Assessing Continuous Evaluation Approaches for Insider Threats: How Can the Security Posture of the U.S. Departments and Agencies Be Improved?
David Luckey
Bok Engelsk 2019
Annen tittel | |
---|---|
Utgitt | Santa Monica, Calif. : RAND Corporation , 2019
|
Opplysninger | The United States currently employs a periodic and aperiodic investigative and adjudicative security clearance process with origins in the Second World War. Information systems and data — e.g., financial, legal, travel — on individuals have improved dramatically since the creation of this process. This exploratory project examines various continuous evaluation (CE) approaches to detecting insider threats that are available to the U.S. government and assesses the relevance of these approaches to the challenges posed by such insider threats. The authors considered CE cost estimates, examined efficacy and best practices, and assessed some of the practicalities of employing CE. This report defines CE as a vetting and adjudication process to review on an ongoing basis the background of an individual who has been determined eligible for access to classified information or to hold a sensitive position at any time during the period of eligibility. There are potential benefits from CE in effectiveness and cost over the current method of granting security clearances to personnel based on periodic reinvestigation and readjudication. While exact costs and savings depend on CE packages selected and population size, estimates revealed that savings might be realized after six years and could be substantial (in the billions of dollars) over a longer period. While the process of CE would be new, the substance is not, and, thus, if executed properly, CE would be no more invasive than current processes.
|
Emner |