Cybersecurity: Predictive Tools in Combating the Insider Threat?
Cybersecurity: What should be the Role of Psychological Forensic & Predictive Tools in Combating the Insider Threat? This event is sponsored by the IWP Cyber Intelligence Initiative. About the lecture: Today’s cybersecurity discussion seems to be dominated by numerous catch phrases. One of the favorite memes is that “human beings are the weakest link in cybersecurity.” This maxim is readily deployable in innumerable contexts, including when considering appropriate policies, practices and procedures for combating the so-called ‘insider threat.’ Heightened concern about the risk of compromise of organizational cybersecurity seem to be changing employment norms.What is to be done varies depending on what variety of insiders are being considered, their life-cycle, and operational environment. The most pernicious insider is an individual (human being) who (i) is a current or former employee; (ii) has, will have, or had authorized access to an organization’s computer information network, system, or data, and (iii) intentionally misused, or plans to misuse that access to negatively affect the confidentiality, integrity, or availability of the organization's information. Hence this definition only encompasses employees acting out of malice with respect to organizational goals.It is critical that organizations identify, recruit, retain, and deploy motivated and qualified people. In today’s work force, this can be a daunting task. The desire to expedite the on-boarding process is widespread. Unfortunately, it comes with considerable risks. Given improvement in the sophistication of technology and the understanding of human behavior, there is a greater willingness to experiment with the use of psychological forensic tools in both the recruitment process and on-going basis, in both the public and private sectors. What are the potential benefits and likely risks of adopting departing from the norms established with the passage of the Employee Polygraph Protection Act of 1988 given the heightened vulnerability of organizations to cyber-attacks?About the speaker:Ethan S. Burger is a Washington-D.C.-based international attorney and educator with a background in cybersecurity, transnational financial crime, and Russian legal matters He has been a full-time faculty member at the American University (School of International Service -- Transnational Crime Prevention Center) and the University of Wollongong (Australia) (Faculty of Law -- Centre for Transnational Crime Prevention), and as well as an Adjunct Professor at the Georgetown University Law Center, Washington College of Law, and the University of Baltimore. Last year, he taught about cybersecurity as a Visiting Professor at Vilnius University on a grant from the Fulbright Foundation. Mr. Burger earned his J.D. at the Georgetown University Law Center, A.B. from Harvard University, and obtained a Certificate in Cybersecurity Strategy from Georgetown University.His published works include: “Cybersecurity and Legal Malpractice,” U.S. Cybersecurity Magazine, July 2016; “Complacency in the Face of Evolving Cybersecurity Norms is Hazardous,” Legaltech News, March 21 & 29, 2016 (with Thomas W. Welch); "Responding to Russian Cyber-Provocations,” The Cipher Brief, October 23, 2016 (with Donald M. Jensen), Author, “Here's How To Make Russia Sanctions Really Bite,” Business Insider and Foreign Policy Association Blog, April/May 2014, "Counterterrorism in Areas of Political Unrest: The Case of Russia's Northern Caucasus" (SpringerBriefs in Criminology / SpringerBriefs in Policing), 2013, (with Serguei Cheloukhine), “Challenging Conventional Wisdom in U.S. Anti-Money Laundering Practices,” ACAMS Today, at 50-53, March/April 2009, “Only Following Some of the Money in Russia,” Demokratizatsia, Vol. 17, No. 1, at 41– 70, Winter 2009, and, “Law as Politics: The Russian Procuracy and its Investigative Committee,” 8 Col. J. East. European L., Vol. 2, No. 2, at 143-94, (2008) (with Mary S. Holland).