Abstract
National Security will always be threatened by individuals internal to the organization in the form of an insider-threat and external to the organization in the form of corporate espionage or cyber-espionage. Therefore, insider-threat detection methods, security precautions, authentication processes, and standard operating procedures for employees should be in place to try to reduce the instances of an insider-threat and/or an external threat breaching the security of an organization, institution, company, or governmental agency. Espionage and cyber-espionage can and does occur; however, it is not usually made public knowledge and when it does, it can have grave effects on the organization, institution, company, or governmental agency in which it occurred. Within this chapter the author explores how an insider-threat in the form of a Data Scientist, Penetration Tester, or Data Analyst can use their education, access, and background to gain access to systems and information that can be of value to external organizations, institutions, companies, and/or governmental agencies.
TopEducation, Experience, And Interests
A number of threats to national security exist in the form of insider-threats who conduct espionage for companies or for other countries. Factors that affect national security can range from and include incidents that are unintentional to incidents that are intentional. Open conversations outside of the workplace in public settings such as local coffee houses, at lunch counters, in restaurant settings, or the neighborhood bar or grocery stores frequented by anyone other than oneself can result in others overhearing information that should not be exposed to the general public or spoken to anyone outside of the work place. Simply mentioning the information can be seen as spillage or data leaks that can range from minor to severe/grave depending on what was said, who overheard the information, and what information was transmitted. Deliberate, intentional, open conversations with individuals outside of the workplace on issues that can directly affect security measures and the infrastructure of a facility can be seen as a deliberate attempt to harm or affect national security. These incidents can be considered espionage and the use of computers to disclose any information that is secured can be considered cyber-espionage.