The Importance of PS-3 (Personnel Screening)
It’s All About the Insider Threat
Personnel Security controls may seem cumbersome and involved, especially when talking about unclassified systems. Everyone knows the risk of insider threat but no one seems to really understand the damage that can be caused. Unclassified and sensitive systems are just as much at risk as any other systems when considering proprietary information and the cost of Research and Development (R&D) efforts. Much of this is intangible… it’s hard to quantify the loss a company suffers if their new experimental design is stolen. Â
And yet, this happens all the time. A great example happened in August 2016, when a naturalized US citizen with ties to China tried to provide China with military secrets (Muncaster, 2016). In this case, it was military information… but in the case of Greg Chung all of the information provided to China was technically unclassified, which did not lessen the impact (Bhattarcharjee, 2014). Â
The importance of PS-3 cannot be understated. It is critical that individuals are screened and re-screened before and while having access to information – whether that information is classified or “just” unclassified.
References:
Bhattacharjee, Y. (2014). How the FBI Cracked a Chinese Spy Ring. Retrieved from: http://www.newyorker.com/news/news-desk/how-the-f-b-i-cracked-a-chinese-spy-ring Â
Muncaster, P. (2016). Chinese Woman Gets 50 Months for Jet Engine Export Plot. Retrieved from: http://www.infosecurity-magazine.com/news/chinese-woman-gets-50-months-for/?utm_source=twitterfeed&%3butm_medium=twitter&utm_source=360Works%20CloudMail&utm_medium=email&utm_campaign=NewsWatch
Further Reading:
Dr. Susan Cole is a 2008 graduate of the University of Fairfax with a PhD in Information Assurance (Cybersecurity). She received her MBA from Salem International University (2007), her MA from American University in International Politics (1995), a BA from Wilson College in Foreign Languages (1994) and an AA in Mandarin Chinese (1997). For her PhD, she studied what influences the decision making process for IT and Cybersecurity managers in their recommendations to adopt and implement new security technology in their organizations. The specific technology she researched was Biometrics. She has achieved and maintains certification as both a Certified Information System Security Professional (CISSP) and a Certified Ethical Hacker (CEH). She also obtained her Certificate of Cloud Security Knowledge (CCSK). She’s held numerous positions from Cybersecurity Policy writer for an enterprise to a member of an Incident Response Team. Much of her career has focused on certification and accreditation (C&A) activities, now assessment and authorization (A&A) under NIST’s Risk Management Framework. She provided consulting support to small companies and now works as an Information System Security Officer (ISSO). Dr. Cole has been teaching since 2012 and has been involved with Colorado Technical University (CTU), Concordia University, Baker College, University of Maryland (UMUC), and Thomas Edison State University (TESU).
