Select all of the correct responses. how can insider threat programs protect classified information?

Home
FedRAMP
PM-12

Inhaltsverzeichnis Show

PM — PROGRAM MANAGEMENT
PM-12: INSIDER THREAT PROGRAM
SUPPLEMENTAL GUIDANCE
CONTROL ENHANCEMENTS
REFERENCES:
Find out how much you know about preventing user-caused cybersecurity incidents through education in this security awareness training quiz for infosec pros.
How can insider threat programs protect classified information?
Which insider threat hub operation involves instituting appropriate security countermeasures including awareness programs?
Which of the following allows the insider threat program time to plan a response ensures the privacy of the individual and preserves potential evidence?
Which are three ways to combat insider threats?

PM — PROGRAM MANAGEMENT

PM-12: INSIDER THREAT PROGRAM

FedRAMP Baseline Membership PM-12: NOT SELECTED

The organization implements an insider threat program that includes a cross-discipline insider threat incident handling team.

SUPPLEMENTAL GUIDANCE

"Organizations handling classified information are required, under Executive Order 13587 and the National Policy on Insider Threat, to establish insider threat programs. The standards and guidelines that apply to insider threat programs in classified environments can also be employed effectively to improve the security of Controlled Unclassified Information in non-national security systems. Insider threat programs include security controls to detect and prevent malicious insider activity through the centralized integration and analysis of both technical and non-technical information to identify potential insider threat concerns. A senior organizational official is designated by the department/agency head as the responsible individual to implement and provide oversight for the program. In addition to the centralized integration and analysis capability, insider threat programs as a minimum, prepare department/agency insider threat policies and implementation plans, conduct host-based user monitoring of individual employee activities on government-owned classified computers, provide insider threat awareness training to employees, receive access to information from all offices within the department/agency (e.g., human resources, legal, physical security, personnel security, information technology, information system security, and law enforcement) for insider threat analysis, and conduct self-assessments of department/agency insider threat posture.

Insider threat programs can leverage the existence of incident handling teams organizations may already have in place, such as computer security incident response teams. Human resources records are especially important in this effort, as there is compelling evidence to show that some types of insider crimes are often preceded by nontechnical behaviors in the workplace (e.g., ongoing patterns of disgruntled behavior and conflicts with coworkers and other colleagues). These precursors can better inform and guide organizational officials in more focused, targeted monitoring efforts. The participation of a legal team is important to ensure that all monitoring activities are performed in accordance with appropriate legislation, directives, regulations, policies, standards, and guidelines."

AC-6 — ACCESS CONTROL | LEAST PRIVILEGE
AT-2 — AWARENESS AND TRAINING SECURITY | AWARENESS TRAINING
AU-6 — AUDIT AND ACCOUNTABILITY | AUDIT REVIEW, ANALYSIS, AND REPORTING
AU-7 — AUDIT AND ACCOUNTABILITY | AUDIT REDUCTION AND REPORT GENERATION
AU-10 — AUDIT AND ACCOUNTABILITY | NON-REPUDIATION
AU-12 — AUDIT AND ACCOUNTABILITY | AUDIT GENERATION
AU-13 — AUDIT AND ACCOUNTABILITY | MONITORING FOR INFORMATION DISCLOSURE
CA-7 — SECURITY ASSESSMENT AND AUTHORIZATION | CONTINUOUS MONITORING
IA-4 — IDENTIFICATION AND AUTHENTICATION | IDENTIFIER MANAGEMENT
IR-4 — INCIDENT RESPONSE | INCIDENT HANDLING
MP-7 — MEDIA PROTECTION | MEDIA STORAGE
PE-2 — PHYSICAL AND ENVIRONMENTAL PROTECTION | PHYSICAL ACCESS AUTHORIZATIONS
PM-1 — PROGRAM MANAGEMENT | INFORMATION SECURITY PROGRAM PLAN
PM-14 — PROGRAM MANAGEMENT | TESTING, TRAINING, AND MONITORING
PS-3 — PERSONNEL SECURITY | PERSONNEL SCREENING
PS-4 — PERSONNEL SECURITY | PERSONNEL TERMINATION
PS-5 — PERSONNEL SECURITY | PERSONNEL TRANSFER
PS-8 — PERSONNEL SECURITY | PERSONNEL SANCTIONS
SC-7 — SYSTEM AND COMMUNICATIONS PROTECTION | BOUNDARY PROTECTION
SC-38 — SYSTEM AND COMMUNICATIONS PROTECTION | OPERATIONS SECURITY
SI-4 — SYSTEM AND INFORMATION INTEGRITY | INFORMATION SYSTEM MONITORING

CONTROL ENHANCEMENTS

NO CONTROL ENHANCEMENTS

REFERENCES:

Executive Order 13587

Find out how much you know about preventing user-caused cybersecurity incidents through education in this security awareness training quiz for infosec pros.

Too often, enterprises classify cybersecurity as an IT-only activity and discuss risk management exclusively in terms of technology or tools. Yet, multiple studies continuously prove that insiders pose one of the greatest risks to an enterprise's security. Whether accidental or malicious, insider threats can cause enormous financial and reputational damage -- for example, through data loss or exfiltration or falling victim to a phishing attack.

Organizations may instinctually turn to technology as the solution to insider threat prevention. While tools such as data loss prevention, firewalls and email filters may alleviate the symptoms of insider threats, they do nothing to address the root cause. To treat the issue of user-caused incidents at its core, IT leaders need to implement comprehensive and consistent security awareness training.

This security awareness training quiz's questions and answers are designed to test and reinforce understanding of infosec fundamentals. By taking this quiz, IT professionals will be in a better position to educate employees on security best practices at their own organization.

Next Steps

Cybersecurity employee training: How to build a solid plan

10 common types of malware attacks and how to prevent them

Enterprise cybersecurity hygiene checklist for 2022

The 7 elements of an enterprise cybersecurity culture

Top 5 password hygiene tips and best practices

This was last published in April 2021

Dig Deeper on Risk management

insider threat
By: Andrew Froehlich
Editor's picks: Top cybersecurity articles of 2021
By: Isabella Harford
6 ways to prevent insider threats every CISO should know
Data loss prevention quiz: Test your training on DLP features
By: Katie Donegan

How can insider threat programs protect classified information?

Insider threat programs are intended to: Deter personnel from becoming insider threats; detect insiders who pose a risk to their organizations resources including classified information, personnel, and facilities and mitigate the risks through early intervention and proactive reporting and referral of information.

Which insider threat hub operation involves instituting appropriate security countermeasures including awareness programs?

Deter Popup: Narrator: Insider Threat Hubs deter potential insider threats by instituting appropriate security countermeasures, including awareness programs.

Which of the following allows the insider threat program time to plan a response ensures the privacy of the individual and preserves potential evidence?

In general, your Insider Threat Program should avoid alerting the individual that they have been identified as a potential insider threat. This allows the Program the time needed to determine an appropriate response, ensures the privacy of the individual, and preserves evidence.