Organizations collaborating on guidance to thwart insider cyber threats

A Defense Department personnel office is working with the International Association of Chiefs of Police, industry and the legal community to come up with guidance for how organizations can protect themselves against insider cyber threats by vetting the online behavior of employees and job applicants.

Howard Timm, program manager at the Defense Personnel Security Research Center, said that the guidance is expected to be completed this fall.

Speaking Tuesday at the FOSE 2010 Trade Show in Washington, Timm said the document would help organizations make decisions about employees who would be in trust positions such as law enforcement officers, workers who control sensitive corporate data or those who need federal security clearances.

Timm listed potential benefits and pitfalls of putting restrictions on computer behavior, such as what employees can post online. Potential pitfalls for organizations include the possibility of violating constitutional rights or overreactions to trivial indiscretions. Meanwhile, such policies could identify those who post text or pictures that contain sensitive information or place themselves or others in jeopardy.

“We know this is an issue where there’s constitutional rights and freedoms and things along those lines, but…also obviously we need to make sure that people who are going to be trusted with classified information meet the requisite guidelines for having access to that information,” Timm said.

FOSE is presented by 1105 Media Inc., the parent company of Federal Computer Week, Government Computer News and Washington Technology.