Since 2001, the CERT® Insider Threat Center at
Carnegie Mellon University’s Software Engineering
Institute (SEI) has collected and analyzed information
about more than seven hundred insider cyber crimes,
ranging from national security espionage to theft of
trade secrets.
The CERT® Guide to Insider
Threats describes CERT’s findings in
practical terms, offering specific guidance and
countermeasures that can be immediately applied by
executives, managers, security officers, and operational
staff within any private, government, or military
organization.
The authors systematically
address attacks by all types of malicious insiders,
including current and former employees, contractors,
business partners, outsourcers, and even cloud-computing
vendors. They cover all major types of insider cyber
crime: IT sabotage, intellectual property theft, and
fraud. For each, they present a crime profile describing
how the crime tends to evolve over time, as well as
motivations, attack methods, organizational issues, and
precursor warnings that could have helped the
organization prevent the incident or detect it earlier.
Beyond identifying crucial patterns of suspicious
behavior, the authors present concrete defensive
measures for protecting both systems and
data.
This book also conveys the big
picture of the insider threat problem over time: the
complex interactions and unintended consequences of
existing policies, practices, technology, insider
mindsets, and organizational culture. Most important, it
offers actionable recommendations for the entire
organization, from executive management and board
members to IT, data owners, HR, and legal
departments.
With this book, you will find
out how to
- Identify hidden signs of insider IT sabotage,
theft of sensitive information, and fraud
- Recognize insider threats throughout the software
development life cycle
- Use advanced threat controls to resist attacks by
both technical and nontechnical insiders
- Increase the effectiveness of existing technical
security tools by enhancing rules, configurations, and
associated business processes
- Prepare for unusual insider attacks, including
attacks linked to organized crime or the Internet
underground
By implementing this book’s
security practices, you will be incorporating protection
mechanisms designed to resist the vast majority of
malicious insider attacks.