Developing new and innovative ways to overcome these threats is important for all citizens as we have so much PII readily accessible if hacked.
Prior intelligence experience
1. Why did you think it was important to study/research this topic (re-state the topic for the benefit of this forum)?
The vulnerabilities of the user domain are by far the most numerous and hard to eradicate. The introduction of the “human factor” into any system automatically opens the door for errors, incidental damage and malicious intent. Many organizations and federal agencies are answering the demand to mitigate this risk by implementing various security policies such as training programs, awareness programs (Insider Threat), and monitoring policies. These programs are often incorporated into the overall information security policies and training programs. A fundamental cornerstone of any Information Security policy is the training and control of access at the user level, but how effective have these policies been? While private organizations and federal agencies of all types have made efforts to mitigate the inherent human risk to networks and systems the question remains, is it good enough?
2. What are other studies in your literature review suggesting about this topic?
As a person with prior intelligence experience, I believe it is extremely important to examine the user domain on a continuous basis to ensure that training programs, awareness programs and other mitigation techniques are optimized for current trends and focused for their intended population or demographics. Developing new and innovative ways to overcome these threats is important for all citizens as we have so much PII readily accessible if hacked. The OPM data breach of 2015 is a prime example of the threat. A contractor credentials were initially used to breach the system through social engineering.
Other studies on the subject claim the type of training conducted can heavily influence how successful the programs are overall. Seeking individual user involvement and interaction in the training can heavily influence the users and make more clear reporting requirements, reporting channels, and what to be on the look out for. Other resources and studies like to emphasis education as a cornerstone of the training programs. Education upon hire initially and then at regular intervals tens to hammer home the desired effects and has had a positive impact on government employees.
3. How will it support your capstone course?
This research will support my capstone course exceedingly as this type of research is right up my alley. Being involved in Human Intelligence and Counterintelligence for 20 years and moving into Cyber, the user domain and associated human vulnerabilities are a perfect marriage of my past and future. I hope to utilize this research paper to develop an even better research proposal later that incorporates the user domain and cyber security to develop a sound thesis and research paper for the capstone course.
4. How will you prepare for your capstone course?
This course has definitely enlighted me as to just how daunting the capstone course and final research paper will be. I am much more familiar with the Capstone manual than I was before and this course made me reference it several times so this exposure will definitely help later on when it comes time to start putting all the pieces together. The research paper is not really like any other paper I have done with AMU up to this point. There are many new sections I was not familiar with. There is a lot more thought and evaluation that has to go into the development of a paper at this level. Good luck to us all.