Book description
Learn how to build a defense program against insider threats
Insiders are not always employees and insider threats are not always intentional.
This new title from Dr Julie Mehan looks beyond perimeter protection tools and shows how a security culture based on international best practice can help mitigate the insider threat to your security.
Discover:
The common characteristics of insider threat victims.
The typical stages of a malicious attack.
The steps you can take to implement a successful insider threat program.
How to construct a three-tier security culture, encompassing artifacts, values and shared assumptions.
“The author has many, many sound things to say about security culture and practice.”
Mark Rowe
Use international best practice to implement a high-impact plan
Using security controls from the ISO 27001, ISO 27002, and NIST SP 800-53 standards, this title will help you address:
Risk mitigation and the eight steps of a risk assessment
Staff training and awareness, and conducting background screening
Monitoring and auditing the activities of general and privileged users, and quickly responding to suspicious behaviors
Metrics to measure insider threat behavior and mitigation
The challenge of external or temporary insiders (such as consultants, support contractors, partners, service providers, temporary employees)
Layering physical and digital defenses to provide defense in depth
The importance of conducting regular penetration testing to evaluate security controls
Limiting, monitoring and controlling remote access and mobile device use
Ensuring supply-chain security
Maintaining an incident management capability
The insider threat
Every type of organization is vulnerable to insider abuse, errors or malicious attacks. These can impact reputation, operations and profitability, and expose data, harm the organization, or deliver valuable intellectual property into competitors’ hands.
Insiders can be current or former employees, contractors, or other business partners who have been granted authorized access to networks, systems or data, and all of them can bypass security measures through legitimate means.
Prepare for insider threats with the most in-depth guide on the market and build a defense program using international best practice.
Table of contents
- Cover
- Title
- Copyright
- Dedication
- Preface
- About the Author
- Acknowledgements
- Contents
- List of Figures
- List of Tables
- Introduction
- Chapter 1: The Hidden Threat
-
Chapter 2: Insider Threat Models and Indicators
- The Bricks and Mortar Insider
- Hard Copy-Based Insider
- The Transitional Insider
- Bits and Bytes Insider
- Behavior Traits and Patterns Associated with Insider Threat
- Insider Motivations and Enablers
- The Psychology of an Insider – The Snowden Case
- Organizational Characteristics and Insider Threat
- The Life Stages of the Insider Threat
- The Radicalized Insider Threat
- A Note of Caution – Privacy and Ethical Concerns
- Chapter 3: The Unintentional Insider Threat
- Chapter 4: Insider Threat, Big Data and the Cloud
- Chapter 5: Regional Perspectives on Insider Threat
- Chapter 6: Best Practices, Controls and Quick Wins
- Chapter 7: Final Thoughts
- End Notes
- ITG Resources
Product information
- Title: Insider Threat: A Guide to Understanding, Detecting, and Defending Against the Enemy from Within
- Author(s):
- Release date: September 2016
- Publisher(s): IT Governance Publishing
- ISBN: 9781849288415
You might also like
book
Building an Information Security Awareness Program
The best defense against the increasing threat of social engineering attacks is Security Awareness Training to …
book
Asset Protection through Security Awareness
Supplying a high-level overview of how to protect your company's physical and intangible assets, Asset Protection …
book
Assessing Information Security: Strategies, tactics, logic and framework
Build a strategic response to cyber attacks The activities of the cyber criminal are both deliberate …
book
Security Risk Assessment
Security Risk Assessment is the most up-to-date and comprehensive resource available on how to conduct a …