The news is rife with terrorist attacks across the world. Information security professionals cannot fix every hole by implementing the latest “solution.” In “Counterterrorism—The People Factor” an interactive and facilitated Peer2Peer session that built on Dr. Southers’ AVSEC presentation at the 2015 RSA Conference, the group shared practical insight into assessing the people factor involved in detecting, mitigating or eliminating risks.
Who attended the session, and what kind of topics did the discussion center around?
The session was well attended with some CISOs, some security administrators and some practitioners. The organizations represented where government (U.S. and other), Energy (two or three power distribution, grid operators), health care and some mixed technology.
The topics moved quickly and focused on insider threats, centering on the physical access to sensitive areas, workplace violence and the ease of access to sensitive areas by a cleared and credentialed persons. The discussion was very lively when talking about vetting vendors and refreshing such vetting and access before clearance.
What, if any, were the themes which emerged from the discussion? What was the most interesting takeaway or point made?
To me, the most interesting point was the new level of awareness of the threat posed by insiders and the extreme damage that can be done by a disgruntled employee, contractor or extremist who penetrated the organization. The participants “got” it and were very concerned and focused on prevention and mitigation of these threats.
How should people be applying things they’ve learned in their jobs today?
They should take back the message to the organization that vetting prior to access granting is critical, refreshing the vetting process for critical infrastructure access is important and paying attention to behavioral change is key.
Johnathan Tal is the President and CEO of TAL Global Corporation, an international firm that extends the concept of high-quality service to cover the world of Security Consulting and Management. Tal played a crucial role in bringing the first conviction in the State of California under Penal Code 502 “Theft by Computer” and has been involved with investigating and securing Intellectual Property by working for corporate and government clients. Tal is an ongoing guest lecturer at RSA and Stanford’s MBA program.