The following HTML text is provided to enhance online
readability. Many aspects of typography translate only awkwardly to HTML.
Please use the page image
as the authoritative form to ensure accuracy.
Summary of Discussions at a Planning Meeting on Cyber-Security and the Insider Threat to Classified Information
Wednesday November 1, 2000
Welcome and overview of the NRC and CSTB
Anita Jones, University of Virginia
Panel: The Psychological and Social Aspects of the Insider Threat
Michael Caloyannides, Mitretek Systems, Inc., [facilitator]
Bradley Wood, SRI International
David Keene, Defense Information Systems Agency
What are the psychological models of the insider? In what ways does the threat manifest itself for different types of insiders (e.g., disgruntled employees, blackmailed insiders, “sleepers”, unwitting accomplices, etc.)? Are there psychological and social issues that are more prevalent in military settings than in corporate settings? Does this change the nature of the strategies used against the insider threat? What policies and practices can actually be implemented that will help to cope effectively with the insider threat? Etc.
Dinner with after dinner speaker, Green Building, Room 126
A Management Framework for Security
Ron Knecht, Science Applications International Corporation
Thursday November 2, 2000
Panel: State of the Practice—Technology
Carl Landwehr, Mitretek Systems, Inc., [facilitator]
Nicholas Trio, IBM T.J.Watson Research Center
James Anderson, Consultant
What is the current state of the practice in terms of technological strategies to mitigate the insider threat? What technologies seem most effective? Which technologies are most commonly employed? Are these the most useful? Etc.
Panel: Emerging Capabilities and Future Research
Karl Levitt, University of California, Davis [facilitator]
Earl Boebert, Sandia National Laboratories
Gary Mcgraw, Cigital
Terry Benzel, Network Associates
What are the open research questions with respect to the insider threat? Are there new technologies on the horizon that seem likely to be effective? What are the most vexing
open problems, and why? Etc.
Lunch—Case Studies: Legal Aspects of the Insider Threat to Information Systems