Advanced search Help
Searching for terms: EXACT: "Noonan, Thomas E." in: author
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
National Infrastructure Advisory Council's Final Report and Recommendations on the Insider Threat to Critical Infrastructures
The National Infrastructure Advisory Council's primary goal with this document "was to address the assigned tasks and develop policy recommendations for the President and DHS in an effort to improve the security posture of our Nation's critical infrastructures. The NIAC also sought to leverage its findings to increase understanding of the insider threat and help CIKR operators mitigate insider threats. Insider threats exist for all organizations. Essentially, this threat lies in the potential that a trusted employee may betray their obligations and allegiances to their employer and conduct sabotage or espionage against them. Insider betrayals include a broad range of actions, from secretive acts of theft or subtle forms of sabotage to more aggressive and overt forms of vengeance, sabotage, and even workplace violence. The threat posed by insiders is one most owner-operators neither understand nor appreciate, and it is a term that is commonly used to refer to IT network use violations. This often leads to further confusion about the nature and seriousness of the threat. This misunderstanding or underestimation relates, in part, to the stigma that an act of insider betrayal carries with it-a stigma that can cause customers, partners, and shareholders to lose trust in an organization. This loss of trust can translate into lost business, revenue, and value. As a result, CIKR owner and operators often handle these types of events discretely and away from public view. This common practice has impeded the understanding of the threat and the efforts to address it, exacerbating the existing risk."
National Infrastructure Advisory Council (U.S.)
Noonan, Thomas E.; Archuleta, Edmund
2008-04-08
-
Risk Management Approaches to Protection
"Corporate America quantifies risks based on mathematical statistics, and for lesser known events, on probabilistic modeling. As both producers and consumers of abundant risk management data, corporations excel at analyzing the effects of threats and vulnerabilities that have been previously observed and for which abundant and well-controlled data is available. This private sector experience and expertise could be of use to the Federal government as it meets the current challenge of capturing an abundance of data across a nearly endless spectrum of plausible risks, and then assessing and managing that data in a timely and efficient manner. This report will delineate three key findings, the first of which are the practices of risk quantification and modeling. Today, a substantial number of risk quantification models and methods exist. The National Infrastructure Advisory Council (NIAC) focused on the models and methods that present the most applicability to critical infrastructure protection. The second focus of this report is risk tolerance and risk acceptance. There is very little utility in developing mature, complex national risk management models and the supporting infrastructure without a clear understanding of the nation's tolerance for risk. The Council does not intend to advise the government on risk tolerance that is a national policy question. This report does however, identify a need for a national discussion on risk acceptance and risk tolerance. Such a discussion is critical for the implementation of all subsequent recommendations provided in the report."
National Infrastructure Advisory Council (U.S.)
Noonan, Thomas E.; Marsh, Martha H.
2005-10-11
-
Evaluation and Enhancement of Information Sharing and Analysis: Final Report and Recommendations by the Council (July 13, 2004)
"The National Infrastructure Advisory Council (NIAC) was created by Executive Order 13231 of October 16, 2001, as amended by Executive Order 13286 of February 28, 2003. The Executive Order tasks the NIAC with advising the President on matters and issues dealing with the security of information systems for the nation's critical infrastructure, supporting the following sectors of the economy: banking and finance, transportation, energy, manufacturing, and emergency government service. On April 22, 2003, the NIAC agreed to undertake a project to analyze the current environment for information sharing and analysis across the critical infrastructure sectors and make recommendations to the government regarding enhancements, increased effectiveness and broader influence across industry sectors."
National Infrastructure Protection Center (U.S.)
Noonan, Thomas E.
2004-07-13
-
Risk Management Approaches to Protection: Final Report and Recommendations by the Council
From the Executive Summary: "Corporate America quantifies risks based on mathematical statistics, and for lesser known events, on probabilistic modeling. As both producers and consumers of abundant risk management data, corporations excel at analyzing the effects of threats and vulnerabilities that have been previously observed and for which abundant and well-controlled data is available. This private sector experience and expertise could be of use to the Federal government as it meets the current challenge of capturing an abundance of data across a nearly endless spectrum of plausible risks, and then assessing and managing that data in a timely and efficient manner. [...] This report will delineate three key findings, the first of which are the practices of risk quantification and modeling. Today, a substantial number of risk quantification models and methods exist. The National Infrastructure Advisory Council (NIAC) focused on the models and methods that present the most applicability to critical infrastructure protection."
National Infrastructure Advisory Council (U.S.)
Marsh, Martha H.; Noonan, Thomas E.
2005-10-11
1
