Every type of organisation is vulnerable to insider abuse, errors, and malicious attacks: grant anyone access to a system and you automatically introduce a vulnerability. Insiders can be current or former employees, contractors, or other business partners who have been granted authorised access to networks, systems, or data, and all of them can bypass security measures through legitimate means.
Insider Threat – A Guide to Understanding, Detecting, and Defending Against the Enemy from Within shows how a security culture based on international best practice can help mitigate the insider threat, providing short-term quick fixes and long-term solutions that can be applied as part of an effective insider threat program.
Read this book to learn the seven organisational characteristics common to insider threat victims; the ten stages of a malicious attack; the ten steps of a successful insider threat program; and the construction of a three-tier security culture, encompassing artefacts, values, and shared assumptions. Perhaps most importantly, it also sets out what not to do, listing a set of worst practices that should be avoided.