Learn how to build a defense program against insider threats
Insiders are not always employees and insider threats are not always intentional.
This new title from Dr Julie Mehan looks beyond perimeter protection tools and shows how a security culture based on international best practice can help mitigate the insider threat to your security.
The common characteristics of insider threat victims.
The typical stages of a malicious attack.
The steps you can take to implement a successful insider threat program.
How to construct a three-tier security culture, encompassing artifacts, values and shared assumptions.
“The author has many, many sound things to say about security culture and practice.”
Use international best practice to implement a high-impact plan
Using security controls from the ISO 27001, ISO 27002, and NIST SP 800-53 standards, this title will help you address:
Risk mitigation and the eight steps of a risk assessment
Staff training and awareness, and conducting background screening
Monitoring and auditing the activities of general and privileged users, and quickly responding to suspicious behaviors
Metrics to measure insider threat behavior and mitigation
The challenge of external or temporary insiders (such as consultants, support contractors, partners, service providers, temporary employees)
Layering physical and digital defenses to provide defense in depth
The importance of conducting regular penetration testing to evaluate security controls
Limiting, monitoring and controlling remote access and mobile device use
Ensuring supply-chain security
Maintaining an incident management capability
The insider threat
Every type of organization is vulnerable to insider abuse, errors or malicious attacks. These can impact reputation, operations and profitability, and expose data, harm the organization, or deliver valuable intellectual property into competitors’ hands.
Insiders can be current or former employees, contractors, or other business partners who have been granted authorized access to networks, systems or data, and all of them can bypass security measures through legitimate means.
Prepare for insider threats with the most in-depth guide on the market and build a defense program using international best practice.