Managing Insider Threat with Access Commander® · 2 Managing Insider Threat with Access Commander...
Transcript of Managing Insider Threat with Access Commander® · 2 Managing Insider Threat with Access Commander...
Managing Insider Threat with Access Commander®
ContentsOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
New screens and fields related to the Access Commander Insider Threat implementation . . . . . . . . . . . . . 2Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Give users permission to the new Insider Threat module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Add items to new Insider Threat/Incident list boxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Insider Threat Set Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Create the Insider Threat Program Working Group (ITPWG) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Create the Insider Threat Training Courses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Designate an Insider Threat Program Senior Management Official (ITPSMO) . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Create an Insider Threat Program Senior Official (ITPSO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Update your Facility with Incident POC, ITPSO and ITPSMO Designations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Ongoing Insider Threat Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Insider Threat Self Inspection Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Generate the Insider Threat Sample Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Track DSS Annual Vulnerability Assessments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Track Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Build and Run Insider Threat Adhoc Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Access Commander®Managing Insider Threat with Access Commander®2
Overview
Overview
Access Commander® provides the functionality needed to implement your company’s Insider Threat Program . The software is designed to allow the FSO to identify and track:
� Key Management Personnel (KMP) � Insider Threat Program Senior Official (ITPSO) . S/he will receive an e-mail when an incident is
created . � Insider Threat Program Senior Management Official (ITPSMO) � Insider Threat Program Working Group (ITPWG) � Insider Threat Training required for ITPSOs and electronic storage of Certificates of Training and
Appointment Letters � Insider Threat Training (DSS online course CI121) required yearly for all cleared employees and
Type A Consultants � Adjudication Guideline(s) that apply to an incident � Insider Threat Plan sample report � Insider Threat Management Process sample report � Self Inspection Check List � Insider Threat Personnel List � Insider Threat Adhoc Query profiles
New screens and fields related to the Access Commander Insider Threat implementation
Insider Threat Module *NEW � Incident Module Search screen . Search criteria: Incident Number, Incident Start Date, Incident
End Date, Incident Category, Facility Code, Severity, Status, Financial/Monetary Loss? � Incident Module Listing screen . Incident records can be copied, exported in CSV or PDF
format and printed . Columns can be easily hidden from view using the Column visibility drop-down list .
� Incident Module Update screen . 4 tabs:1. Incident Information - sections are Incident Information, Incident Reported, Incident
Location, Incident Details and Additional Questions .2. Investigation/Corrective Action - the Investigation section fields include the Type, Status
and Start Date, as well as information about the investigating officer . The Corrective Action fields include the Type, Date, and approval information .
3. Assignment(s) - the Personnel - Visitor/Employee section is used to select the employee involved and the Adjudicative Guidelines violated, if any . The DSS Submission Form can be generated . The Personnel - External section is used to enter information about any non-employees involved in the incident .
4. Associated Document(s) - all documents related to the incident are uploaded on this tab .
Personnel Management Module
insider ThreaT
Managing Insider Threat with Access Commander®Access Commander® 3
� Employee tab - Key Management Personnel check box . This is not a new field, but when checked in this new version (along with the Appointment Letter Received? check box on the Flag/Remarks tab), allows the employee to be designated as an ITPSO in the Facility Info module .
� Flag/Rem . tab: › Senior Management Official (SMO)? check box - when checked, allows the employee to be
designated as an ITPSMO in the Facility Info module . › Appointment Letter Received? check box - when checked (along with the Key
Management Personnel check box on the Employee tab), allows person to be designated as an ITPSMO in the Facility Info module .
Facility Info Module � Facility Info tab (previously named Physical/Mailing Address) - 3 new sections with look-up
functionality: › Incident POC - up to three employees may be selected . › IT Program Sr. Official - up to three employees may be selected . Employees designated as
ITPSOs will receive an e-mail when an incident is created . › Insider Threat SMO - up to three employees may be selected .
� Cognizant/Miscellaneous tab (previously named Cognizant/Remark): › Insider Threat Review link › Self-Inspection Checklist (Section Y - Insider Threat) link › Insider Threat Personnel List - Employees that are involved in an incident that is assigned
one or more of the Adjudication Guidelines, display in this list . Data displayed is Employee Name, Employee ID, E-Mail Address, Phone Number, Title, Incident ID, Facility Incident Occurred At, Incident Date, and Adjudicative Guidelines Affected .
� Facility Listing screen - If a facility fails self inspection (i .e ., one or more of the questions is answered as “No”), that facility will be highlighted on the Facility Info screen in red . The highlighting is automatically removed when a later inspection is passed (i .e ., no question is answered with a “No”) .
� Two new reports: Sample Insider Threat Management Process and Sample Insider Threat Plan .
Adhoc Query Module � Incident Summary profile - Incident ID, Incident Type, Incident Detail Type, Severity, Incident
Date, Status, Facility, Number of Employees Involved, Number of Adjudicative Guidelines Affected .
� Incidents Severity By Facility profile - Facility, Low Severity, Moderate Severity, High Severity, Critical Severity
� Insider Threat Designated Officials profile - Facility, Employee Name, Employee ID, Designation
� Insider Threat Employee Awareness Training Completion Summary profile- Employee Name, Employee ID, Facility, Completed Date, Completed
� Insider Threat Program Manager Training Completion Summary profile- Employee Name, Employee ID, Training Course, Facility, Completed Date, Completed
� Insider Threat Training Courses Summary profile- Conference Number, Conference Name, Start Date, End Date, Training Type, Facility, Next Training Date, Number of Employees Assigned,
Access Commander®
insider ThreaT
Managing Insider Threat with Access Commander®4
Number of Employees Completed Training, Number of Employees Pending Completion � Personnel Insider Threat Summary profile- Employee Name, Employee ID, Incident ID, Facility,
Incident Date, Status, Adjudicative Guidelines
User Profile Module � User Permissions screen (previously named Assign User’s Security) - new Incidents check
box . When checked, gives the user access to the new Insider Threat module . Also allows the user to see the employees on the Insider Threat Personnel List, if any, on the Cognizant/Miscellaneous tab (Facility Info module) .
System Admin menu link � Corporate - Insider Threat Working Group option
Getting Started
To begin using Access Commander to manage your Insider Threat Program, the following needs to be done:
1 . System Administrator: � Completes initial configuration, which includes giving the applicable permission to system
users � Adds drop-down list box values (e .g ., Incident Type, Incident Investigation Action)
2 . FSO: � Creates the Insider Threat Program Working Group (ITPWG) � Creates the Insider Threat Training Courses � Designates the Incident POCs, IT Program Sr . Officials (ITPSOs), and Insider Threat Program
SMOs (ITPSMOs) for their facility
After the above steps are completed, the following functionality enables the ongoing Insider Threat Program implementation:
9 Insider Threat module
9 Insider Threat Self Inspection Checklist
9 Insider Threat Review (DSS Vulnerability Assessment tracking)
9 Insider Threat Personnel List
9 Adhoc Query reporting
insider ThreaT
Managing Insider Threat with Access Commander®Access Commander® 5
Initial Configuration
g System Administrator rights are required for these two initial configuration steps .
1. Give users permission to the new Insider Threat module
A user with System Administration rights must give permission to the user(s) who will be managing the day-to-day Insider Threat Program incident tracking . When checked, the user can access the Insider Threat module and will see the Insider Threat Personnel List in the Facility Info module . This is done in the User Profile module:
System Admin menu > User Profile module > User Listing screen > Assign Security > User Permissions screen > Incidents check box
2. Add items to new Insider Threat/Incident list boxes
Additional values in the following new profiles (drop-down list boxes) may need to be added:
System Admin menu > System Profile module > Profile Header Listing screen
g Do not modify the default descriptions or values. Only Add New options.
� Incident Corrective Action Type (line 73) � Incident Detail Type (line 74) � Incident Investigation Action (line 75) � Incident Investigation Status (line 76) � Incident Investigation Type (line 77) � Incident Severity (line 78) � Incident Source of Report (line 79) � Incident Status (line 80) � Incident Type (line 81) � Insider Threat Review Status (line 83) � Self Inspection Assessment Checklist Status (line 209) � Training Type (line 222)
Insider Threat Set Up g Security Administrator rights, with add and update permissions for the Personnel Management,
Training and Conferences and Facility Info modules, is required to complete these Insider Threat set up steps .
Access Commander®
insider ThreaT
Managing Insider Threat with Access Commander®6
1. Create the Insider Threat Program Working Group (ITPWG)
The ITPWG utility is accessed from the System Admin link at the top of the menu bar in Access Commander . The Working Group individuals are looked up and selected on the Facility - Insider Threat Working Group screen, and their role in the group is entered .
1 . Place the cursor on the System Admin link .The options display .
2 . Click the Corporate - Insider Threat Program Working Group option .
Figure - The Insider Threat Program Working Group option on the System Admin menu .
The Facility - Insider Threat Working Group Listing screen displays .
insider ThreaT
Managing Insider Threat with Access Commander®Access Commander® 7
Figure - The Facility - Insider Threat Working Group Listing screen .
3 . Click the +New button .The Facility - Insider Threat Working Group screen displays .
Figure - The Facility - Insider Threat Working Group screen .
4 . Search for the applicable employee and select his/her record . The employee’s name, ID, Facility Code, phone number and e-mail will automatically display in the corresponding columns on the Facility - Insider Threat Working Group Listing screen .
5 . Enter his/her role in the Role field .
6 . Click Add .The Facility - Insider Threat Working Group Listing screen displays . The newly added working group member displays in the list .
7 . Add additional members to the ITPWG as needed .
8 . To return to the Main Menu, click the Exit arrow in the upper right-hand corner .
2. Create the Insider Threat Training Courses
The training classes required for ITPSO, cleared personnel and Type A consultants are entered in the Training and Conferences module . Once completed, employees can be assigned to the class and the completion date can be entered . The class assignment and completion date will display in the Personnel Management module on the Assignment(s) tab for the individual employee’s record .
Employees can be assigned individually to these training classes in the Personnel Management module on the Assignment(s) tab, if desired . You will do that for the ITPSMOs in Step 3 and ITPSOs in Step 4 .
If the Insider Threat Training courses were previously entered in the system, skip to Step 3 .
1 . Place the cursor on the Training and Conferences module and click + Add New .
Access Commander®
insider ThreaT
Managing Insider Threat with Access Commander®8
The Training/Conference Info screen, Training & Conference tab displays .
2 . Complete the required fields (in red) and other fields as required for your facility . For the Training Type field, select Senior Insider Threat Training 1 - 6, as described in the list below .
Figure - Training Type selection options for Insider Threat training classes .
Repeat this for all of the classes required for ITPSOs: � Counterintelligence and Security Fundamentals (for Training Type, select Senior Insider Threat
Program Manager Training - Course 1) � Laws and Regulations about the gathering, retention, and use of records and data and their misuse
(for Training Type, select Senior Insider Threat Program Manager Training - Course 2) � Civil Liberties and Privacy Laws, Regulations, and Policies (for Training Type, select Senior Insider
Threat Program Manager Training - Course 3) � Referral Processes, regulations, and requirements including Section 811 of the Intelligence
Authorization Act (for Training Type, select Senior Insider Threat Program Manager Training - Course 4)
� Internal agency procedures for insider threat response actions (for Training Type, select Senior Insider Threat Program Manager Training - Course 5)
� CDSE eLearning: Establishing an Insider Threat Program for Your Organization CI122 .16 (for Training Type, select Senior Insider Threat Program Manager Training - Course 6)
g After completing the training, the Certificates of Training will be added as Associated Documents in the Personnel Management module . This training, and the certificates, must be tracked for evaluation by the DSS ISR during annual vulnerability assessments .
4 . Click the Update button .The message “The information has been updated .” displays .
5 . Click the Done button .The Training/Conference Listing screen displays, with the updated training record highlighted .
6 . Click + Add New and add the following DSS online course required for all cleared employees and Type A Consultants . Since this is required to be taken on a yearly basis, be sure to enter the Next Training Date . � CI121 Insider Threat Awareness (for Training Type, select Insider Threat Security Awareness
Training)
insider ThreaT
Managing Insider Threat with Access Commander®Access Commander® 9
g After completing the training, the Certificate of Training will be added as an Associated Document in the Personnel Management module . This training, and the certificates, must be tracked for evaluation by the DSS ISR during annual vulnerability assessments .
7 . If desired, assign the cleared employees and Type A Consultants in your facility to this class: � Click the Update button . � Click the Re-Edit This Record link . � Click the Employees tab . � Click the Assign Employee(s) button . � Enter the search criteria to find the employees that have taken the class (e .g ., Clearance Type, Facility
Code) and click Find . � Select the applicable employees and click the Assign button . � Enter completion dates, as applicable, by selecting the employee(s) and clicking the Complete button .
8 . Click the Update button .The message “The information has been updated .” displays .
9 . Click the Done button .The Training/Conference Listing screen displays, with the updated training record highlighted .
3. Designate an Insider Threat Program Senior Management Official (ITPSMO)
The personnel records for your facility’s ITPSMOs need to be updated . This is completed in the Personnel Management module . The Senior Management Official (SMO)? check box on the Flag/Remarks tab must be checked .
1 . In the Personnel Management module, search for the record of the individual who is the designated ITPSMO for your facility . The Personnel Listing screen displays .
2 . Click the Update button for his/her record .The person’s Personnel Info screen, Employee tab displays .
3 . Complete the following: � Ensure that his/her e-mail is populated in the E-mail field . � Click the Flag/Remarks. tab . and check the Senior Management Official (SMO)? check box . This
check box must be checked so that he/she can be designated as an ITPSMO in the Facility Info module .
Access Commander®
insider ThreaT
Managing Insider Threat with Access Commander®10
Figure - The Senior Management Official (SMO)? check box on the Flag/Remarks tab .
� Click the Assignment(s) tab . In the Training and Conference(s) section, and assign the required Insider Threat classes .
� Click the Employee tab . Upload the Training Certificates for the Insider Threat classes completed in the Associated Doc(s) - (No PI Info.) section . If they were previously uploaded, verify that all the certificates are included .
4 . Click the Update button
5 . Click the Done button .
4. Create an Insider Threat Program Senior Official (ITPSO)
The personnel records for your facility’s ITPSOs need to be updated . This is completed in the Personnel Management module . Both the Key Management Personnel check box on the Employee tab, and the Appointment Letter Received? check box on the Flag/Remarks tab must be checked .
After this step is completed, s/he will be designated as an ITPSO in the Facility Info module and will automatically receive an e-mail when an incident record is added in the Incident Record module .
1 . In the Personnel Management module, search for the record of the individual who is the designated ITPSO for your facility .The Personnel Listing screen displays .
2 . Click the Update button for his/her record .The person’s Personnel Info screen, Employee tab displays .
3 . Complete the following: � Ensure that his/her e-mail is populated in the E-mail field . � Check the Key Management Personnel check box . This check box must be checked so that he/she
can be designated as an ITPSO in the Facility Info module .
insider ThreaT
Managing Insider Threat with Access Commander®Access Commander® 11
Figure - Key Management Personnel check box on the Employee tab .
� Click the Flag/Remarks. tab . Check the Appointment Letter Received? check box . This check box, as well as the Key Management Personnel check box, must be checked so that he/she can be designated as an ITPSMO in the Facility Info module .
Figure - The Appointment Letter Received? check box on the Flag/Remarks tab .
� Click the Assignment(s) tab . In the Training and Conference(s) section, assign the required Insider Threat classes if it has not already been done so .
� Click the Employee tab . Upload the Training Certificates for the Insider Threat classes completed, or if they were previously uploaded, verify that all the certificates are included .
� Still on the Employee tab, upload the Appointment Letter if it has not already been done so .
4 . Click the Update button
5 . Click the Done button .
5. Update your Facility with Incident POC, ITPSO and ITPSMO Designations
Your facility’s record needs to be updated with the Incident POC, ITPSO, ITSMO data . This is done in the Facility Info module .
1 . On the System Admin menu, click the Facility Info module icon .
2 . Enter the search criteria and click Find Facilities .
Access Commander®
insider ThreaT
Managing Insider Threat with Access Commander®12
The Facility Listing screen displays .
3 . Click the Update button for the applicable facility record .The Facility Info screen, Facility Info tab displays .
4 . Scroll to the bottom of the screen . Look up and select the correct employees for the following fields: � Incident POC � IT Program Sr . Official � Insider Threat SMO
Figure - Insider Threat fields on the Facility Info screen .
The selected individual’s names, e-mails and phone numbers populate in the corresponding fields .
g The employee(s) designated as the ITPSO’s will automatically be sent an e-mail when an incident is added in the Insider Threat module .
5 . Click the Update button .The message “The information has been updated .” displays .
6 . Click the Done button .The Facility Listing screen displays, with the updated facility record highlighted .
Ongoing Insider Threat Management
Access Commander provides the following functionality to manage your ongoing Insider Threat Program requirements:
9 Insider Threat Self Inspection Checklist
9 DSS Annual Vulnerability Assessment tracking
9 Incident tracking, including Incident Information, Investigation/Corrective Action, Assignment(s), and Associated Document(s)
insider ThreaT
Managing Insider Threat with Access Commander®Access Commander® 13
Also provided are two new standard reports and six new Adhoc Report profiles:
9 Standard Reports (accessed via the Facility Reports screen): � Sample Insider Threat Management Process � Sample Insider Threat Plan
9 Adhoc Query Insider Threat related report profiles (accessed via the Adhoc Query module): � Incident Summary � Incidents Severity By Facility � Insider Threat Designated Officials � Insider Threat Employee Awareness Training Completion Summary � Insider Threat Program Manager Training Completion Summary � Insider Threat Training Courses Summary � Personnel Insider Threat Summary
Insider Threat Self Inspection Checklist
This checklist needs to be completed on a yearly basis . It is accessed in the Facility Info module .
g If a facility fails self inspection (i .e ., one or more of the questions is answered as “Yes”), that facility will be highlighted on the Facility Info screen in red . The highlighting is automatically removed when a later inspection is passed (i .e ., no question is answered with a “Yes”) .
1 . On the System Admin menu, click the Facility Info module icon .
2 . Enter the search criteria and click Find Facilities . The Facility Listing screen displays .
3 . Click the Update button for the applicable facility record .The Facility Info screen, Facility Info tab displays .
4 . Click the Cognizant/Miscellaneous tab .
5 . Click the Self-Inspection Checklist (Section Y - Insider Threat) link .
Access Commander®
insider ThreaT
Managing Insider Threat with Access Commander®14
Figure - The Self-Inspection Checklist (Section Y - Insider Threat) link on the Cognizant/Miscellaneous tab .
The Self Inspection Check List Listing screen displays . If one of more previously completed checklists display, you can make a copy of the list and revise it, rather than creating a new one .
6 . Click + Add New . The Self Inspection Check List screen displays .
7 . Complete the checklist . If the answer to any of the questions on the checklist is No, the facility has failed . The facility will be highlighted on the Facility Listing screen in red . The highlighting is automatically removed when a later inspection is passed (i .e ., no question is answered with a “No”) .
8 . Click the Add buttonA confirmation window displays .
9 . Click OK . The Self Inspection Check List Listing screen displays . The newly added checklist displays in the list .
10 . Click the Exit arrow (upper right-hand corner) to return to the Cognizant/Miscellaneous tab .
Generate the Insider Threat Sample Reports
There are two standard sample reports specifically designed for Insider Threat that are based on the data entered in Access Commander . They are:
9 Sample Insider Threat Management Process
9 Sample Insider Threat Plan
The reports are available on the Facility Reports screen .
1 . On the Facility Listing screen, select the applicable facility record .
2 . Click the Reports button at the top of the menu bar .
insider ThreaT
Managing Insider Threat with Access Commander®Access Commander® 15
The Facility Reports screen displays .
3 . Select the Sample Insider Threat Management Process or Sample Insider Threat Management Process report .
4 . For the Report on radio buttons, leave the default . For Output, select the desired output if the default is not what’s needed (i .e ., Viewer, PDF, Word) .
5 . Click the Go button (the default Command is Run Report) .The report displays .
6 . Use the buttons to print and/or export the report .
Track DSS Annual Vulnerability Assessments
Data about DSS Vulnerability Assessments is entered in the Facility Info module .
1 . On the System Admin menu, click the Facility Info module icon .
2 . Enter the search criteria and click Find Facilities . The Facility Listing screen displays .
3 . Click the Update button for the applicable facility record .The Facility Info screen, Facility Info tab displays .
4 . Click the Cognizant/Miscellaneous tab .
5 . Click the Insider Threat Review link .
Figure - The Insider Threat Review link on the Cognizant/Miscellaneous tab .
The Facility Insider Threat Listing screen displays .
6 . Click the + Add New button . You can use the Copy button to make a copy of a past review record, if applicable .The Facility - Insider Threat Review screen displays .
7 . Complete the fields . Fields with red titles are required .
Access Commander®
insider ThreaT
Managing Insider Threat with Access Commander®16
8 . Click the Add buttonA confirmation window displays .
9 . Click OK . The Facility - Insider Threat Review Listing screen displays .
10 . Click the Exit arrow (upper right-hand corner) .You are returned to the Facility Info screen, Cognizant/Miscellaneous tab, and the newly added document(s) display .
Track Incidents
The details about incidents are tracked within the Insider Threat module . Included in this module is the selection of the Adjudication Guideline violated, if applicable, and the corrective action taken . When an Adjudication Guideline is selected, the employee is listed in the Insider Threat Personnel List on the Cognizant/Miscellaneous tab in the Facility Info module .
How to add a new incident:
1 . On the Main Menu, click the Insider Threat module icon .
Figure - The Insider Threat module on the Main Menu .
The Incident Module Search screen displays .
2 . Click the + Add New button .
Figure - + Add New on the Incident Module Search screen .
insider ThreaT
Managing Insider Threat with Access Commander®Access Commander® 17
The Incident Module Add screen, Incident Information tab displays (there is only this one tab when in Add mode) .
Figure - The Incident Module Add screen .
3 . Complete required fields (in red) and other applicable fields in all 5 sections: � Incident Information � Incident Reported � Incident Location � Incident Details � Additional Questions
4 . Click Submit . A confirmation window displays .
5 . Click OK .The Incident Module Listing screen displays with the new record highlighted .
g The employee(s) designated as the ITPSO’s (as designated in the Facility Info module) will automatically be sent an e-mail when an incident is added in the Insider Threat module .
Access Commander®
insider ThreaT
Managing Insider Threat with Access Commander®18
Figure - The e-mail sent to ITPSO’s when an incident is added .
6 . Click the Update button for the record .The Incident Module Add screen, Incident Information tab displays . There are now three additional tabs in Update mode:
� Investigation/Corrective Action � Assignment(s) � Associated Document(s)
Figure - The tabs on the Incident Module Update screen .
7 . Click the Investigation/Corrective Action tab .The Investigation and Corrective Action section headings display .
insider ThreaT
Managing Insider Threat with Access Commander®Access Commander® 19
Figure - The Investigation/Corrective Action tab with both sections expanded .
8 . Click the Investigation section header to expand the section . Click the + Add New button to add information about the investigation, then click Add . A confirmation window displays, then click OK . You’re returned to the Investigation section and the newly added investigation record displays .
9 . Click the Corrective Action section header to expand the section . Click the + Add New button to add information about the corrective action taken, then click Add . A confirmation window displays, then click OK . You’re returned to the Corrective Action section and the newly added corrective action record displays .
10 . Click the Assignment(s) tab . � The Personnel - Visitor/Employee and Personnel - External section headings display .
Access Commander®
insider ThreaT
Managing Insider Threat with Access Commander®20
Figure - The Assignment(s) tab with the Personnel - Visitor/Employee section expanded .
11 . Click the Personnel - Visitor/Employee section header to expand the section . Click the + Add New button to select the employee or visitor involved in the incident, then click Add . A confirmation window displays, then click OK . You’re returned to the Personnel - Visitor/Employee section and the newly added record displays . Add additional employee(s) and/or visitor(s) as applicable .
g If one or more Adjudicative Guidelines is selected, the employee’s name will display in the Insider Threat Personnel List section on the Cognizant/Miscellaneous tab of the facility record to which he/she is assigned .
Figure - The Insider Threat Personnel List on the Cognizant/Miscellaneous tab .
insider ThreaT
Managing Insider Threat with Access Commander®Access Commander® 21
g When one or more of the Adjudicative Guidelines are selected, follow your facility’s guidelines for notifying the Working Group .
12 . Click the Personnel - External section header to expand the section . Click the + Add New button to display the Incident - Personnel screen . Complete the fields for the external person, if anyone, involved in the incident, then click Add . A confirmation window displays, then click OK . You’re returned to the Personnel - External section and the newly added record displays . Add additional external people as applicable .
13 . Click on the Associated Document(s) tab .
Figure - The Associated Document(s) tab with an added document .
The Associated Doc(s) section heading and + Add New button display .
14 . Click the + Add New button . The Incident - Associated Doc(s) screen displays .
15 . Click the Browse button, locate the desired file and click it . Enter a file description and click Upload .A confirmation window displays .
16 . Click OK . Add any additional associated documents .
17 . Click Return when all documents have been added .You are returned to the Associated Doc(s) section and the newly added document(s) display .
18 . Once all data has been added for the incident, click the Update button .A confirmation window displays .
19 . Click OK .The Incident Module Listing screen displays and the updated incident displays (highlighted in gray) .
Access Commander®
insider ThreaT
Managing Insider Threat with Access Commander®22
Figure - The Incident Module Listing screen .
Build and Run Insider Threat Adhoc Queries
There are seven profiles that are specific to Insider Threat related fields within the Adhoc Queries module . The six profiles are:
� Incident Summary � Incidents Severity By Facility � Insider Threat Designated Officials � Insider Threat Employee Awareness Training Completion Summary � Insider Threat Program Manager Training Completion Summary � Insider Threat Training Courses Summary � Personnel Insider Threat Summary
How to design and run an adhoc query:
1 . Access the Adhoc Query (File Selection) screen .
2 . Click the down arrow button next to the Files field .The modules and module subsets display .
3 . Click the file for the module for which you’re designing a query .The Adhoc Query (Design) screen displays . All the fields within the selected module are listed .
4 . Enter a title for the query you’re building in the Query Title field .
5 . For each field, complete the following as appropriate: � Report Field(s) . Click the All button to include all the listed fields in the query, or check the check
box for the field(s) that should be included in the query . The order in which you select the fields determines their position (column placement) in the query results . The Position field(s) populate(s) with the number(s), accordingly .
� Sort Field(s) . Check the check box for those fields you want to determine the sort of the query . The order in which you select the fields determines their position (sort order) in the query results . The Position field(s) populate(s) with the number(s), accordingly .
insider ThreaT
Managing Insider Threat with Access Commander®Access Commander® 23
� Filter Field(s) . Check the check box for those fields, if any, for which you want to enter search criterion(ia) .
6 . Click the Next button . The Adhoc Query (Summary) screen displays a summary of the query .
7 . If you designated any fields as filters, they will display in the Record(s) Selection section . For each filter field, select the criteria from the drop-down list and enter the value in the corresponding field .
8 . Review the summary .
g If you need to make changes to the design, click the Previous button and make the necessary changes on the Adhoc Query (Design) screen .
9 . Click the Next button .The Adhoc Query (Results) screen displays .
10 . To print the results, use your browser’s print feature .
11 . To continue, click the: � Main Menu link to return to the Main Menu screen � System Menu link to return to the System Administration menu screen � New Query link to go to the Adhoc Query (File Selection) screen to create a new query � Previous link to go back to the Adhoc Query (Summary) screen . This allows you to make changes to
the filter criterion(ia) and/or click Previous again to access the Adhoc Query (Design) screen to make further revisions to the query