Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft

I understand the problems involved in attaining perfection in publishing. In fact, perfection isn't possible, but problems I've encountered in two of your books (Perfect Passwords and Insider Threat) are so far beyond the norm that I must comment.Perfect Passwords has several lists that are useless. Page after page of random seed words, more pages of random numbers, and (worst of all) several pages of bad passwords. Omitting these list would have reduced the page count by 42 without harming the message at all. Perfect Passwords was short enough that I managed to force myself to finish it.I may not be able to get through Insider Threat, though. The author (whether Cole or Ring isn't clear) keeps referring to himself (or herself) in the first person. This book has an author and a co-author, so "I" is meaningless, distracting, and annoying. It reads as if it has been written by a high school sophomore. The book is repetitive, filled with trite phrases, and contains a variety of errors that suggest a lack of editing.Example (page vii, in the introduction): "Eric is an invited keynote speaker ...." What other kind is there? Do keynote speakers ever just barge in and take over a meeting?Example (page 12): "But what else is he accessing either deliberately or on purpose?" "Deliberately" and "on purpose" are synonyms in all variants of English with which I am familiar.Rubber hitting the road, needles in haystacks, and grains of sand on all the beaches occur with distressing frequency and I'm only on page 37 of a nearly 400-page book.Example (page 17): "[T]hey have times where revenue is high and they have times when revenue is low." Times are always "when", not "where".Example (page 30): "Insiders that cause harm to the organization have visible showed behavioral and professional problems." I wonder what that means in English. Although "that" should be "who", I'm willing to let that slide under the needle in the haystack so that we won't get a flat tire when the rubber hits the road. But what are "visible showed behavioral and professional problems"?I'll probably keep slogging my way through this morass of tortured writing and non-editing because the information is useful and I paid for the book. But it's doubtful that I'll purchase any more books with the Syngress imprint.

I bought this book to learn about the latest structured thinking - on the risks in our system, and what can be done about them. Even if the risk mitigation was perhaps not an effective return for all situations.This book is well organized, and brings out the challenges we face - with a real face. It covers technology, process, and people risks, and provides risk mitigation strategies as suggestions, which works well.Well worth the time and money.

This book is an easy read and served me well in my research paper on the cyber threat of the authorized insider. Eric Cole is a credentialed and excellent source on this topic. While I had textbooks that also discussed this, they did not go into the detail that this book did. A great source for those pursuing degrees in Information Assurance.

Books on insider threats are hard to find, and this one does a good job detailing the issue. The first chapter was full of great content.

Thousands of computer security books have been published that deal with every conceivable security issue and technology. But Insider Threat is one of the first to deal with one of the most significant threats to an organizations, namely that of the trusted insider. The problem is that within information technology, many users have far too much access and trust than they should truly have.The retail and gambling sectors have long understood the danger of the insider threat and have built their security frameworks to protect against both the insider and the outsider. Shoplifters are a huge bane to the retail industry, exceeded only by thefts from internal employees behind the registers. The cameras and guards in casinos are looking at both those in front of and behind the gambling tables. Casinos understand quite well that when an employee is spending 40 hours a week at their location dealing with hundreds of thousands of dollars; over time, they will learn where the vulnerabilities and weaknesses are. For a minority of these insiders, they will commit fraud, which is invariably much worse than any activity an outsider could alone carry out.Insider Threat is mainly a book of real-life events that detail how the insider threat is a problem that affects every organization in every industry. In story after story, the book details how trusted employees will find weaknesses in systems in order to carry out financial or political attacks against their employers. It is the responsibility to the organization to ensure that their infrastructure is designed to detect these insiders and their systems resilient enough to defend against them. This is clearly not a trivial task.The authors note that the crux of the problem is that many organizations tend to think that once they hire an employee or contractor, that the person is now part of a trusted group of dedicated and loyal employees. Given that many organizations don't perform background checks on their prospective employees, they are placing a significant level of trust in people they barely know. While the vast majority of employees can be trusted and are honest, the danger of the insider threat is that it is the proverbial bad apple that can take down the entire tree. The book details numerous stories of how a single bad employee has caused a company to go out of business.Part of the problem with the insider threat is that since companies are oblivious to it, they do not have a framework in place to determine when it is happening, and to deal with it when it occurs. With that, when the insider attack does occur, which it invariably will, companies have to scramble to recover. Many times, they are simply unable to recover, as the book details in the cases of Omega Engineering and Barings Bank.The premise of Insider Threat is that companies that don't have a proactive plan to deal with insider threats will ultimately be a victim of insider threats. The 10 chapters in the book expand on this and provide analysis to each scenario described.Chapter 1 defines what exactly insider threats are and provides a number of ways to prevent insider threats. The authors note that there is no silver bullet solution or single thing that can be done to prevent and insider threat. The only way to do this is via a comprehensive program that must be developed within the framework of the information security group. Fortunately, all of these things are part of a basic information security program including fundamental topics like security awareness, separation and rotation of duties, least privilege to systems, logging and auditing, and more.The irony of all of the solutions suggested in chapter one is that not a single one of them is rocket science. All of them are security 101 and don't require any sort of expensive software or hardware. Part of this bitter irony is that companies are oblivious to these insider threats and will spend huge amounts of money to protect against the proverbial evil hacker, being oblivious to the nefarious accounts receivable clerk in the back office that is draining the coffers.One example the book provides is that many companies feel they are safe because they encrypt data. An excellent idea detailed in chapter two is to set up a sniffer and examine the traffic on the internal network to ensure that the data is indeed encrypted. The reliance on encryption will not work if it is not setup or configured correctly. The only way to know with certainty is to test it and see how it is transmitted over the wire. Many companies will be surprised that data that should be unreadable is being transmitted in the clear.Some of the suggestions that authors propose will likely ruffle some feathers. Ideas such as restricting Internet, email, IM and web access to a limited number of users may sound absurd to some. But unless there is a compelling business need for a user to have these technologies, they should be prohibited. Not only will the insider threat threshold be lowered, productivity will likely increase also.The author's also suggest prohibiting iPods or similar devices in a corporate environment. The same device that can store gigabytes of music can also be used to illicitly transfer gigabytes of corporate data.Insider Threat provides verifiable stories from every industry and sector, be it commercial or government. The challenge of dealing with the insider threat is that it requires most organizations to completely rethink the way they relate to security. It is a challenge that many organizations would prefer to remain obvious to, given the uncomfortable nature of the insider threat. But given that the threats are only getting worse, ignoring them is inviting peril.The only lacking of the book is that even though it provides a number of countermeasures and suggestions, they are someone scattered and written in an unstructured way. It is hoped that the authors will write a follow-up book that details a thorough methodology and framework for dealing with the insider threat.Overall, Insider Threat is an important work that should be required reading for every information security professional and technology manager. The issue of the insider threat is real and only getter worse. Those that choose to ignore it are only inviting disaster. Those companies that will put office supplies and coffee under double-lock and key, while doing nothing to contain the insider threat are simply misguided and putting their organization at risk.Insider Threat is a wake-up call that should revive anyone who doubts the insider threat.

I have to say that this book helped me a lot in analyzing insider threats and understand the concept of insider attacks. It contains a lot of cases and information about them. I am somewhat dissapointed that I cannot see any consistent picture and no strategies how to defend an organization. The information is all there but the analysis could be clearer. Still, I recommend this book to anyone who has to deal with insider attacks.