Since 2001, the CERT® Insider Threat Center at
Carnegie Mellon University’s Software Engineering Institute (SEI) has
collected and analyzed information about more than seven hundred insider
cyber crimes, ranging from national security espionage to theft of
trade secrets. The CERT® Guide to Insider Threats
describes CERT’s findings in practical terms, offering specific guidance
and countermeasures that can be immediately applied by executives,
managers, security officers, and operational staff within any private,
government, or military organization.

The
authors systematically address attacks by all types of malicious
insiders, including current and former employees, contractors, business
partners, outsourcers, and even cloud-computing vendors. They cover all
major types of insider cyber crime: IT sabotage, intellectual property
theft, and fraud. For each, they present a crime profile describing how
the crime tends to evolve over time, as well as motivations, attack
methods, organizational issues, and precursor warnings that could have
helped the organization prevent the incident or detect it earlier.
Beyond identifying crucial patterns of suspicious behavior, the authors
present concrete defensive measures for protecting both systems and
data.

This
book also conveys the big picture of the insider threat problem over
time: the complex interactions and unintended consequences of existing
policies, practices, technology, insider mindsets, and organizational
culture. Most important, it offers actionable recommendations for the
entire organization, from executive management and board members to IT,
data owners, HR, and legal departments.

With this book, you will find out how to

By
implementing this book’s security practices, you will be incorporating
protection mechanisms designed to resist the vast majority of malicious
insider attacks.

Leave a Comment