A HOLISTIC APPROACH TO PROTECTING NATIONAL SECURITY: INTEGRATING INTELLIGENCE AND RISK MANAGEMENT TO REDUCE INSIDER THREATS
Hyek, George S
MetadataShow full item record
Reviewed by Thomas Stanton and Anthony Lang, this thesis explores the important question of how a combination of security intelligence and risk management could be used to address insider threats and their impact on national security. As the thesis documents, insiders threaten not only the wellbeing of employees and facilities, but also the confidentiality and integrity of sensitive information, which could be used by foreign adversaries of the United States. The first chapter recommends more systematic integration of intelligence information into security programs. The second chapter explores the role of risk management, and especially Enterprise Risk Management, in improving the effectiveness of federal security programs and organizations. The third chapter focuses directly on the problem of insider threats. It highlights the remarkable number of ways that insiders such as Edward Snowden displayed warning signs of the danger they posed to national security, long before the damage they caused occurred. It was discovered that analyzing current threat information, which makes it intelligence, enables security programs to allocate resources and deploy countermeasures more appropriately. The intelligence findings enable risk management, which is the ongoing process federal organizations use to determine how they will respond to threats. Organizations that fail to understand their threat, and subsequently impose risk-driven countermeasures, are likely to suffer consequences from attacks – many of which come from insider threats. Insiders acting against federal organizations stand to damage national security by harming people they work with, revealing defense secrets, and/or weakening international relations. The potential damage to national security can be mitigated using the holistic approach outlined throughout this thesis.