Managing Insider Threat with Access Commander® · 2 Managing Insider Threat with Access Commander...

transcript

Managing Insider Threat with Access Commander®

ContentsOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

New screens and fields related to the Access Commander Insider Threat implementation . . . . . . . . . . . . . 2Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Give users permission to the new Insider Threat module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Add items to new Insider Threat/Incident list boxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Insider Threat Set Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Create the Insider Threat Program Working Group (ITPWG) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Create the Insider Threat Training Courses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Designate an Insider Threat Program Senior Management Official (ITPSMO) . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Create an Insider Threat Program Senior Official (ITPSO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Update your Facility with Incident POC, ITPSO and ITPSMO Designations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Ongoing Insider Threat Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Insider Threat Self Inspection Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Generate the Insider Threat Sample Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Track DSS Annual Vulnerability Assessments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Track Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Build and Run Insider Threat Adhoc Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Access Commander®Managing Insider Threat with Access Commander®2

Overview

Access Commander® provides the functionality needed to implement your company’s Insider Threat Program . The software is designed to allow the FSO to identify and track:

� Key Management Personnel (KMP) � Insider Threat Program Senior Official (ITPSO) . S/he will receive an e-mail when an incident is

created . � Insider Threat Program Senior Management Official (ITPSMO) � Insider Threat Program Working Group (ITPWG) � Insider Threat Training required for ITPSOs and electronic storage of Certificates of Training and

Appointment Letters � Insider Threat Training (DSS online course CI121) required yearly for all cleared employees and

Type A Consultants � Adjudication Guideline(s) that apply to an incident � Insider Threat Plan sample report � Insider Threat Management Process sample report � Self Inspection Check List � Insider Threat Personnel List � Insider Threat Adhoc Query profiles

New screens and fields related to the Access Commander Insider Threat implementation

Insider Threat Module *NEW � Incident Module Search screen . Search criteria: Incident Number, Incident Start Date, Incident

End Date, Incident Category, Facility Code, Severity, Status, Financial/Monetary Loss? � Incident Module Listing screen . Incident records can be copied, exported in CSV or PDF

format and printed . Columns can be easily hidden from view using the Column visibility drop-down list .

� Incident Module Update screen . 4 tabs:1. Incident Information - sections are Incident Information, Incident Reported, Incident

Location, Incident Details and Additional Questions .2. Investigation/Corrective Action - the Investigation section fields include the Type, Status

and Start Date, as well as information about the investigating officer . The Corrective Action fields include the Type, Date, and approval information .

3. Assignment(s) - the Personnel - Visitor/Employee section is used to select the employee involved and the Adjudicative Guidelines violated, if any . The DSS Submission Form can be generated . The Personnel - External section is used to enter information about any non-employees involved in the incident .

4. Associated Document(s) - all documents related to the incident are uploaded on this tab .

Personnel Management Module

insider ThreaT

Managing Insider Threat with Access Commander®Access Commander® 3

� Employee tab - Key Management Personnel check box . This is not a new field, but when checked in this new version (along with the Appointment Letter Received? check box on the Flag/Remarks tab), allows the employee to be designated as an ITPSO in the Facility Info module .

� Flag/Rem . tab: › Senior Management Official (SMO)? check box - when checked, allows the employee to be

designated as an ITPSMO in the Facility Info module . › Appointment Letter Received? check box - when checked (along with the Key

Management Personnel check box on the Employee tab), allows person to be designated as an ITPSMO in the Facility Info module .

Facility Info Module � Facility Info tab (previously named Physical/Mailing Address) - 3 new sections with look-up

functionality: › Incident POC - up to three employees may be selected . › IT Program Sr. Official - up to three employees may be selected . Employees designated as

ITPSOs will receive an e-mail when an incident is created . › Insider Threat SMO - up to three employees may be selected .

� Cognizant/Miscellaneous tab (previously named Cognizant/Remark): › Insider Threat Review link › Self-Inspection Checklist (Section Y - Insider Threat) link › Insider Threat Personnel List - Employees that are involved in an incident that is assigned

one or more of the Adjudication Guidelines, display in this list . Data displayed is Employee Name, Employee ID, E-Mail Address, Phone Number, Title, Incident ID, Facility Incident Occurred At, Incident Date, and Adjudicative Guidelines Affected .

� Facility Listing screen - If a facility fails self inspection (i .e ., one or more of the questions is answered as “No”), that facility will be highlighted on the Facility Info screen in red . The highlighting is automatically removed when a later inspection is passed (i .e ., no question is answered with a “No”) .

� Two new reports: Sample Insider Threat Management Process and Sample Insider Threat Plan .

Adhoc Query Module � Incident Summary profile - Incident ID, Incident Type, Incident Detail Type, Severity, Incident

Date, Status, Facility, Number of Employees Involved, Number of Adjudicative Guidelines Affected .

� Incidents Severity By Facility profile - Facility, Low Severity, Moderate Severity, High Severity, Critical Severity

� Insider Threat Designated Officials profile - Facility, Employee Name, Employee ID, Designation

� Insider Threat Employee Awareness Training Completion Summary profile- Employee Name, Employee ID, Facility, Completed Date, Completed

� Insider Threat Program Manager Training Completion Summary profile- Employee Name, Employee ID, Training Course, Facility, Completed Date, Completed

� Insider Threat Training Courses Summary profile- Conference Number, Conference Name, Start Date, End Date, Training Type, Facility, Next Training Date, Number of Employees Assigned,

Access Commander®

insider ThreaT

Managing Insider Threat with Access Commander®4

Number of Employees Completed Training, Number of Employees Pending Completion � Personnel Insider Threat Summary profile- Employee Name, Employee ID, Incident ID, Facility,

Incident Date, Status, Adjudicative Guidelines

User Profile Module � User Permissions screen (previously named Assign User’s Security) - new Incidents check

box . When checked, gives the user access to the new Insider Threat module . Also allows the user to see the employees on the Insider Threat Personnel List, if any, on the Cognizant/Miscellaneous tab (Facility Info module) .

System Admin menu link � Corporate - Insider Threat Working Group option

Getting Started

To begin using Access Commander to manage your Insider Threat Program, the following needs to be done:

1 . System Administrator: � Completes initial configuration, which includes giving the applicable permission to system

users � Adds drop-down list box values (e .g ., Incident Type, Incident Investigation Action)

2 . FSO: � Creates the Insider Threat Program Working Group (ITPWG) � Creates the Insider Threat Training Courses � Designates the Incident POCs, IT Program Sr . Officials (ITPSOs), and Insider Threat Program

SMOs (ITPSMOs) for their facility

After the above steps are completed, the following functionality enables the ongoing Insider Threat Program implementation:

9 Insider Threat module

9 Insider Threat Self Inspection Checklist

9 Insider Threat Review (DSS Vulnerability Assessment tracking)

9 Insider Threat Personnel List

9 Adhoc Query reporting

insider ThreaT

Initial Configuration

g System Administrator rights are required for these two initial configuration steps .

1. Give users permission to the new Insider Threat module

A user with System Administration rights must give permission to the user(s) who will be managing the day-to-day Insider Threat Program incident tracking . When checked, the user can access the Insider Threat module and will see the Insider Threat Personnel List in the Facility Info module . This is done in the User Profile module:

System Admin menu > User Profile module > User Listing screen > Assign Security > User Permissions screen > Incidents check box

2. Add items to new Insider Threat/Incident list boxes

Additional values in the following new profiles (drop-down list boxes) may need to be added:

System Admin menu > System Profile module > Profile Header Listing screen

g Do not modify the default descriptions or values. Only Add New options.

� Incident Corrective Action Type (line 73) � Incident Detail Type (line 74) � Incident Investigation Action (line 75) � Incident Investigation Status (line 76) � Incident Investigation Type (line 77) � Incident Severity (line 78) � Incident Source of Report (line 79) � Incident Status (line 80) � Incident Type (line 81) � Insider Threat Review Status (line 83) � Self Inspection Assessment Checklist Status (line 209) � Training Type (line 222)

Insider Threat Set Up g Security Administrator rights, with add and update permissions for the Personnel Management,

Training and Conferences and Facility Info modules, is required to complete these Insider Threat set up steps .

Access Commander®

insider ThreaT

1. Create the Insider Threat Program Working Group (ITPWG)

The ITPWG utility is accessed from the System Admin link at the top of the menu bar in Access Commander . The Working Group individuals are looked up and selected on the Facility - Insider Threat Working Group screen, and their role in the group is entered .

1 . Place the cursor on the System Admin link .The options display .

2 . Click the Corporate - Insider Threat Program Working Group option .

Figure - The Insider Threat Program Working Group option on the System Admin menu .

The Facility - Insider Threat Working Group Listing screen displays .

insider ThreaT

Figure - The Facility - Insider Threat Working Group Listing screen .

3 . Click the +New button .The Facility - Insider Threat Working Group screen displays .

Figure - The Facility - Insider Threat Working Group screen .

4 . Search for the applicable employee and select his/her record . The employee’s name, ID, Facility Code, phone number and e-mail will automatically display in the corresponding columns on the Facility - Insider Threat Working Group Listing screen .

5 . Enter his/her role in the Role field .

6 . Click Add .The Facility - Insider Threat Working Group Listing screen displays . The newly added working group member displays in the list .

7 . Add additional members to the ITPWG as needed .

8 . To return to the Main Menu, click the Exit arrow in the upper right-hand corner .

2. Create the Insider Threat Training Courses

The training classes required for ITPSO, cleared personnel and Type A consultants are entered in the Training and Conferences module . Once completed, employees can be assigned to the class and the completion date can be entered . The class assignment and completion date will display in the Personnel Management module on the Assignment(s) tab for the individual employee’s record .

Employees can be assigned individually to these training classes in the Personnel Management module on the Assignment(s) tab, if desired . You will do that for the ITPSMOs in Step 3 and ITPSOs in Step 4 .

If the Insider Threat Training courses were previously entered in the system, skip to Step 3 .

1 . Place the cursor on the Training and Conferences module and click + Add New .

Access Commander®

insider ThreaT

The Training/Conference Info screen, Training & Conference tab displays .

2 . Complete the required fields (in red) and other fields as required for your facility . For the Training Type field, select Senior Insider Threat Training 1 - 6, as described in the list below .

Figure - Training Type selection options for Insider Threat training classes .

Repeat this for all of the classes required for ITPSOs: � Counterintelligence and Security Fundamentals (for Training Type, select Senior Insider Threat

Program Manager Training - Course 1) � Laws and Regulations about the gathering, retention, and use of records and data and their misuse

(for Training Type, select Senior Insider Threat Program Manager Training - Course 2) � Civil Liberties and Privacy Laws, Regulations, and Policies (for Training Type, select Senior Insider

Threat Program Manager Training - Course 3) � Referral Processes, regulations, and requirements including Section 811 of the Intelligence

Authorization Act (for Training Type, select Senior Insider Threat Program Manager Training - Course 4)

� Internal agency procedures for insider threat response actions (for Training Type, select Senior Insider Threat Program Manager Training - Course 5)

� CDSE eLearning: Establishing an Insider Threat Program for Your Organization CI122 .16 (for Training Type, select Senior Insider Threat Program Manager Training - Course 6)

g After completing the training, the Certificates of Training will be added as Associated Documents in the Personnel Management module . This training, and the certificates, must be tracked for evaluation by the DSS ISR during annual vulnerability assessments .

4 . Click the Update button .The message “The information has been updated .” displays .

5 . Click the Done button .The Training/Conference Listing screen displays, with the updated training record highlighted .

6 . Click + Add New and add the following DSS online course required for all cleared employees and Type A Consultants . Since this is required to be taken on a yearly basis, be sure to enter the Next Training Date . � CI121 Insider Threat Awareness (for Training Type, select Insider Threat Security Awareness

Training)

insider ThreaT

g After completing the training, the Certificate of Training will be added as an Associated Document in the Personnel Management module . This training, and the certificates, must be tracked for evaluation by the DSS ISR during annual vulnerability assessments .

7 . If desired, assign the cleared employees and Type A Consultants in your facility to this class: � Click the Update button . � Click the Re-Edit This Record link . � Click the Employees tab . � Click the Assign Employee(s) button . � Enter the search criteria to find the employees that have taken the class (e .g ., Clearance Type, Facility

Code) and click Find . � Select the applicable employees and click the Assign button . � Enter completion dates, as applicable, by selecting the employee(s) and clicking the Complete button .

9 . Click the Done button .The Training/Conference Listing screen displays, with the updated training record highlighted .

3. Designate an Insider Threat Program Senior Management Official (ITPSMO)

The personnel records for your facility’s ITPSMOs need to be updated . This is completed in the Personnel Management module . The Senior Management Official (SMO)? check box on the Flag/Remarks tab must be checked .

1 . In the Personnel Management module, search for the record of the individual who is the designated ITPSMO for your facility . The Personnel Listing screen displays .

2 . Click the Update button for his/her record .The person’s Personnel Info screen, Employee tab displays .

3 . Complete the following: � Ensure that his/her e-mail is populated in the E-mail field . � Click the Flag/Remarks. tab . and check the Senior Management Official (SMO)? check box . This

check box must be checked so that he/she can be designated as an ITPSMO in the Facility Info module .

Access Commander®

insider ThreaT

Figure - The Senior Management Official (SMO)? check box on the Flag/Remarks tab .

� Click the Assignment(s) tab . In the Training and Conference(s) section, and assign the required Insider Threat classes .

� Click the Employee tab . Upload the Training Certificates for the Insider Threat classes completed in the Associated Doc(s) - (No PI Info.) section . If they were previously uploaded, verify that all the certificates are included .

4 . Click the Update button

5 . Click the Done button .

4. Create an Insider Threat Program Senior Official (ITPSO)

The personnel records for your facility’s ITPSOs need to be updated . This is completed in the Personnel Management module . Both the Key Management Personnel check box on the Employee tab, and the Appointment Letter Received? check box on the Flag/Remarks tab must be checked .

After this step is completed, s/he will be designated as an ITPSO in the Facility Info module and will automatically receive an e-mail when an incident record is added in the Incident Record module .

1 . In the Personnel Management module, search for the record of the individual who is the designated ITPSO for your facility .The Personnel Listing screen displays .

2 . Click the Update button for his/her record .The person’s Personnel Info screen, Employee tab displays .

3 . Complete the following: � Ensure that his/her e-mail is populated in the E-mail field . � Check the Key Management Personnel check box . This check box must be checked so that he/she

can be designated as an ITPSO in the Facility Info module .

insider ThreaT

Figure - Key Management Personnel check box on the Employee tab .

� Click the Flag/Remarks. tab . Check the Appointment Letter Received? check box . This check box, as well as the Key Management Personnel check box, must be checked so that he/she can be designated as an ITPSMO in the Facility Info module .

Figure - The Appointment Letter Received? check box on the Flag/Remarks tab .

� Click the Assignment(s) tab . In the Training and Conference(s) section, assign the required Insider Threat classes if it has not already been done so .

� Click the Employee tab . Upload the Training Certificates for the Insider Threat classes completed, or if they were previously uploaded, verify that all the certificates are included .

� Still on the Employee tab, upload the Appointment Letter if it has not already been done so .

4 . Click the Update button

5 . Click the Done button .

5. Update your Facility with Incident POC, ITPSO and ITPSMO Designations

Your facility’s record needs to be updated with the Incident POC, ITPSO, ITSMO data . This is done in the Facility Info module .

1 . On the System Admin menu, click the Facility Info module icon .

2 . Enter the search criteria and click Find Facilities .

Access Commander®

insider ThreaT

The Facility Listing screen displays .

3 . Click the Update button for the applicable facility record .The Facility Info screen, Facility Info tab displays .

4 . Scroll to the bottom of the screen . Look up and select the correct employees for the following fields: � Incident POC � IT Program Sr . Official � Insider Threat SMO

Figure - Insider Threat fields on the Facility Info screen .

The selected individual’s names, e-mails and phone numbers populate in the corresponding fields .

g The employee(s) designated as the ITPSO’s will automatically be sent an e-mail when an incident is added in the Insider Threat module .

6 . Click the Done button .The Facility Listing screen displays, with the updated facility record highlighted .

Ongoing Insider Threat Management

Access Commander provides the following functionality to manage your ongoing Insider Threat Program requirements:

9 Insider Threat Self Inspection Checklist

9 DSS Annual Vulnerability Assessment tracking

9 Incident tracking, including Incident Information, Investigation/Corrective Action, Assignment(s), and Associated Document(s)

insider ThreaT

Also provided are two new standard reports and six new Adhoc Report profiles:

9 Standard Reports (accessed via the Facility Reports screen): � Sample Insider Threat Management Process � Sample Insider Threat Plan

9 Adhoc Query Insider Threat related report profiles (accessed via the Adhoc Query module): � Incident Summary � Incidents Severity By Facility � Insider Threat Designated Officials � Insider Threat Employee Awareness Training Completion Summary � Insider Threat Program Manager Training Completion Summary � Insider Threat Training Courses Summary � Personnel Insider Threat Summary

Insider Threat Self Inspection Checklist

This checklist needs to be completed on a yearly basis . It is accessed in the Facility Info module .

g If a facility fails self inspection (i .e ., one or more of the questions is answered as “Yes”), that facility will be highlighted on the Facility Info screen in red . The highlighting is automatically removed when a later inspection is passed (i .e ., no question is answered with a “Yes”) .

2 . Enter the search criteria and click Find Facilities . The Facility Listing screen displays .

4 . Click the Cognizant/Miscellaneous tab .

5 . Click the Self-Inspection Checklist (Section Y - Insider Threat) link .

Access Commander®

insider ThreaT

Figure - The Self-Inspection Checklist (Section Y - Insider Threat) link on the Cognizant/Miscellaneous tab .

The Self Inspection Check List Listing screen displays . If one of more previously completed checklists display, you can make a copy of the list and revise it, rather than creating a new one .

6 . Click + Add New . The Self Inspection Check List screen displays .

7 . Complete the checklist . If the answer to any of the questions on the checklist is No, the facility has failed . The facility will be highlighted on the Facility Listing screen in red . The highlighting is automatically removed when a later inspection is passed (i .e ., no question is answered with a “No”) .

8 . Click the Add buttonA confirmation window displays .

9 . Click OK . The Self Inspection Check List Listing screen displays . The newly added checklist displays in the list .

10 . Click the Exit arrow (upper right-hand corner) to return to the Cognizant/Miscellaneous tab .

Generate the Insider Threat Sample Reports

There are two standard sample reports specifically designed for Insider Threat that are based on the data entered in Access Commander . They are:

9 Sample Insider Threat Management Process

9 Sample Insider Threat Plan

The reports are available on the Facility Reports screen .

1 . On the Facility Listing screen, select the applicable facility record .

2 . Click the Reports button at the top of the menu bar .

insider ThreaT

The Facility Reports screen displays .

3 . Select the Sample Insider Threat Management Process or Sample Insider Threat Management Process report .

4 . For the Report on radio buttons, leave the default . For Output, select the desired output if the default is not what’s needed (i .e ., Viewer, PDF, Word) .

5 . Click the Go button (the default Command is Run Report) .The report displays .

6 . Use the buttons to print and/or export the report .

Track DSS Annual Vulnerability Assessments

Data about DSS Vulnerability Assessments is entered in the Facility Info module .

2 . Enter the search criteria and click Find Facilities . The Facility Listing screen displays .

4 . Click the Cognizant/Miscellaneous tab .

5 . Click the Insider Threat Review link .

Figure - The Insider Threat Review link on the Cognizant/Miscellaneous tab .

The Facility Insider Threat Listing screen displays .

6 . Click the + Add New button . You can use the Copy button to make a copy of a past review record, if applicable .The Facility - Insider Threat Review screen displays .

7 . Complete the fields . Fields with red titles are required .

Access Commander®

insider ThreaT

8 . Click the Add buttonA confirmation window displays .

9 . Click OK . The Facility - Insider Threat Review Listing screen displays .

10 . Click the Exit arrow (upper right-hand corner) .You are returned to the Facility Info screen, Cognizant/Miscellaneous tab, and the newly added document(s) display .

Track Incidents

The details about incidents are tracked within the Insider Threat module . Included in this module is the selection of the Adjudication Guideline violated, if applicable, and the corrective action taken . When an Adjudication Guideline is selected, the employee is listed in the Insider Threat Personnel List on the Cognizant/Miscellaneous tab in the Facility Info module .

How to add a new incident:

1 . On the Main Menu, click the Insider Threat module icon .

Figure - The Insider Threat module on the Main Menu .

The Incident Module Search screen displays .

2 . Click the + Add New button .

Figure - + Add New on the Incident Module Search screen .

insider ThreaT

The Incident Module Add screen, Incident Information tab displays (there is only this one tab when in Add mode) .

Figure - The Incident Module Add screen .

3 . Complete required fields (in red) and other applicable fields in all 5 sections: � Incident Information � Incident Reported � Incident Location � Incident Details � Additional Questions

4 . Click Submit . A confirmation window displays .

5 . Click OK .The Incident Module Listing screen displays with the new record highlighted .

g The employee(s) designated as the ITPSO’s (as designated in the Facility Info module) will automatically be sent an e-mail when an incident is added in the Insider Threat module .

Access Commander®

insider ThreaT

Figure - The e-mail sent to ITPSO’s when an incident is added .

6 . Click the Update button for the record .The Incident Module Add screen, Incident Information tab displays . There are now three additional tabs in Update mode:

� Investigation/Corrective Action � Assignment(s) � Associated Document(s)

Figure - The tabs on the Incident Module Update screen .

7 . Click the Investigation/Corrective Action tab .The Investigation and Corrective Action section headings display .

insider ThreaT

Figure - The Investigation/Corrective Action tab with both sections expanded .

8 . Click the Investigation section header to expand the section . Click the + Add New button to add information about the investigation, then click Add . A confirmation window displays, then click OK . You’re returned to the Investigation section and the newly added investigation record displays .

9 . Click the Corrective Action section header to expand the section . Click the + Add New button to add information about the corrective action taken, then click Add . A confirmation window displays, then click OK . You’re returned to the Corrective Action section and the newly added corrective action record displays .

10 . Click the Assignment(s) tab . � The Personnel - Visitor/Employee and Personnel - External section headings display .

Access Commander®

insider ThreaT

Figure - The Assignment(s) tab with the Personnel - Visitor/Employee section expanded .

11 . Click the Personnel - Visitor/Employee section header to expand the section . Click the + Add New button to select the employee or visitor involved in the incident, then click Add . A confirmation window displays, then click OK . You’re returned to the Personnel - Visitor/Employee section and the newly added record displays . Add additional employee(s) and/or visitor(s) as applicable .

g If one or more Adjudicative Guidelines is selected, the employee’s name will display in the Insider Threat Personnel List section on the Cognizant/Miscellaneous tab of the facility record to which he/she is assigned .

Figure - The Insider Threat Personnel List on the Cognizant/Miscellaneous tab .

insider ThreaT

g When one or more of the Adjudicative Guidelines are selected, follow your facility’s guidelines for notifying the Working Group .

12 . Click the Personnel - External section header to expand the section . Click the + Add New button to display the Incident - Personnel screen . Complete the fields for the external person, if anyone, involved in the incident, then click Add . A confirmation window displays, then click OK . You’re returned to the Personnel - External section and the newly added record displays . Add additional external people as applicable .

13 . Click on the Associated Document(s) tab .

Figure - The Associated Document(s) tab with an added document .

The Associated Doc(s) section heading and + Add New button display .

14 . Click the + Add New button . The Incident - Associated Doc(s) screen displays .

15 . Click the Browse button, locate the desired file and click it . Enter a file description and click Upload .A confirmation window displays .

16 . Click OK . Add any additional associated documents .

17 . Click Return when all documents have been added .You are returned to the Associated Doc(s) section and the newly added document(s) display .

18 . Once all data has been added for the incident, click the Update button .A confirmation window displays .

19 . Click OK .The Incident Module Listing screen displays and the updated incident displays (highlighted in gray) .

Access Commander®

insider ThreaT

Figure - The Incident Module Listing screen .

Build and Run Insider Threat Adhoc Queries

There are seven profiles that are specific to Insider Threat related fields within the Adhoc Queries module . The six profiles are:

� Incident Summary � Incidents Severity By Facility � Insider Threat Designated Officials � Insider Threat Employee Awareness Training Completion Summary � Insider Threat Program Manager Training Completion Summary � Insider Threat Training Courses Summary � Personnel Insider Threat Summary

How to design and run an adhoc query:

1 . Access the Adhoc Query (File Selection) screen .

2 . Click the down arrow button next to the Files field .The modules and module subsets display .

3 . Click the file for the module for which you’re designing a query .The Adhoc Query (Design) screen displays . All the fields within the selected module are listed .

4 . Enter a title for the query you’re building in the Query Title field .

5 . For each field, complete the following as appropriate: � Report Field(s) . Click the All button to include all the listed fields in the query, or check the check

box for the field(s) that should be included in the query . The order in which you select the fields determines their position (column placement) in the query results . The Position field(s) populate(s) with the number(s), accordingly .

� Sort Field(s) . Check the check box for those fields you want to determine the sort of the query . The order in which you select the fields determines their position (sort order) in the query results . The Position field(s) populate(s) with the number(s), accordingly .

insider ThreaT

� Filter Field(s) . Check the check box for those fields, if any, for which you want to enter search criterion(ia) .

6 . Click the Next button . The Adhoc Query (Summary) screen displays a summary of the query .

7 . If you designated any fields as filters, they will display in the Record(s) Selection section . For each filter field, select the criteria from the drop-down list and enter the value in the corresponding field .

8 . Review the summary .

g If you need to make changes to the design, click the Previous button and make the necessary changes on the Adhoc Query (Design) screen .

9 . Click the Next button .The Adhoc Query (Results) screen displays .

10 . To print the results, use your browser’s print feature .

11 . To continue, click the: � Main Menu link to return to the Main Menu screen � System Menu link to return to the System Administration menu screen � New Query link to go to the Adhoc Query (File Selection) screen to create a new query � Previous link to go back to the Adhoc Query (Summary) screen . This allows you to make changes to

the filter criterion(ia) and/or click Previous again to access the Adhoc Query (Design) screen to make further revisions to the query