Topic 1: Advanced and Persistent Threats One of the biggest risks that companies face is advanced persistent threats.

Topic 1:  Advanced and Persistent Threats

One of the biggest risks that companies face is advanced persistent threats. Discuss the most effective way to implement policies that mitigate the chance of an insider either taking part in or facilitating an advanced persistent threat. What policies can help manage the insider threat for an organization’s supply-chain companies, or the organization’s off-shore contractors?  Integrate the concept of separation of duties into your discussion.

Background:

1. Notional Supply Chain Risk Management Practices for Federal Information Systems [2012, NIST - note that the term "insider threat" is not used in the document, but multiple practices are outlined for controlling risks posed by personnel).

 2. The Risk of Insider Fraud: Second Annual Study [2013, Ponemon - not specifically supply-chain related, but a detailed overview of the current understanding of the risk posed to enterprises by insider threats generally]

3. Cybersecurity: An Examination of the Communications Supply Chain [2013 - video / transcript of Congressional hearing examining multiple aspects of this topic]