Write a respons to bellow
example of someone already respond to this
The topic I researched continues to be an examination of how well current federal policies are impacting the insider threat to government networks and systems. This week I pulled a peer reviewed article from the APUS library titled “User Awareness of security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach”. This article comes out of the gate describing the insider threat as responsible for 50-75% of security incidents posed to organizations. This is roughly inlibe with other references indicating the high rate of risk coming from inside the doors. Most strategies for combating threats include deterrence, prevention, detection, and recovery. Various aspects of deterrence detection and prevention can all be addressed in some form with an adequate insider threat training program.
Doing an online Google search with the key phrase of “training to deter cyber insider threats” yielded several good articles and even a few articles from trade journals. Cyber Defense Magazine had a promising article titled Training to Tackle Insider Threats” which did a very good job of highlighting the significant threat that insiders pose to all organizations and their information systems. Burke points out that 74% of all breaches originate from within an organization and uses a very good hook to grab the reader with his “age-old horror movie trope, when it comes to cyber security, the calls are coming from inside the house” line (Burke). Employees should be screened from the beginning with thorough background checks before they ever step foot inside the door, then the training begins (Burke). This includes both initial and periodic training to keep the concepts fresh. Be on the look put for the contractor, both individual and partner companies (Burke). A contractors credentials were used to hack OPM in 2015. Home Depot was hacked by backdooring through a third party contractor’s network that wasn’t firewalled properly.
I found it interesting that a generic Google search did bring up several trade journal articles. One hit was from the European Journal of Information Systems called “A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings. This articles discusses how deterrence theory predicts that malicious intent and complacency can often be overcome with the threat of various punishments that when carried out in a swift and severe way can keep individual users in line. A side note on this article is that it is co-authored by the same person who co-authored the peer reviewed article above and it is important to not use the same author to many times so I probably wouldn’t use this as an actual reference in my paper if I can help it.
My dependent variable now would be to determine how effective insider threat training (along with general IS/IA training) is to mitigating the threats inherent in the user domain for federal agencies. IE- has there been a measurable percentage drop in errors, breaches, etc in a given timeframe. Some dependent variables include measuring any statistical data against variations in amounts of threats both internal and external (Growth in employee population and changes in number of threats faced can both skew the statistics).
D’arcy, John, Hovav, Anat, Galletta, Dennis. (2009). User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach. Retreived from https://search-proquest-
Example to follow
The insider threat is by far the most serious threat that any organization faces.Recent history with classified government information has proved that the insider threat poses an incredible risk to the organization.One individual with full access to sensitive information can completely take down a company’s operations.The perfect example is Edward Snowden, his public disclosures compromised an enormous amount of intelligence operations forcing massive changes in the organization in response.The biggest shortfall in the current outbreak of government disclosures is likely the background security check that takes place before granting access.Almost all of the individuals that have been involved with the large scale security leaks have been from one defense contractor: Booz Allen Hamilton.To me, this makes the best solution easy, a massive audit on the screening conducted by that company of potential employees.The Army has a training program in place for being able to identify a potential insider threat so they can be countered.However, the training has become incredibly stagnant.I have taken the same insider threat training for several years and it has become nothing but another annual training class that I have to get through as quickly as possible and I never really learn a thing.Insider threat awareness training should be more comprehensive, especially in the military.
Discuss your literature review findings regarding the topic you researched
Based on your literature review redefine and state your key variables
Social Research Methods: http://www.socialresearchmethods.net/
The Research Methodology: http://www.experiment-resources.com/research-methodology.html
Type of Research: http://www.researchamerica.org/public_opinion?gclid=CO_rg_jv0aMCFRr6iAoda3FWtg
Sage Research Methods Online: http://www.methodspace.com
APA Format and Writing Style: http://www.apa.org
APUS Capstone Manual: Capstone_Manual.pdf
Literature Review Article: Cybercrime article for literature review.pdf