Insider threats can expose data, harm the organisation or deliver valuable intellectual property into competitors’ hands, impacting reputation, operations and profitability. Every type of organisation is vulnerable.
Insider Threat – A Guide to Understanding, Detecting, and Defending Against the Enemy from Within looks beyond perimeter protection tools, and shows how a security culture based on international best practice can help mitigate the insider threat to your security.
The book details the measures that organisations can implement to ensure high-impact quick wins, mapping appropriate security controls from the ISO 27001, ISO 27002 and NIST SP 800-53 standards to the following points, and more:
- Risk mitigation and the eight steps of a risk assessment
- The importance of training and awareness, and conducting staff background screening
- Monitoring and auditing the activities of general and privileged users, and quickly responding to suspicious behaviours
- Metrics to measure insider threat behaviour and mitigation
- The challenge of external or temporary insiders (such as consultants, support contractors, partners, service providers and temporary employees)
- Layering physical and digital defences to provide defence in depth
- The importance of conducting regular penetration testing to evaluate security controls
- Limiting, monitoring and controlling remote access and mobile device use
- Ensuring supply-chain security
- Maintaining an incident management capability
It also sets out what not to do, listing a set of worst practices that should be avoided.
Reader review
“This manuscript is no less than what I would expect from a PhD with your track record… I am especially taken by the depth of your analysis and the combination of baselines and explanations.”
ir. H.L. (Maarten) Souw RE, Enterprise Risk and QA Manager, UVW
Insider Threat – A Guide to Understanding, Detecting, and Defending Against the Enemy from Within is available from IT Governance in softcover, Adobe eBook and ePub formats:
www.itgovernance.co.uk/shop/p-1841.aspx (UK)
www.itgovernanceusa.com/shop/p-1552.aspx (USA)
www.itgovernance.eu/p-1197.aspx (EU)
www.itgovernance.asia/p-1089.aspx (APAC)
www.itgovernancesa.co.za/p-1051.aspx (Southern Africa)