Dr. Newkirk Books on Barnes & Noble
The Psychology of Insider Threat Prevention Cyber Security Series
Part 1: Identifying the Pieces of the Puzzle
Insider Threat Prevention Cyber Security is difficult because Prevention requires a very different perspective than "after the fact" discovery and remediation. Insider Threat Prevention Cyber Security requires not only a collection of technological solutions but also an enterprise-wide architecture that may necessitate a complete organization redesign effort in which every employee will be expected to adopt new, and more robust, Cyber Security protocols continuously. Depending on the nature of the organization involved and the type of data managed, the security measures may be quite restrictive and informed by a "zero trust" perspective where everyone must be monitored 24X7. For example, a work environment informed by the principles, or Hallmarks, of Continuous Performance Management may conflict with Insider Threat Prevention Cyber Security strategies, policies and practices to such an extent that management may be forced to abandon several of the more prominent CPM Hallmarks including "Openness" "Trust", "Management Realignment", and "Self-Directed" teams.
This series uses the Problem of Continuous Performance Management as a platform for introducing the components of a robust Insider Threat Prevention Cyber Security environment. Here you will learn about the Behavioral Science and Psychology involved in designing an Insider Threat Prevention Cyber Security architecture and the perspectives and strategies that make Insider Threat Prevention Cyber Security successful.
Part 2: Unifying Continuous Performance Management and Insider Threat Prevention Cyber Security
Insider Threat Prevention Cyber Security is a Behavioral, Technical, Managerial, Psychological, and Governance, Risk Management, and Organization Architecture challenge. Part One of the series identifies the disciplines, components, ,perspectives, and strategies that security designers must master to design, implement, and maintain throughout the enterprise to deliver Insider Threat Prevention Cyber Security. Since about 30% of all malicious insider Cyber Attacks completely destroy their targets, proactive identification and prevention are essential.
The seriousness and consequences of Insider Attacks place an extreme burden on executives and managers to govern their organizations with a consistently high level of command, communications, control, and coordination. Such strict levels of control and governance pose a problem for an organization that are dedicated to organization models that value trust, openness, and employee self-direction as core Hallmarks of management thinking and team practice. Since Insider Attacks commonly occur by a senior-level and trusted employee with extended access to valuable proprietary information on computers and networks in the form of electronic knowledge, information, and data, Cyber Security people require solutions that enable them to identify human threats behaviorally, sociologically, psychologically prior to any threat action. Prevention is the key when establishing a robust Insider Threat Prevention Cyber Security Program. An insider attach that takes months to discover can be so dangerous that an enterprise may not survive.
While most Cyber Security strategies are engaged long after the attack has occurred, Insider Threat Prevention has to occur prior to any malicious Cyber Event is put into motion. Insider Threat Prevention Cyber Security is difficult because a Cyber Security Specialist has to resolve the threat before it has a chance to even get under way. This rarely happens because the plans of the malicious actors remain hidden until the attack has occurred. When this occurs, the damage has been done. .
This Series of books (1) identifies the pieces of the Insider Threat Prevention Cyber Security puzzle, (2) presents these pieces in a coherent manner to form an appropriate and adequate Insider Threat Prevention Cyber Security Program methodology, and (3) defines and implements a range of appropriate enterprise-wide and technical strategies that generate the Applied Intuitive Solutions that resolve the insider threat. While part One of the Series describes the Insider Threat Prevention Cyber Security environment, Part Two examines the challenge of complex workplace relationships and the Human Relations Process Model that enables teams to master the Behavioral Side of Insider Threat Prevention Cyber Security. Part Two also examines the problem of sociopathology of the objectives and manipulative workplace relationships that generally produce malicious insider Cyber attacks that destroy organizations. The series also examines Spiritual Relationships in the workplace and their impact on teams and managers.
Part 3: Implementing Insider Threat Prevention Cyber Security
This book, the third of a four book series, introduces forty behavioral, psychological, management, and technical strategies that collectively enable organizations to unify Continuous Performance Management and other enterprise models with Insider Threat Prevention Cyber Security interventions. Recognizing the core functions of Cyber Security, including Identify, Protect, Detect, Respond, and Recover, do not adequately secure organizations against malicious or accidental insider attacks, the author has designed an Insider Threat Prevention strategic architecture that unifies the Insider Threat Prevention function with the enterprise architecture. Through this unification process, every organization becomes an Insider Threat Prevention Cyber Security enterprise that facilitates the success of all business units by recognizing and neutralizing every incidence of unacceptable insider intrusion.
With the constant incursion of very powerful and complicated information technologies into every corner of human life at work and home, the ascent of Insider Threat Prevention Cyber Security as an absolute necessity seems more than reasonable. Unfortunately, this ascent had not yet materialized for several reasons. In the first place, people generally view Insider Threat Prevention Cyber Security as just another kind of technical intrusion that interferes with daily life. People do not see the reasonableness of piling technology upon technology to better control technology. Secondly, Insider Threat Prevention Cyber Security is expensive in several ways, money and inconvenience. Insider Threat Prevention Cyber Security gets in the way by interfering with one's lifestyle and it depletes financial resources. Beyond these common objectives, people draw back from it because they do not what to life this way, everything, every word and every act, monitored every minute of every day at work, and perhaps at home for the home-bound employee. It is kind of spooky to work in a fish bowl. In the modern workplace people want to be trusted and be coached, but not managed and certainly not monitored throughout the day.
This is just scratching the surface. When asked about Insider Threat Prevention Cyber Security, people think that it is a good idea for other organizations, but their organization never does anything dubious enough to raise the concern of managers. However, management absolutely should monitor people in the other departments because one can never be too sure what is going on in the world of today. As management begins to summarize the conflicting opinions and attitudes about Insider Threat Prevention Cyber Security throughout the enterprise, they can clearly see that Insider Threat Prevention Cyber Security is essential to the safe governance and operations of the information technology assets, including people and data.
The author wrote this series to guide management and their organizations through the pitfalls and tarpits of designing and implementing a unified Continuous Performance Management and Insider Threat Prevention Cyber Security Program.
Part 4: Mastering the Components and Systems of Insider Threat Prevention Cyber Security
Cyber Terror, Cyber Crime, Cyber Security, and Insider Threats should by now be the concerns of every well informed executive in this country. Even if this were the case, however, it will not be enough to save the organization if the common cyber terrorist gains a foothold with an employee on the inside of the company. Cyber Security professionals have their hands full defending against the externally based malicious actors. By adding the problem of the malicious insider to the challenge of Insider Threat Prevention Cyber Security everything changes. Now the executive faces much more than a simple uphill battle. The executive is facing a career destroying challenge that introduces a new level of complexity to an already complex world that describes management life in the modern business organization run by a wide range of elaborate and powerful Information Technologies.
This book, Part Four in a thought proving series about The Psychology of Insider Threat Prevention Cyber Security, examines the landscape of Cyber Security, especially Insider Threat Prevention Cyber Security, and introduces how the Behavioral Sciences enables Cyber Security specialists to design and implement potent strategies that will neutralize the capabilities and advantages of malicious insiders. These strategies may require executives to redesign many of the embedded organizations and business processes, but this may be the price a company has to pay to remain functionally sound. This book builds upon the wisdom provided in the earlier three books fill the gaps in the Insider Threat Prevention Cyber Security problem-solving environment. The book presents in a coherent fashion how the different disciplines come together to solve the Insider Threat Prevention Cyber Security threat to business operations and competitive health.
Throughout this series, I discussed definitive insights and themes in The Psychology of Insider Threat Prevention Cyber Security that can prepare the ITP CS Specialist to become more aware and cautious about the genius of the ordinary malicious insider. Malicious insiders are not often stupid. They are most often very smart people who do stupid things. The dangerous challenge occurs when brilliant people launch malicious insider attacks brilliantly. As we know by now, Insider Attacks can be fatal to an organization. We can never take cyber safety for granted.
ITP Cyber Security is all about a kind of interaction that is highly charged by a range of psychological elements such as feelings, models of communications, signs, messages, special purpose languages, the ITP 3Cs of Conflict, Cooperation, Competition, the behavior of social groups, Ideal-Seeking Systems Behavior, mastery of logical propositions, constraints of time, the problem of distortion and faulty observation, and the perfection of perception and identity.
These are all rich topics with a long history of development and clarification even before they were applied to Cyber Security. The challenge of working with people in your enterprise who may or may not be malicious insiders is one of the great challenges faced today by employees, managers, executives and the customers we all serve. Solutions, real solutions, the kind of solutions that prevent malicious insider cyber-attacks are difficult to discover, but you can discover them if you properly prepare yourself for a new kind of psychological warfare.
Normally, special teams mitigate insider attacks after the attacks have occurred. Rarely does anyone actually prevent them. This is why I wrote this series. I know we can prevent them, I know how we can prevent them. I realize that management first designs an enterprise as a business entity. Sometime later, management then implements a Cyber Security organization to resolve insider threats. Today, this is a problem. You only need to think about Continuous Performance Management. It is wrought with risks the CPM people call Hallmarks.
In the near future, however, success will require an organization to be designed as a unified Business Process-Insider Threat Prevention Cyber Security enterprise that executes business transactions in a highly secure cyber driven environment. In closing this series, I want to leave you with a few clarifications that will mean a lot to you when your time comes.
In ITP Cyber Security, accuracy matters. Accuracy matters when we present the facts and assumptions of the cyber threat environment. Accuracy matters when we state the facts of the problem situation of insider threats. Accuracy matters when we define the terms and concepts of the cyber threat environment. Accuracy matters when we discuss the choice situations of the cyber threat environment.
Accuracy also matters when we describe Interpersonal Feelings in a highly rational and disciplined manner such as when we state that: Gratitude occurs when one individual (A) is grateful to another (B) for something (X) if A believes B intentionally produced X and A is satisfied with X. Or, when we say that Blame occurs when one individual (A) blames another (B) for something (X) if A believes B intentionally produced X and A is dissatisfied with X. (Ackoff & Emery, 1981, pg. 140).
Using this formal form in descriptions, we are able to more clearly measure the important elements of each formal description. Measures actually exist for blame and gratitude. These measures are the products of the measures of belief and satisfaction or dissatisfaction. Can you see how a single description establishes a series of descriptive relationships that are measurable and deliver deeper meaning of the concept?
This is the language we should use if describing any Insider Attack environment that emerges from one day to the next.
This book presents the core of the language required to appropriately describe and model a malicious insider Cyber Security attack. The book walks you through a discussion of the Insider Threat as a Problem Situation and describes the formal language required to identify the Choice Situation. It further discusses how you can estimate the intensities that define the satisfaction and dissatisfaction levels associated with the emotional dimension of the Problem Situation. Beyond this, Part Four in this Series presents the Psychological characteristics of the Insider Threat Prevention Team opposing the malicious insider and how these characteristics line up with the psychological characteristics of the malicious insider. The book makes the case that the an employee as a malicious insider can become a cyber terrorist who can completely destroy an enterprise in a sort time by executing a well-planned attack strategy that could take several months to resolve under the best circumstances or not be resolved at all and thus close down the enterprise.