st Call, term paper topics 1st Call, presentation dates for live sessions 6, 7, or 8. SPECIAL NOTE: All requests are first come first served.

Communication with the professor Small messages with no attachments to [email protected]

Messages with attachments to my personal email at [email protected] or submitted directly to the Digital Box in Capitol College portal

mailto:[email protected]

mailto:[email protected]


Review Class Etiquette and Operations

Reviewing Centra software Check marks for ‘yes’ and x for ‘no’

Raise hand to ask questions All students will have microphones issued in most every case

Classroom will be used for live sessions and for posting of reading assignments.


Review Class Etiquette and Operations – cont’

The explanation of the “secret message” of the week for live session attendance All classes will be recorded Professor office hours College Policies Plagiarism – “I use Plagiarism Check software”

Late papers – “Deductions from total grade” Format for papers – Strict adherence, please.

33

End of first session


REFERENCESThomas, K.W., (2000) Intrinsic Motivation at

Work - Building Energy and Commitment, San Francisco, pp.143.

Blanchard, K., (1989) The Power of Ethical Management, New York, pp.141.

Covey, S.R., (1989) The 7 Habits of Highly Effective People, New York, pp. 358.

Personnel Security - Part 1

Documents