Chapter 7. Technical Insider Threat Controls

Chapter 6, Best Practices for the Prevention and Detection of Insider Threats, covered the broader range of insider threat controls, including both administrative and technical controls. This chapter will be of interest to the more technical readers among you, as it contains suggestions for new technical controls you can implement to prevent and detect insider threats. These controls are the output of the insider threat lab. First, we describe the lab at a high level, then we explain how we developed these controls, and then we describe each control. Note that the controls become increasingly sophisticated as you progress through the chapter, since we present them in the order they were developed. ...

Get The CERT® Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.