Security Technology Executive

MAY-JUN 2018

Issue link: https://securitytechnologyexecutive.epubxp.com/i/994589

Contents of this Issue

Navigation

Page 19 of 79

20 SECURIT Y TECHNOLOGY E XECUTIVE • May/June 2018 • www. SecurityInfoWatch.com but fail to incorporate CI considerations into their threat analyses. This can create blind spots and an incomplete threat pic- ture, especially with respect to the origin and attribution of specific threats. Many security programs are also increasingly being forced to deal with things like the 'off-campus' employee, where activity on the organization's networks is minimal and the majority of the activity is being conducted on someone else's systems and networks. Safeguarding sensitive information on multiple domains in multiple locations is always a challenge but adopting a robust CI posture typi- cally encourages security programs to consider additional threat vectors like these in the overall mitigation strategy. Due diligence associated with mergers and acquisitions also benefit from a 'CI look', especially when there is a known foreign component involved. Assisting corporate investigations, fostering direct relationships with government agencies and networking with industry partners for training and threat intelligence shar- ing are additional examples of how CI resources bring additional insights and add value. Because the concept of counterin- telligence sometimes remains misun- derstood in the corporate realm, some socialization and education are needed. The CSO must be able to comprehend the concept fully and know how to explain it to others in the organization so expecta- tions are understood from the top down and everyone's role can be defined. They must own the program, right out of the gate, and that will help with its successful implementation. They must construct a transparent governance plan and be prepared to deal with possible cultural resistance. Resources and Information on CI Many organizations seeking to drive a successful CI program often start by bringing in professionals trained in the CI discipline. These assets are easier to find than one might think. In addi- tion to former federal CI practitioners (FBI, CIA, Department of Defense, etc.), organizations are turning to intelligence About the Author: John Slattery, SEC Emerit us Facult y, is a securit y consultant specializing in intelligence-driven solutions, prov iding a wide array of ser v ices to diverse clients in many vertical markets. Slattery is the former Federal Bureau of Investigation Counterintelligence Deput y Assistant Director. He can be reached at jslattery@secleader.com. community analysts with CI expertise as well as former state and local law enforcement personnel, many of whom bring other knowledge, skills and abili- ties with them like investigations and interviewing. There are also many great programs in intelligence analysis and exploitation at the college and university level, educat- ing and training the future workforce on CI and threat analytics. The right person can help drive a program, but they need to be integrated with the proper tools, enabling partners and resources. Corporate CI will never catch on in an organization that adopts a 'sky is falling' philosophy. However, once you deter- mine that a CI program might be right for your organization, take a measured and balanced approach. Clearly articu- late a transparent policy and expecta- tions, reinforce it through education and awareness training and then roll it out in an iterative fashion. Hold the pro- gram owner accountable, ensure that governance and oversight are prevalent and then manage it with discretion and employee privacy in mind. About the Security Executive Council (SEC) The SEC is the leading research and advi- sory firm focused on corporate security risk mitigation solutions. Having worked with hundreds of companies and organizations we have witnessed the proven practices that pro- duce the most positive transformation. Our subject matter experts have deep expertise in all aspects of security risk mitigation strategy; they collaborate with security leaders to transform security programs into more capable and valued centers of excellence. Watch our 3-min- ute video to learn more. Contact us at contact@secleader.com Website: https://www.securityexecu- tivecouncil.com SEC SECURIT Y STATE OF THE INDUSTRY BRIEFING RESOURCES Economic Espionage: Protecting America's Trade Secrets [https://www.fbi. gov/file-repository/economic-espionage-1.pdf/view] A Corporate Counterintelligence Guide - dni.gov [https://www.dni.gov/files/ NCSC/documents/Regulations/ProtectingKeyAssets_CorporateCIGuide.pdf ] Insider Threat is a Challenging Organizational Problem [https://www.secu- rityexecutivecouncil.com/spotlight/?sid=30918] FBI Announces Economic Espionage Awareness Cam- paign. https://www.fbi.gov/news/pressrel/press-releases/ fbi-announces-economic-espionage-awareness-campaign The Company Man: Protecting America's Secrets. https://www.fbi.gov/ news/stories/economic-espionage https://youtu.be/Gy_6HwujAtU The Report of the Commission on the Theft of American Intellectual Property http://www.ipcommission.org/report/IP_Commission_Report_052213.pdf COVER STORY

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - MAY-JUN 2018