O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Enemy at the Water Cooler

Book Description

The book covers a decade of work with some of the largest commercial and government agencies around the world in addressing cyber security related to malicious insiders (trusted employees, contractors, and partners). It explores organized crime, terrorist threats, and hackers. It addresses the steps organizations must take to address insider threats at a people, process, and technology level.

Today’s headlines are littered with news of identity thieves, organized cyber criminals, corporate espionage, nation-state threats, and terrorists. They represent the next wave of security threats but still possess nowhere near the devastating potential of the most insidious threat: the insider. This is not the bored 16-year-old hacker. We are talking about insiders like you and me, trusted employees with access to information - consultants, contractors, partners, visitors, vendors, and cleaning crews. Anyone in an organization’s building or networks that possesses some level of trust.

* Full coverage of this hot topic for virtually every global 5000 organization, government agency, and individual interested in security.

* Brian Contos is the Chief Security Officer for one of the most well known, profitable and respected security software companies in the U.S.—ArcSight.

Table of Contents

  1. Cover (1/3)
  2. Cover (2/3)
  3. Cover (3/3)
  4. Contents (1/2)
  5. Contents (2/2)
  6. Foreword
  7. Introduction
  8. Part I Background on Cyber Crime, Insider Threats, and ESM
    1. Chapter 1 Cyber Crime and Cyber Criminals 101
      1. About This Chapter
      2. Computer Dependence and Internet Growth
      3. Motivations for Cyber Criminal Activity
      4. Black Markets
      5. Hackers
      6. Script Kiddies
      7. Solitary Cyber Criminals and Exploit Writers for Hire
      8. Organized Crime
      9. Identity Thieves (Impersonation Fraudsters)
      10. Competitors
      11. Activist Groups, Nation-State Threats, and Terrorists
      12. Insiders
      13. Tools of the Trade (1/3)
      14. Tools of the Trade (2/3)
      15. Tools of the Trade (3/3)
    2. Chapter 2 Insider Threats
      1. Understanding Who the Insider Is
      2. Psychology of Insider Identification
      3. Insider Threat Examples from the Media
      4. Insider Threats from a Human Perspective
      5. Insider Threats from a Business Perspective
      6. Insider Threats from a Technical Perspective (1/2)
      7. Insider Threats from a Technical Perspective (2/2)
    3. Chapter 3 Enterprise Security Management (ESM)
      1. ESM in a Nutshell
      2. Key ESM Feature Requirements (1/3)
      3. Key ESM Feature Requirements (2/3)
      4. Key ESM Feature Requirements (3/3)
      5. Return On Investment (ROI) and Return On Security Investment (ROSI)
      6. Alternatives to ESM (1/2)
      7. Alternatives to ESM (2/2)
  9. Part II Real Life Case Studies
    1. Chapter 4 Imbalanced Security— A Singaporean Data Center (1/2)
    2. Chapter 4 Imbalanced Security— A Singaporean Data Center (2/2)
    3. Chapter 5 Comparing Physical & Logical Security Events—A U.S. Government Agency (1/2)
    4. Chapter 5 Comparing Physical & Logical Security Events—A U.S. Government Agency (2/2)
    5. Chapter 6 Insider with a Conscience— An Austrian Retailer (1/2)
    6. Chapter 6 Insider with a Conscience— An Austrian Retailer (2/2)
    7. Chapter 7 Collaborative Threat—A Telecommunications Company in the U.S. (1/2)
    8. Chapter 7 Collaborative Threat—A Telecommunications Company in the U.S. (2/2)
    9. Chapter 8 Outbreak from Within—A Financial Organization in the U.K. (1/2)
    10. Chapter 8 Outbreak from Within—A Financial Organization in the U.K. (2/2)
    11. Chapter 9 Mixing Revenge and Passwords— A Utility Company in Brazil (1/2)
    12. Chapter 9 Mixing Revenge and Passwords— A Utility Company in Brazil (2/2)
    13. Chapter 10 Rapid Remediation— A University in the United States (1/2)
    14. Chapter 10 Rapid Remediation— A University in the United States (2/2)
    15. Chapter 11 Suspicious Activity—A Consulting Company in Spain (1/2)
    16. Chapter 11 Suspicious Activity—A Consulting Company in Spain (2/2)
    17. Chapter 12 Insiders Abridged
      1. Malicious Use of Medical Records
      2. Hosting Pirated Software
      3. Pod-Slurping
      4. Auctioning State Property
      5. Writing Code for Another Company
      6. Outsourced Insiders
      7. Smuggling Gold in Rattus Norvegicus
  10. Part III The Extensibility of ESM
    1. Chapter 13 Establishing Chainof- Custody Best Practices with ESM
      1. Disclaimer
      2. Monitoring and Disclosure
      3. Provider Protection Exception
      4. Consent Exception
      5. Computer Trespasser Exception
      6. Court Order Exception
      7. Best Practices
      8. Canadian Best Evidence Rule
    2. Chapter 14 Addressing Both Insider Threats and Sarbanes-Oxley with ESM
      1. Why Sarbanes-Oxley
      2. A Primer on Sarbanes-Oxley
      3. Section 302: Corporate Responsibility for Financial Reports
      4. Section 404: Management Assessment of Internal Controls
      5. Section 409: Real-Time Issuer Disclosures
    3. Chapter 15 Incident Management with ESM
      1. Incident Management Basics
      2. Building an Incident Management Program (1/2)
      3. Building an Incident Management Program (2/2)
    4. Chapter 16 Insider Threat Questions and Answers
      1. Introduction
      2. Insider Threat Recap
      3. Question One—Employees (1/2)
      4. Question One—Employees (2/2)
      5. Question Two—Prevention
      6. Question Three—Asset Inventories
      7. Question Four—Log Collection
      8. Question Five—Log Analysis
      9. Question Six— Specialized Insider Content
      10. Question Seven—Physical and Logical Security Convergence
      11. Question Eight—IT Governance (1/2)
      12. Question Eight—IT Governance (2/2)
      13. Question Nine—Incident Response
      14. Question Ten—Must Haves
    5. Appendix A Examples of Cyber Crime Prosecutions
      1. U.S. Department of Justice Cases (1/3)
      2. U.S. Department of Justice Cases (2/3)
      3. U.S. Department of Justice Cases (3/3)
  11. Bibliography
  12. Index (1/3)
  13. Index (2/3)
  14. Index (3/3)