PROFESSOR CRAIG T.

JOHNSON
PROFESSOR CRAIG T. JOHNSON
IAE-684 “COMPLEMENTARY SECURITY”
IAE-684 “COMPLEMENTARY SECURITY”

PERSONNEL SECURITY

PART I: OVERVIEW
(FOUNDATION BUILDING)

1
INTRODUCTIONS
Name
Employment/position
Experience with Information
Technology
Objective in taking this course
At the end, you hope to
have_____from this course

2
 READINGS
Chapters in the Fay text
“Complementary Security”

CJ & Associates, LLC 3

INFRA-STRUCTURE
ISSUES

Strategy Imperatives
Technical Knowledge
Assessing Trustworthiness
Leadership
Outsourcing
Developing personnel

4
INFRA-STRUCTURE ISSUES
(Continued)

Maslow’s Theory in the Security Environment

Merit rating
Resource management and budgets
Teamwork in effecting change
Cost
Future Architectures

5
Today’s Discussion Topics

Principles of basic
personnel security
Establishing the
baseline
Defining the “Trusted
employee”
“Making positive
institutional deposits to
counter dishonesty”

6
Reviewing the principles
(Lecture vs. Readings)
Managing People
 Appraising, evaluating, developing
Decision Making
 Leadership, delegation, case study
Managing Risk
 Risk analysis, self-assessments, audits
Managing Budgets
 Zero base reviews, money allocations, cost
controls

7
“BEGIN WITH THE END IN
MIND…” (Covey, 1990)

DEFINE ORGANIZATIONAL CULTURE

SET STANDARDS AND APPLY CONSISTENTLY
ESTABLISH METHODOLOGY FOR EVALUATION
DEFINE THE “TRUSTED EMPLOYEE”
ESTABLISH MECHANISM FOR RE-EVALUATION
ASYMMETRICAL ASSESSMENTS
QUALITY ASSURANCE
FOLLOW-THROUGH FOR COMPLIANCE
STRIVE FROM THE BEGINNING FOR EFFICIENCY

8
PROCEDURES FOR VETTING
THOROUGH WRITTEN
APPLICATION
MECHANISMS IN-PLACE FOR
VERIFYING INFORMATION
 SUBJECT INTERVIEWS
 THOROUGH CHECKS ON
QUALIFICATIONS/HISTORY
THOROUGH INTERVIEW WITH
TRAINED /HR STAFF
SUBSTANCE ABUSE TESTING
SPECIAL NOTE: SOME
PROFESSIONS ALLOW POLYGRAPH
RE-SCREENING TESTING &
SHOULD BE CONSIDERED WHERE
APPLICABLE

9
RE-PERIODIC
ASSESSMENTS

COMPARTMENTALIZATION
SENSITIVE AREAS REQUIRE
TRUSTED “MORE
SCRUTINIZED” PERSONNEL
PERIODIC UPDATES TO VERIFY
TRUSTWORTHINESS
ESTABLISH ENFORCEABLE
POST EMPLOYMENT
AGREEMENTS
ONGOING SETTING OF
EXAMPLES SET FROM TOP
DOWN OF THAT THE CULTURE
IS RE-ENFORCED

10
WHAT IS A “TRUSTED
EMPLOYEE?”
PRINCIPLES BEHAVIORS
 ETHICAL  DISHONESTY
 HONEST  THEFT
 HAS A CONSCIOUS  MISAPPROPRIATIONS
 SELFLESS  MALFEANANCE
 LOYAL  WRONGDOING
 DEDICATED  EMBEZZLEMENT
 FAIR-MINDED  LYING
 RELIABLE  MISREPRESENTATION
 DUTY BOUNDED  DISLOYAL
 SUPPORTIVE  NOT RELIABLE

11
EMPLOYEE BEHAVIORS

SHOULD EMPLOYEES BE ALLOW TO MAKE

PERSONAL CALLS ON COMPANY TELEPHONE LINES?
CAN EMPLOYEES USE COMPANY COMPUTERS FOR
PERSONAL USE?
CAN A COMPANY FAX BE USED FOR PERSONAL USE?
IS IT OKAY TO TAKE-OFF FROM WORK EARLY BUT
CLAIM YOU WORKED THE FULL-TIME?
HAS AN EMPLOYEE EATEN SOMEONE ELSE’S LUNCH
FROM A COMMUNITY REFRIGERATER WITHOUT
PERMISSION?

12
 COMPARE AND
CONTRAST
ADVERSE BEHAVIORS UNDESIRED END-STATE

COMPUTER FRAUD LOST CLIENTS

UNAUTHORIZE ENTRY DEBILITATE SECURITY
HACKING VIOLATE PROTOCOLS
EMBEZZLEMENT/THEFT LOST OF ASSETS/MORALE
DISPLACED
ABUSE ACCESS PROLIFERATE DISHONESTY
ABUSIVE EMPLOYEE FOSTER ORGANIZATION
WORK SCHEDULE/LEAVE INEPTNESS, INEFFICIENCY,
AND NON-PRODUCTIVENESS
DISLOYALITY
NO EMPLOYEE COMMITMENT

13
EMPLOYEE BEHAVIORS – II
(UPPER LEVELS)

ARE SUPERVISORS & MANAGERS REWARDED

FOR MAKING CORRECT ETHICAL
DECISIONS?
DO EMPLOYEES FEEL THEY ARE
EMPOWERED TO MAKE DECISIONS WITH
MANAGEMENT SUPPORT?
DOES YOUR ORGANIZATION PRACTICE THE
‘FIVE PRINCIPLES’ OF ETHICAL POWER?

14
“MAKING POSITIVE
INSTITUTIONAL DEPOSITS TO
COUNTER DISHONESTY”
FIVE PRINCIPLES OF ETHICAL POWER FOR
AN ORGANIZATION*
 PURPOSE

 PRIDE

 PATIENCE

 PERSISTENCE

 PERSPECTIVE

* Kenneth Blanchard & Norman Vincent Peale, “The

Power of Ethical Management”, 1988.
15
“MAKING INSTITUTIONAL
DEPOSITS TO COUNTER
DISHONESTY” – DEFINED -1

“Purpose: The mission of an organization is

communicated from the top. An organization
is guided by the values, hope, and a vision
that helps it to determine what is acceptable
and unacceptable behavior.”*

* Kenneth Blanchard & Norman Vincent Peale,

“The Power of Ethical Management”, 1988. 16
“MAKING INSTITUTIONAL
DEPOSITS TO COUNTER
DISHONESTY” – DEFINED - 2

“Pride: An organization feels proud of

itself and of its structure. It knows that
when it feels this way, it can resist
temptations to behave unethically.”*

* Kenneth Blanchard & Norman Vincent Peale,

“The Power of Ethical Management”, 1988. 17
“MAKING INSTITUTIONAL
DEPOSITS TO COUNTER
DISHONESTY” – DEFINED - 3

“Patience: An Organization believes that

holding to its ethical values will lead to
success in the long term. This involves
maintaining a balance between obtaining
results and caring how it achieve these
results.”*

* Kenneth Blanchard & Norman Vincent

Peale, “The Power of Ethical Management”,
1988.
18
“MAKING INSTITUTIONAL
DEPOSITS TO COUNTER
DISHONESTY” – DEFINED - 4

“Persistence: An organization has a

commitment to live by ethical principles.
It is committed to its’ commitment. It
makes sure that all actions are
consistent with its’ purpose.”*

* Kenneth Blanchard & Norman Vincent Peale,

“The Power of Ethical Management”, 1988. 19
“MAKING INSTITUTIONAL
DEPOSITS TO COUNTER
DISHONESTY” – DEFINED - 5

“Perspective: Managers and employees take

time to pause and reflect, take stock of where
they are, evaluate where the are going and
determine how they are going to get to there
locations.”*

* Kenneth Blanchard & Norman Vincent Peale,

“The Power of Ethical Management”, 1988.

20
Assessing Behaviors
(Reviewing the literature)

Cert Coordination Center stressing

importance of authentication
 Unauthorized users can jeopardize security
information
 Other considers?
How to do it?
 Use hardware-based Assess Controls
 Remove excess defaults & groups
21
Assessing Behaviors
(Reviewing the literature)
Continued…

 Disable non-interactive accounts

 Check or create appropriate passwords
 Examples…
 Configure computers to require ‘re-
authentication’ after idle periods
 Set log-in failure attempts at certain
number

22
Assessing Behaviors
(Reviewing the literature)
Continued…

Protect your Web server against

common attacks
 Denying attackers direct access to your web
server
 Changing web site contents
 Denying user access to your web server
Why this is important?

23
Assessing Behaviors
(Reviewing the literature)

The product of these damaging actions are

the result of threats
 Insider Threats – Former trusted employees with
access to systems, facilities, information or
technology
 External Threats – People with the ability to
commit unauthorized intrusions into your systems
The course will address these two dilemmas

24
Final Administrative
Announcements
Check Blackboard for weekly
announcements
1st announcement reminder: Email your
term paper topics
1st announcement reminder: Email your
presentation preference for sessions 11,
13, or 15.

25
 CONTINUE TO SELF-
IMPROVE
(WORKING FROM THE CORE OUTWARD)

26
Closing comments

As a reminder…
Course Criteria

Review grading for the course

 Quiz # 1 5 points
 Quiz # 2 5 points
 Midterm 15 points
 Participation/student evaluations 5 points
 Student Debate 10 points
 Student presentations 10 points
 Term paper 15 points
 Extra Credit (if applicable 10 points
 Final Exam 25 points

28
Future Events - Continued
Class debate scheduled for session 5. ROE
will be provided to all class members and
posted in Blackboard
 Class members assignments to come shortly
Midterm format will be easy and covering
material from up to that point from lectures
and readings.
 More on this later
Khobar Towers case study
 Will be sent to you the before debriefings

CJ & Associates, LLC 29

SPECIAL REQUESTS
 1st Call, term paper topics
 1st Call, presentation dates for live sessions 6, 7, or
8. SPECIAL NOTE: All requests are first come first
served.
 Communication with the professor
 Small messages with no attachments to
ctjohnson@capitol-college.edu
 Messages with attachments to my personal email at
stealthprotection@msn.com or submitted directly to the
Digital Box in Capitol College portal
Review Class Etiquette
and Operations
Reviewing Centra software
 Check marks for ‘yes’ and x for ‘no’
 Raise hand to ask questions
 All students will have microphones issued
in most every case
 Classroom will be used for live sessions
and for posting of reading assignments.

CJ & Associates, LLC 31

Review Class Etiquette
and Operations – cont’
The explanation of the “secret message” of
the week for live session attendance
All classes will be recorded
Professor office hours
College Policies
 Plagiarism – “I use Plagiarism Check software”
 Late papers – “Deductions from total grade”
 Format for papers – Strict adherence, please.

CJ & Associates, LLC 32

End of first session

33
REFERENCES
Thomas, K.W., (2000) Intrinsic Motivation at
Work - Building Energy and Commitment,
San Francisco, pp.143.
Blanchard, K., (1989) The Power of Ethical
Management, New York, pp.141.
Covey, S.R., (1989) The 7 Habits of Highly
Effective People, New York, pp. 358.

CJ & Associates, LLC 34