National Insider Threat Special Interest Group - Virginia Chapter
Meetings
The
NITSIG is excited to announce the creation of a Virginia Chapter.
The NITSIG greatly
appreciates and thanks the ManTech Mission, Cyber & Intelligence Group, in
Herndon, Virginia for offering to host NITSIG Virginia Chapter Meetings.
The NITSIG
would like to invite its members and other security professionals to
the next meeting. Non-NITSIG Members may attend.
Their is NO CHARGE to attend NITSIG meetings. Meeting
attendees will receive comprehensive guidance and best practices that
they can use to establish and manage an Insider Threat Program, to
protect their organizations data, information systems, networks and
personnel from Insider Threat risks.
Date
June 18, 2018
Time
9am-12pm
Meeting Location
ManTech
Mission, Cyber & Intelligence Group
2251 Corporate Park Drive
Herndon, Virginia, 20171
3rd
Floor
Parking is available in the garage next to the ManTech building.
Topic Of
Discussion
Protecting Controlled Unclassified
Information (CUI)
Background On Protecting CUI
On November 4, 2010, the President signed
Executive Order 13556, Controlled Unclassified Information. The
Executive Order established a government wide CUI Program to standardize
the way the executive branch handles unclassified information that
requires protection. It designated the National Archives and Records
Administration (NARA) as the Executive Agent to implement the program.
The Archivist of the United States delegated these responsibilities to
the Information Security Oversight Office.
The requirements for the protection of CUI provide a set of “minimum”
security controls for contractor information systems upon which CUI is
processed, stored on, or transmitted through. These security controls
must be implemented at both the contractor and subcontractor levels
based on the information security guidance in
NIST Special Publication (SP) 800-171: Protecting Controlled
Unclassified Information In Non-Federal Information Systems And
Organizations.
The CUI protection requirements are intended for use by federal agencies
in contractual vehicles or other agreements established between those
agencies and nonfederal organizations. Failure to implement the security
controls to protect CUI, would be a breach of contract.
For an Insider Threat Program to be robust and effective, it must be
built upon an established security foundation within an organization.
The NIST SP 800-171 covers many security controls that can support
Insider Threat Risk Mitigation.
This meeting is also very well suited for any organization or business
that is not required to protect CUI, but is looking to enhance their
Information Systems Security Program / Insider Threat Program.
Presentation # 1
Presentation -
Topic Of Discussion
Protecting Controlled Unclassified Information (CUI)
This presentation will provide the attendees with an overview of the CUI
Program, its origins, and review the safeguarding elements found in the
CUI implementing directive 32 CFR Part 2002.
Speaker
Mark Riddle
Information Security Oversight Office
Senior Program Analyst
Lead for Controlled Unclassified Information Program Oversight
Presentation # 2
Presentation -
Topic Of Discussion
Going Beyond Compliance Requirements For Protecting Controlled
Unclassified Information
This presentation will focus on understanding simple techniques that
"Malicious Insiders" can use to exfiltrate data and other valuable
information from within an organization. These techniques have
successfully been used to exfiltrate sensitive business information
during Insider Threat Risk Assessments. Understanding the "Malicious
Insiders Playbook" of options is critical.
Speaker
Jim Henderson
NITSIG Founder / Chairman
Insider Threat Program Development / Management Training Course
Instructor
Insider Threat Analyst, Vulnerability Assessor & Mitigation Specialist
CEO Insider Threat Defense, Inc.
(Bio)
Registration
Link To NITSIG Meeting Tickets On Eventbrite:
The cost to attend is FREE. Please visit the link below to
reserve your seat at the meeting. Seating is limited to 125 people, so please register
early.
Registration Link
Attendance Requirements
You
must be a U.S. Citizen to attend this event. A valid Drivers License or
U.S. Government issued ID is required at the door.
News Media
All
News Media Representatives
MUST BE APPROVED
by the NITSIG to attend this event.
PREVIOUS MEETINGS
Date
December 5, 2017
Time
9am-12pm
Speakers / Presentations
Topic
Human Resources Interaction With An Insider Threat Program
Presentation
The
presentation will focus on Human Resources interactions and
contributions with the Insider Threat Program. The gathering and sharing
of employee information is essential for the success of an Insider
Threat Program. Equally important is protecting employee's privacy and
civil liberties.
Download Presentation
Presented By
Davita N. Carpenter, SHRM-SCP
Vice President of Human Resources / Employee Care
Compliance / Ethics Officer
Novetta
Bio
Topic
Behavioral Indicators Of Insider Threat: Looking Forward
Presentation
This presentation explores the increasing role of behavioral science
plays in understanding and mitigating the process by which a trusted
insider becomes a malicious actor. The presentation will also cover the
current dominant behavioral / psychological model of Insider Threat.
Download Presentation
Presented By:
Dr. Robert Gallagher
Senior Behavioral Advisor
DoD Insider Threat Management and Analysis Center (DITMAC)
NITSIG Board Member / Scientific Director
Bio
Topic
Using Financial
And Public Records Data Analytics For Insider Threat Detection
Presented By
Jeffrey Huthn - Transunion
Presentation
This presentation will discuss how utilizing trended financial and
public records data analytics can provide investigators with insights
into employees’ behavior outside of the workplace and may be indicative
of elevated risk to their behavior as it applies to the workplace.
Download Presentation
NITSIG Membership Application
To join the
NITSIG you must complete and sign the NITSIG Membership Application.
Instructions for e-mailing the application to the NITSIG are in the
application.
NITSIG Membership Application
Once the NITSIG
receives your application, it will be reviewed for approval. You will
receive an e-mail once your application has been approved. Once
approved, you will be added to the NITSIG e-mail distribution list for
future meeting announcements and other information. A valid photo ID
will need to be presented for admittance to NITSIG meetings.
NITSIG Chapters
Please contact the NITSIG if you would be interested in establishing a
NITSIG Chapter in your area. As a NITSIG Chapter President you will be
recognized as a leader and expert dedicated and committed to Insider
Threat Risk Mitigation.
Questions
Please send any questions about this event via
email to;
info@nationalinsiderthreatsig.org
Or call; 561-809-6800