Question

In a concise paragraph or two, discuss how tighter access controls and security policy might have been used to limit the ability of Edward Snowden to obtain information deemed damaging to national security. Identify at least one other scenario in which an insider might pose a threat to network security. Respond to at least two of your classmate’s postings about their own observations and to any replies you receive.

Answer 1

Discussion about how tighter access controls and security policy might have been used to limit the ability of Edward Snowden to obtain information deemed damaging to national security:
* They might have had tighter physical security, with their stringent, proper, and thorough scanning and checking of the NSA assets which Edward Snowden carried with him hiding it in his clothes, pockets, bag, or any tool. They might have used metal detectors and x-ray scanning machines.
* They might have installed CCTV cameras at every possible place in and around the NSA office premises.
* Disabling USB port not letting him or anyone on any computer in the office so none of them transferred data from or to the computers.
* Implementing and installing real-time adequate, effective, precise, accurate, and consistent Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) to immediately detect and alert the security team of any suspicious activity, behavior, login, or access, by Edward Snowden or anybody else on the NSA network.
* They might have encrypted all the critical documents using a strong encryption algorithm software and not sharing the decryption key or password to access the files.
* NSA might have used the least privileged access policy to restrict accesses to any and all documents and files by any and all users, by simply denying the access to all users by default to those files, and only explicitly granting permissions to only authorized users to only those files they were granted permission to access upon adequate approval, approved to access the files only based on genuine business justifications.
* They could have isolated him to only that particular office cubicle or location, computer network, employees or colleagues, devices, computers, documents, files, he was supposed to work on, at and with.
* They might have implemented Role-Based Access Control (RBAC) policies.
* Limiting access to contractors.
* Hiring or involving fewer people, agencies, contractors, etc.
* Data categorization and classification based on its value to protect it in a better way by focusing on more valued data.
* They might have prevented unauthorized copying.
* They might have disabled copying, sending, uploading, or transferring of files on critical files using applications, devices, tasks, etc.
* They might have used Multi-Factor Authentication (MFA), say, a Two Factor Authentication (2FA).
* They might have implemented two-person authorization.
* They might have implemented log events and monitoring, if possible, real-time, with both automated and manual inspection and scanning.
* They might have implemented the security policy of no Internet access or homework whatsoever.
* They might have blocked, banned, or stopped him and other employees of bringing their own devices (BYOD) to office.
* They might have prevented removable media (storage) and other devices from leaving the office premises or building.
* They might have conducted periodic security audits.
* They might have created islands of security, isolating each and every system from another with their own system username, convention, system password, SSH passphrases, etc.

Other scenarios with a case or example in which an insider might pose a threat to network security:

There might be scenarios where an employee (insider) could intentionally or by mistake send a confidential file to the wrong client. Another scenario would be where an employee (insider) might lose a flash drive or any other removable storage media device holding sensitive information in a public or insecure place. The third scenario would be where a current frustrated employee, terminated employee, former employee, negligent employee, disgruntled employee, or compromised employee. Fourth, contractors, seasonal, or temporary workers or employees, accessing the company's network may pose an insider threat to its security.

A case:

Aldrich Ames, convicted of espionage in 1994, compromised and revealed more highly classified Central Intelligence Agency (CIA) assets, which are extremely sensitive data, including information on U.S. double agents. Central Intelligence Agency (CIA) is in defense intelligence and industry of the United States government. He virtually compromised every Soviet agent of the CIA and other American and foreign services he was familiar with. He also revealed a lot of information about United States foreign, defense, and security policies, and U.S. intelligence operations in hundreds.

Aldrich Ames, sure posed as an insider threat to the Central Intelligence Agency (CIA) network security.

In this scenario, insider posed a threat to network security, as money was his motivation, to satisfy his immediate indebtedness, ultimately earning $4.6 million from the Soviets.

Ames is classified as a whistleblower per the news, facts, and proofs that described his actions. Per the news and facts, he spied for Russia and the Soviet Union, committing espionage against the U.S.

The reason why he is classified as a whistleblower is, as he has revealed highly confidential, sensitive, and important information or assets of a country to another country without any authorization of the former (his own) country. This is "a security issue or breach at the national level". "He has betrayed the CIA and his country". He is convicted for his betrayal of CIA methods.