Insider Threat Prevention Cyber Security Series
Part 4: Mastering the Components & Systems of Insider Threat Prevention Cyber Security
Cyber Terror, Cyber Crime, Cyber Security, and Insider Threats should by now be the concerns of every well informed executive in this country. Even if this were the case, however, it will not be enough to save the organization if the common cyber terrorist gains a foothold with an employee on the inside of the company. Cyber Security professionals have their hands full defending against the externally based malicious actors. By adding the problem of the malicious insider to the challenge of Insider Threat Prevention Cyber Security everything changes. Now the executive faces much more than a simple uphill battle. The executive is facing a career destroying challenge that introduces a new level of complexity to an already complex world that describes management life in the modern business organization run by a wide range of elaborate and powerful Information Technologies.
This book, Part Four in a thought proving series about The Psychology of Insider Threat Prevention Cyber Security, examines the landscape of Cyber Security, especially Insider Threat Prevention Cyber Security, and introduces how the Behavioral Sciences enables Cyber Security specialists to design and implement potent strategies that will neutralize the capabilities and advantages of malicious insiders. These strategies may require executives to redesign many of the embedded organizations and business processes, but this may be the price a company has to pay to remain functionally sound. This book builds upon the wisdom provided in the earlier three books fill the gaps in the Insider Threat Prevention Cyber Security problem-solving environment. The book presents in a coherent fashion how the different disciplines come together to solve the Insider Threat Prevention Cyber Security threat to business operations and competitive health.
Throughout this series, I discussed definitive insights and themes in The Psychology of Insider Threat Prevention Cyber Security that can prepare the ITP CS Specialist to become more aware and cautious about the genius of the ordinary malicious insider. Malicious insiders are not often stupid. They are most often very smart people who do stupid things. The dangerous challenge occurs when brilliant people launch malicious insider attacks brilliantly. As we know by now, Insider Attacks can be fatal to an organization. We can never take cyber safety for granted.
ITP Cyber Security is all about a kind of interaction that is highly charged by a range of psychological elements such as feelings, models of communications, signs, messages, special purpose languages, the ITP 3Cs of Conflict, Cooperation, Competition, the behavior of social groups, Ideal-Seeking Systems Behavior, mastery of logical propositions, constraints of time, the problem of distortion and faulty observation, and the perfection of perception and identity.
These are all rich topics with a long history of development and clarification even before they were applied to Cyber Security. The challenge of working with people in your enterprise who may or may not be malicious insiders is one of the great challenges faced today by employees, managers, executives and the customers we all serve. Solutions, real solutions, the kind of solutions that prevent malicious insider cyber-attacks are difficult to discover, but you can discover them if you properly prepare yourself for a new kind of psychological warfare.
Normally, special teams mitigate insider attacks after the attacks have occurred. Rarely does anyone actually prevent them. This is why I wrote this series. I know we can prevent them, I know how we can prevent them. I realize that management first designs an enterprise as a business entity. Sometime later, management then implements a Cyber Security organization to resolve insider threats. Today, this is a problem. You only need to think about Continuous Performance Management. It is wrought with risks the CPM people call Hallmarks.
In the near future, however, success will require an organization to be designed as a unified Business Process-Insider Threat Prevention Cyber Security enterprise that executes business transactions in a highly secure cyber driven environment. In closing this series, I want to leave you with a few clarifications that will mean a lot to you when your time comes.
In ITP Cyber Security, accuracy matters. Accuracy matters when we present the facts and assumptions of the cyber threat environment. Accuracy matters when we state the facts of the problem situation of insider threats. Accuracy matters when we define the terms and concepts of the cyber threat environment. Accuracy matters when we discuss the choice situations of the cyber threat environment.
Accuracy also matters when we describe Interpersonal Feelings in a highly rational and disciplined manner such as when we state that: Gratitude occurs when one individual (A) is grateful to another (B) for something (X) if A believes B intentionally produced X and A is satisfied with X. Or, when we say that Blame occurs when one individual (A) blames another (B) for something (X) if A believes B intentionally produced X and A is dissatisfied with X. (Ackoff & Emery, 1981, pg. 140).
Using this formal form in descriptions, we are able to more clearly measure the important elements of each formal description. Measures actually exist for blame and gratitude. These measures are the products of the measures of belief and satisfaction or dissatisfaction. Can you see how a single description establishes a series of descriptive relationships that are measurable and deliver deeper meaning of the concept?
This is the language we should use if describing any Insider Attack environment that emerges from one day to the next.
This book presents the core of the language required to appropriately describe and model a malicious insider Cyber Security attack. The book walks you through a discussion of the Insider Threat as a Problem Situation and describes the formal language required to identify the Choice Situation. It further discusses how you can estimate the intensities that define the satisfaction and dissatisfaction levels associated with the emotional dimension of the Problem Situation. Beyond this, Part Four in this Series presents the Psychological characteristics of the Insider Threat Prevention Team opposing the malicious insider and how these characteristics line up with the psychological characteristics of the malicious insider. The book makes the case that the an employee as a malicious insider can become a cyber terrorist who can completely destroy an enterprise in a sort time by executing a well-planned attack strategy that could take several months to resolve under the best circumstances or not be resolved at all and thus close down the enterprise.