Study sets, textbooks, questions
Upgrade to remove ads
Developing a Multidisciplinary Insider Threat Capability
Terms in this set (98)
_____ conducts investigations or criminal intelligence operations that are likely to obtain evidence of a completed crime or the planning of a crime. Their mission is to uphold and enforce criminal laws and to investigate matters so that the judiciary process may be carried out in a fair and impartial manner.
_____ culture is focused on enabling justice and lawfully gathering evidence that may prove or disprove allegations.
Systematic inquiries into an allegation of unfamiliar or questionable activities for the purpose of gathering evidence to substantiate or refute the allegation
Formalized programs targeting persons or organization whose criminal activity significantly affects the establishment, or those activities designed to gain information of a criminal intelligence nature for law enforcement purposes
Criminal Intelligence Operations
_____ protects information, technology, physical property and structure, personnel, and other resources. Its purpose is to prevent physical harm, loss of information or technology, and the loss or compromise of personnel, including through preemptive measures such as security education and training.
The culture of _____ is to act as a shield to protect assets. Traditionally, their actions are referred to as "guns, gates, and guards."
_____ systematically collects information about persons or groups that are or may be engaged in harmful activities conducted by or on behalf of foreign entities. _____ uses this information to detect, deter, neutralize, and exploit these harmful actions.
If security's culture is to act as a shield, then the culture of _____ is to act as the sword that protects secrets and prevents others from spying on us.
CI conducts counterintelligence investigations and operations, collects counterintelligence information and acts as a(n) _____, performs counterintelligence analysis and produces analytic products to articulate the threat, and contributes to CI training and awareness.
Harmful Activities may include
• Espionage or other intelligence activities • Sabotage • Terrorism • Assassinations
• Foreign governments or elements thereof • Foreign organizations • Foreign persons • International terrorist activities
_____ each focus on some aspect of prevention and protection. These missions overlap and complement one another when deployed effectively. As you strive to understand these disciplines, consider these descriptions.
LE, security, and CI
Discipline: LE; Purpose:
Capture bad actors
Discipline: Security; Purpose:
Protect resources from bad actors
Discipline: CI; Purpose:
ID, prevent, or use bad actors
_____ plans, implements, upgrades, and monitors security measures for the protection of computer networks and information. Part of its mission includes ensuring that appropriate security controls are in place to safeguard digital files and vital electronic infrastructure and responding to computer security breaches and viruses.
_____ focuses on technical requirements and incidents and their impact on the organization's mission.
Depending on your organization, its actions may be governed by DoD Instruction (DoDI) _____, Cybersecurity; Presidential Policy Directive 41, United States Cyber Incident Coordination; FISMA; the National Industrial Security Program Operating Manual; and a variety of Office of Management and Budget (OMB) memoranda.
_____ addresses the needs of those living with mental illness and promotes overall mental wellness for the community. This includes individual mental health providers and organizational elements, such as an Employee Assistance Program.
_____ studies human behavior and its role in complex societal problems.
_____ is a critical part of overall wellness, including early identification and intervention for those at risk, with recovery as the goal.
_____ applies empirical data on human behavior to address issues associated with organizational behavior, operations, research, consumer behavior, and media psychology.
_____ provides centralized and comprehensive personnel data management and analysis for the organization. It manages enterprise-wide programs ranging from recruitment, retention, benefits programs, travel management, language, and culture.
_____ provides advice regarding all legal matters and services performed within or involving the organization.
_____ discipline offers an understanding of criminal behavior and activity, possesses extensive experience in evidence gathering, and understands jurisdiction for successful referral or investigation of criminal activities.
_____ can spot indicators related to criminal behavior or activity and, as allowed by policy or regulation, check for violations that occur outside the purview of the organization's security office.
The mitigation capabilities of LE include _____.
investigation, arrest, and enabling prosecution or exoneration.
The _____ discipline has daily interaction with personnel and can recognize unusual behavior. In addition, this discipline knows the physical layout of the facility and can recommend countermeasures to detect and deter threats.
There are several security disciplines, including _____, and each of these disciplines may offer unique indicators.
physical security, information security, and personnel security
_____ can use a risk-based management approach to help prioritize security countermeasures to defend against threats and vulnerabilities.
_____ may be able to look into an individual's foreign associations, contacts, and travel and to identify behavior indicative of use of tradecraft.
What are CI's potential mitigating capabilities?
• Coordinating CI inquiries, investigations, or operations • Coordinating the development of sources • Developing countermeasures • Coordinating referrals to LE or to the IC • Providing foreign travel briefs and debriefs
The _____ discipline understands the information systems used by the insider, can access user baseline behavior to detect anomalies, and can develop countermeasures and monitoring systems.
_____ can spot indicators in the results of user activity monitoring (UAM), including unauthorized or unusual access, attempts to circumvent permissions, and the introduction of malware.
In response to an insider threat incident, _____ can remove permissions and access to information systems, increase UAM as permitted by law or regulation, and craft and implement organization-wide changes to information system policies or configuration.
The mental health and behavioral science discipline offers an understanding of human behavior that can be used to:
• Identify and refine insider threat indicators and the triggers or user account policies for UAM • Help develop awareness campaigns and overall marketing and branding of the program, including effective techniques and effects on morale • Provide a behavioral analysis perspective to mitigation response options, such as how to resolve individual issues or to prevent the escalation of issues • Assist in team collaboration and de-conflicting information from other disciplines
This discipline may be able to spot behavioral issues in the workplace, understand acts or threats of violence, conduct individual mental health evaluations, and interpret and assess medical files and records.
Mental Health / Behavioral Science
Its mitigation capabilities include providing treatment recommendations, recommending continued employment or termination, and developing organizational- or individual-level incident responses that take human behavior into account.
Mental Health / Behavioral Science
The _____ discipline has access to direct hires, contractors, vendors, supply chain, and other staffing that may represent an insider threat.
human resources (HR)
_____ may provide an initial screening of all staff.
In the _____ role, this discipline serves as the policy authority in the workplace, sets the tone and standards for the workplace, and serves as a non-intimidating resource with whom many people are comfortable speaking.
_____ may be able to spot indicators from employee assistance referrals and any medical information in the personnel file, including Veterans' Administration or Medicare within DoD Components.
_____ may have knowledge of promotions and demotions; conflicts of interest; financial problems, such as liens or wage garnishments; disgruntlement; and issues with the employee's supervisor.
Mitigation capabilities include setting appropriate employee termination procedures; increasing employee satisfaction; accessing records and files for inquiries, investigations, or prosecution; and assessing the need for organizational responses to insider threat incidents.
The _____ discipline maintains awareness of legal, privacy, and civil liberties requirements and implements internal policies that adhere to these standards. In addition, _____ can coordinate among disciplines for cases that involve CI, legal, and HR entities. In general, _____ provides guidance and assurance that the Insider Threat Program's actions are within the law.
_____ ensures that developed indicators meet legal and ethical standards for use and that the Program protects the civil liberties of the individual during mitigation response actions such as internal discipline, referrals to other agencies, or termination of employment.
The nature of group dynamics and the desire for agreement may lead to problematic decision making, such as what?
Premature consensus, groupthink, or group polarization.
_____ is settling on a less-than-optimum solution because everyone can agree. For example, an insider threat awareness or communications plan that is generic and not tailored to the workforce.
_____ is inadequate critical evaluation of a solution in order to promote consensus and minimize conflict and leads to stagnation and complacency. For example, failure to evaluate and dynamically evolve elements of the Insider Threat Program, such as training and user activity monitoring, after the original implementation.
_____ is the tendency for groups to arrive at a solution that is more extreme than the average group member's personal position. For example, instituting mandatory daily bag checks without considering the impact on the organization's mission in relation to actual enhancement of security or unintended consequences.
To combat _____, encourage participation from all members, including alternate viewpoints, and limit the ability of a few to dominate discussion.
_____ is not necessarily disruptive. When properly managed, it can lead to productive solutions.
There are two primary ways teams can manage conflict. First, team members should strive for an exploratory mindset rather than an advocacy mindset. Second, team members should agree to practice _____.
With a(n) _____, team members engage in a contest where the purpose of discussion is to lobby for a specific solution. It frames participants as spokespeople who strive to persuade others, defend their positions, and downplay weaknesses. With a(n) _____, team members tend to discourage or dismiss minority views, and there are losers and winners in the outcome.
With a(n) _____, team members engage in collaborative problem solving where the purpose of discussion is to test and evaluate solutions. It champions participants as critical thinkers who present balanced arguments, remain open to alternatives, and accept constructive criticism. With a(n) _____, team members cultivate and value minority views and possess collective ownership over the outcome.
Team members should try to maintain an _____ mindset when collaborating.
_____ is an agreement between opposing parties on how they will work together to resolve or gain a better understanding of their differences. When both sides are open to discussion, it can aid in seeing the merit of the other person's perspective.
Approaches to adversarial collaboration include:
• A key assumptions check • An analysis of competing hypotheses • The Nosenko approach • Argument mapping • Mutual understanding • Joint escalation
In a _____, each side notes the assumptions used in their mental models and then they discuss each assumption, focusing on the rationale behind it and how it might be refuted or confirmed.
key assumptions check
A _____ can be helpful when weighting the values of behaviors in risk equations or other analytic methods. For example, insider threat team members may believe that some sources of information, such as user activity monitoring or security violations, are more meaningful or valuable.
key assumptions check
In an _____, both parties agree on a set of hypotheses and then rate each item as consistent or inconsistent with each hypothesis. Unresolved differences generally point to unrecognized assumptions or alternate rationale for differing interpretations.
analysis of competing hypotheses
This approach can be useful when determining the best overall communications and messaging plan within the organization for the Insider Threat Program.
Analysis of Competing Hyopthesis
In the _____, which is related to the analysis of competing hypotheses, each side identifies items that they believe are of critical importance and must address each of these items.
This approach is best employed when developing an implementation plan.
The Nosenko Approach
In _____, both sides agree to map the logical relationship between each element of an argument in a single map.
_____ can be useful when determining organization-specific indicators that must be reported to the Insider Threat Program.
In a _____ approach, each side explains the other's perspective to a neutral third party. It can be useful for resolving conflicts over competing mitigation response options.
In _____, team members must prepare a joint statement explaining the disagreement to their superiors in order to escalate an issue. This can be useful in determining internal policies, procedures, roles, and responsibilities of team members.
Which of the following statements best describes the purpose and goal of a multidisciplinary insider threat capability?
Integrate multiple disciplines to deter, detect, and mitigate insider threats
A multidisciplinary insider threat capability is meant to proactively detect, deter, and mitigate potential insider threats through early identification and deployment of appropriate _____
Which discipline ensures that security controls safeguard digital files and electronic infrastructure?
Cybersecurity ensures that appropriate security controls are in place to safeguard _____ and vital electronic infrastructure.
Which discipline protects facilities, personnel, and resources from loss, compromise, or destruction?
Which discipline enables a fair and impartial judiciary process?
Which discipline is bound by the Intelligence Authorization Act?
Which discipline provides guidance on legal matters?
Which discipline focuses on early intervention for those at risk with recovery as the goal?
Which discipline provides personnel data management and analysis?
_____ has the ability to issue security violations and infractions.
_____ has the ability to check for violations outside of the organization.
_____ has the ability to check for indicators derived from user activity monitoring (UAM).
_____ can provide information on foreign threats and targeting.
Legal ensures the protection of individuals' _____ during mitigation response actions.
Which discipline has access to information about personnel.
_____ may be able to pinpoint a cause underlying a behavioral issue.
Mental health / behavioral science
Which technique would you recommend to a multidisciplinary team that lacks clear goals, roles, and communication protocols?
Select a team leader
Which technique would you recommend to a multidisciplinary team that frequently misunderstands one another?
Develop a common framework
An agreed upon common _____can aid in understanding.
Which technique would you recommend to a multidisciplinary team that is missing a discipline?
Bring in an external subject matter expert
Which technique would you recommend to a multidisciplinary team that is co-located and must make an important decision?
Mary and Len disagree on a mitigation response option and list the pros and cons of each. Mary and Len demonstrate _____ mindsets and are engaged in adversarial collaboration.
Jake and Samantha present two options to the rest of the team and then take a vote. Jake and Samantha demonstrate _____ mindsets, are dominating the rest of the team, and limit the ability of the team to develop additional options.
The team bans all removable media without exception following the loss of information. This is an example of _____
Which technique would you use to avoid group polarization?
Brainstorm potential consequences of an option; group polarization often fails to consider unintended consequences.
Which technique would you use to enhance collaborative ownership of a solution?
Engage in an exploratory mindset; an exploratory mindset focuses on collaborative problem solving.
Which technique would you use to resolve the relative importance assigned to pieces of information?
Use a key assumptions check; a key assumptions check can be helpful in weighting the value of information for analysis.
Which technique would you use to clear a misunderstanding between two team members?
Explain each other's perspective to a third party; the mutual understanding approach requires each side to understand the other person's perspective well enough to explain it to someone else.
Sets with similar terms
Org Behavior Chapter 1
KIN 464 Exam 1
A440 ch9 Leading: Theories and Models
Business 1750 Test 2
Other sets by this creator
DoD Directives/Instructions, Executive Orders, and…
Insider Threat Records Checks
Executive Order 13587