Book description
Learn how to build a defense program against insider threats Insiders are not always employees and insider threats are not always intentional. This new title from Dr Julie Mehan looks beyond perimeter protection tools and shows how a security culture based on international best practice can help mitigate the insider threat to your security. Discover: The common characteristics of insider threat victims. The typical stages of a malicious attack. The steps you can take to implement a successful insider threat program. How to construct a three-tier security culture, encompassing artifacts, values and shared assumptions. “The author has many, many sound things to say about security culture and practice.” Mark Rowe Use international best practice to implement a high-impact plan Using security controls from the ISO 27001, ISO 27002, and NIST SP 800-53 standards, this title will help you address: Risk mitigation and the eight steps of a risk assessment Staff training and awareness, and conducting background screening Monitoring and auditing the activities of general and privileged users, and quickly responding to suspicious behaviors Metrics to measure insider threat behavior and mitigation The challenge of external or temporary insiders (such as consultants, support contractors, partners, service providers, temporary employees) Layering physical and digital defenses to provide defense in depth The importance of conducting regular penetration testing to evaluate security controls Limiting, monitoring and controlling remote access and mobile device use Ensuring supply-chain security Maintaining an incident management capability The insider threat Every type of organization is vulnerable to insider abuse, errors or malicious attacks. These can impact reputation, operations and profitability, and expose data, harm the organization, or deliver valuable intellectual property into competitors’ hands. Insiders can be current or former employees, contractors, or other business partners who have been granted authorized access to networks, systems or data, and all of them can bypass security measures through legitimate means. Prepare for insider threats with the most in-depth guide on the market and build a defense program using international best practice.Table of contents
- Cover
- Title
- Copyright
- Dedication
- Preface
- About the Author
- Acknowledgements
- Contents
- List of Figures
- List of Tables
- Introduction
- Chapter 1: The Hidden Threat
-
Chapter 2: Insider Threat Models and Indicators
- The Bricks and Mortar Insider
- Hard Copy-Based Insider
- The Transitional Insider
- Bits and Bytes Insider
- Behavior Traits and Patterns Associated with Insider Threat
- Insider Motivations and Enablers
- The Psychology of an Insider – The Snowden Case
- Organizational Characteristics and Insider Threat
- The Life Stages of the Insider Threat
- The Radicalized Insider Threat
- A Note of Caution – Privacy and Ethical Concerns
- Chapter 3: The Unintentional Insider Threat
- Chapter 4: Insider Threat, Big Data and the Cloud
- Chapter 5: Regional Perspectives on Insider Threat
- Chapter 6: Best Practices, Controls and Quick Wins
- Chapter 7: Final Thoughts
- End Notes
- ITG Resources
Product information
- Title: Insider Threat: A Guide to Understanding, Detecting, and Defending Against the Enemy from Within
- Author(s):
- Release date: September 2016
- Publisher(s): IT Governance Publishing
- ISBN: 9781849288415
You might also like
book
Social Engineering, 2nd Edition
Harden the human firewall against the most current threats Social Engineering: The Science of Human Hacking …
book
The Official (ISC)2 Guide to the CISSP CBK Reference, 5th Edition
The only official, comprehensive reference guide to the CISSP All new for 2019 and beyond, this …
book
Information Assurance Handbook: Effective Computer Security and Risk Management Strategies
Best practices for protecting critical data and systems Information Assurance Handbook: Effective Computer Security and Risk …
book
Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations
Build an effective vulnerability management strategy to protect your organization’s assets, applications, and data.Today’s network environments …