insights.jpg
Dec
07
2016

DSS In Transition. Wants to Move to a Threat-Based Security Model

By Greg Cullison

Details are emerging, but DSS leadership has begun speaking in public about its desire to reform from within. Taken collectively, the new approach is quite radical for an agency that deploys legions of industrial security reps to enforce security-by-checklist.

Let’s peer through the magnifying glass to see where DSS is moving.

Read More
Nov
09
2016

Why Your New Insider Threat Program Should Create Less Work - Not More

By April Resnick

When you hear the words "insider threat program", do you immediately think of Big Brother looking over your shoulder and trying to catch you doing something wrong? It's a common misconception. The truth is, the new NISPOM Change 2 requirements are in place to help your company decrease the number of false positives that could be flagged as insider threat risks by looking at a combination of multiple points of data, instead of individual events.

Read More
Nov
02
2016

DSS Published an Insider Threat Plan. What Does That Mean For You?

By Greg Cullison

To some hoopla DSS PUBLISHED A SAMPLE INSIDER THREAT PLAN to be used as a template. The result fell short of expectations. At public forums, DSS spoke of clickable, fillable PDFs and the like. Some companies we have spoken to actually had been sitting on their hands waiting for “DSS to tell us what to do.”

Read More
Oct
12
2016

Everything You've Always Wanted to Know About Designing an Insider Threat Program* (*But Weren't Sure Who To Ask)

By April Resnick

There's been a lot of grimacing and hand-wringing about the new NISPOM Conforming Change 2 requirements for months; the November 2016 DSS deadline is rapidly approaching and it's time to take action. You've skimmed the ISL, looked over CDSE's Job Aid -- maybe you've even gone into e-FCL to nominate your Insider Threat Program Senior Official.

But are you ready to launch an operational insider threat program, drawing data from different sources and sharing information across functional areas?

Read More
Jul
20
2016

Negligence and Carelessness: Punk Rock Band, or Conforming Change 2 Requirement?

By Greg Cullison

By now, you are familiar with the concept of insider threat and the ways in which the methodology outlined in Conforming Change 2 can help identify and mitigate malicious attacks against your company's assets. It goes without saying that blatant disregard for security protocol and obvious signs of employee disgruntlement should be documented and investigated immediately. But in order to reach full compliance (and maximum effectiveness), you can’t stop there! Let’s take a look at section 3-104.b of Industrial Security Letter (ISL) 2016-02:

Read More