STRATEGIC PEOPLE SECURITY AND INSIDER RISK MITIGATION

SHE Level 5
SCQF Credit Points 15.00
ECTS Credit Points 7.50
Module Code MMN226313
Module Leader Constantinos Choromides
School GCU London
Subject GCU London
Trimesters
  • A (September start)-B (January start)
  • A (September start)
  • B (January start)
  • B (January start)-C (May start)
  • C (May start)

Summary of Content

This work-based module will provide senior security personnel with an opportunity to critically examine the protection of an organisation's assets, people and reputation. Students will critically analyse current threats, vulnerabilities and risks facing an organisation and the role of the insider as a threat actor, their motivational drivers, from an organisational, national and global perspectives. By exploring the employee lifecycle, students will identify and critically evaluate proportionate people security risk mitigation measures for application to each stage. They will assess risk, focusing on identifiable vulnerable processes and procedures within an organisation, and assess options and financial implications to counter these vulnerabilities. This vulnerability reduction approach will enable students to gain an in-depth understanding of what constitutes an effective Insider Risk programme and guidance on the creation of such a programme.

Syllabus

-357b7 Organisational risks b7 The role of the insider as a threat actor. b7 Vulnerability assessment processes. - quantitative and qualitative analysis. -357b7 Employee Life Cycle approach to mitigating insider risk including: -357 o Pre-employment screening and interviewing. o Document verification. -357 o Managing existing employees. o The role of the line manager and Human Resources. o Responding to suspect activity. -357b7 People security and the mitigation or reduction of insider vulnerability. -360b7 Change Management implications in a global business -357b7 Business Leadership - Cost benefit analysis of risk mitigations. b7 Developing Insider Risk Programmes based upon contemporary theoretical and technical approaches. -360

Learning Outcomes

Upon successful completion of this module the student should be able to:1. Critically analyse the risks facing an organisation, and the role of the insider as a threat actor through the interpretation of quantitative and qualitative data.2. Critically appraise the constituent areas of an employee lifecycle approach to Insider Risk mitigation.3. Critically evaluate people security processes and procedures involved in mitigating and reducing Insider vulnerability.4. Synthesise relevant evidence to outline the design and methodology to develop an effective Insider Risk programme within an organisation.

Teaching / Learning Strategy

This work-based module adopts a blended approach to learning which combines face to face contact and online learning via GCU's virtual learning environment, GCU Learn. The teaching and learning strategy encourages an active and self-directed approach to learning. In the context of a work-based ethos, teaching and learning methods use real world and real work scenarios to promote inquiry and problem-based learning in a collaborative learning environment (Educational principles that underpin the module). Students will be expected to take a critical stance as they evaluate and synthesise academic theories and techniques in order to frame, analyse and solve actual work-based problems. The module utilises interactive lectures and seminars to introduce and explore key concepts and principles. Case studies and applied research will be used to illustrate the threat from insider activities, vulnerabilities and how this can be mitigated against. Input from guest speakers with expertise in a variety of security related disciplines will enhance the authenticity, credibility and application of education and learning to the workplace. Learners will be supported during the module by the module team including module tutors, workplace mentors and Academic Development Tutors (ADT's). Module tutors act as facilitators of learning and assessment and also determine the level and accuracy of knowledge acquisition at key points in the delivery. Workplace mentors facilitate students learning and assessment in the workplace. They act as enablers to support students to identify relevant work activity that can operate as a source for work-integrated learning and assessment. ADTs provide support for academic writing and the development of study techniques. Both formative and summative assessment strategies will be adopted during the module. Formative assessment is used as a foundation upon which students can build towards their summative work. Formative opportunities will be used to provide developmental feedback to enhance students' learning and academic writing. The summative assessment will enable students to demonstrate their learning in relation to the module learning outcomes in a work-based context. Students will have access to ongoing academic support from the module leader and ADT's to help maximise potential in relation to academic writing, referencing and the development of effective study techniques. The pass mark for the module is 50%. Feedback on coursework is provided within 3 working weeks of submission.

Indicative Reading

Indicative Reading BAMAUNG, D., 2018. The Hidden Threat. International Airport Review [online]. 22 (4), pp. 23-25. Available from: <https://www.internationalairportreview.com/article/73985/security-the-hidden-insider-threat-of-the-aviation-sector/> *free subscription required to access CAPPELLI, D., MOORE, A. & TRZECIAK, R., 2012. The CERTae Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Upper Saddle River, NJ: Addison-Wesley Professional. CATRANTZOS, N., 2012. Managing the Insider Threat: No Dark Corners. Boca Raton, FL: CRC Press. FURNHAM, A & TAYLOR, J., 2013. Bad Apples: Identify, Prevent & Manage Negative Behaviour at Work. Basingstoke: Palgrave MacMillan. GELLES, M.G., 2016. Insider threat : prevention, detection, mitigation, and deterrence . Oxford: Butterworth-Heinemann. MITNICK, K. & SIMON, W. & WOZNIAK, S., 2003. The Art of Deception: Controlling the Human Element of Security. Indianapolis, IN: John Wiley & Sons. NIXON, W.B. & KERR, K.M., 2008. Background Screening and Investigations - Managing Hiring Risk from the HR and security Perspectives. Burlington, MA: Butterworth-Heinemann. CPNI Publications CENTRE FOR THE PROTECTION OF NATIONAL INFRASTRUCTURE, 2013. CPNI Insider Data Collection Study - Report of Main Findings [online]. London: Centre for the Protection of National Infrastructure. Available from: <https://www.cpni.gov.uk/system/files/documents/63/29/insider-data-collection-study-report-of-main-findings.pdf> CENTRE FOR THE PROTECTION OF NATIONAL INFRASTRUCTURE, 2014 . Managing the Disclosure of Employee Related Information - A Good Practice Guide for Employers [online]. London: Centre for the Protection of National Infrastructure. Available from: <https://www.cpni.gov.uk/system/files/documents/56/15/disclosure-of-employee-related-info.pdf> CENTRE FOR THE PROTECTION OF NATIONAL INFRASTRUCTURE, 2014. Ongoing Personnel Security - A Good Practice Guide [online]. London: Centre for the Protection of National Infrastructure. Available from: <https://www.cpni.gov.uk/system/files/documents/d0/d2/ongoing-personnel-security-a-good-practice-guide-edition-3.pdf> CENTRE FOR THE PROTECTION OF NATIONAL INFRASTRUCTURE, 2015 . Pre-Employment Screening - Document Verification [online]. London: Centre for the Protection of National Infrastructure. Available from: <https://www.cpni.gov.uk/system/files/documents/f2/0b/pre-employment-screening-document-verification-guidance.pdf> CENTRE FOR THE PROTECTION OF NATIONAL INFRASTRUCTURE, 2015. Pre-Employment Screening - A Good Practice Guide [online]. London: Centre for the Protection of National Infrastructure. Available from: <https://www.cpni.gov.uk/system/files/documents/61/e9/pre-employment-screening-A-good-practice-guide-edition-5.pdf> Government Publications HOME OFFICE, 2012. False ID Guidance [online]. London: Home Office. Available from: <https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/183495/False_ID_guidance.pdf> Journals -360 1. Computer Fraud and Security 2. Journal of Management Development 3. People Management Websites -360 1. Agenda Resource Management www.agenda-rm.co.uk <http://www.agenda-rm.co.uk> 2. Centre for the Protection of National Infrastructure (CPNI) www.cpni.gov.uk <http://www.cpni.gov.uk> 3. Cifas (fraud prevention) <https://www.cifas.org.uk> 4. CERT www.cert.org <http://www.cert.org>

Transferrable Skills

-360b7 Self-manage learning and work in a self-directed manner -360b7 Critical thinking, problem solving and decision making. -360b7 Project management and planning. b7 Risk assessment. -360b7 Stakeholder engagement, management and communication. b7 Retrieval and analysis of information. b7 Develop academic writing techniques and ICT skills to underpin effective learning at master's level.

Module Structure

Activity Total Hours
Assessment (PT) 30.00
Seminars (PT) 3.00
Independent Learning (PT) 105.00
Lectures (PT) 12.00

Assessment Methods

Component Duration Weighting Threshold Description
Course Work 01 n/a 100.00 50% This assessment is a 4000 word Consultancy Report consisting of two parts. Part 1. Design an effective Insider Risk Programme.Part 2. Produce a 15 min presentation outlining implementation processes of the Insider Risk Programme appropriate for Board Level Members