Book Detail
Hardcover: 432 pages
Publisher: Addison-Wesley Professional; 1 edition (January 24, 2012)
Language: English
ISBN-10: 0321812573
ISBN-13: 978-0321812575
File Size : 12 Mb | File Format : PDF + Epub
Book Description
Since 2001, the CERT® Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute (SEI) has collected and analyzed information about more than seven hundred insider cyber crimes, ranging from national security espionage to theft of trade secrets. The CERT® Guide to Insider Threats describes CERT’s findings in practical terms, offering specific guidance and countermeasures that can be immediately applied by executives, managers, security officers, and operational staff within any private, government, or military organization.
The authors systematically address attacks by all types of malicious insiders, including current and former employees, contractors, business partners, outsourcers, and even cloud-computing vendors. They cover all major types of insider cyber crime: IT sabotage, intellectual property theft, and fraud. For each, they present a crime profile describing how the crime tends to evolve over time, as well as motivations, attack methods, organizational issues, and precursor warnings that could have helped the organization prevent the incident or detect it earlier. Beyond identifying crucial patterns of suspicious behavior, the authors present concrete defensive measures for protecting both systems and data.
This book also conveys the big picture of the insider threat problem over time: the complex interactions and unintended consequences of existing policies, practices, technology, insider mindsets, and organizational culture. Most important, it offers actionable recommendations for the entire organization, from executive management and board members to IT, data owners, HR, and legal departments.
With this book, you will find out how to
- Identify hidden signs of insider IT sabotage, theft of sensitive information, and fraud
- Recognize insider threats throughout the software development life cycle
- Use advanced threat controls to resist attacks by both technical and nontechnical insiders
- Increase the effectiveness of existing technical security tools by enhancing rules, configurations, and associated business processes
- Prepare for unusual insider attacks, including attacks linked to organized crime or the Internet underground
About the Author
Dawn Cappelli, CISSP, is Technical Manager of the CERT Insider Threat Center and the Enterprise Threat and Vulnerability Management Team at Carnegie Mellon University’s Software Engineering Institute (SEI). She has spent the past decade working with organizations such as the U.S. Secret Service and Department of Homeland Security in protecting the United States against insider threats. Andrew Moore is Lead Researcher in the CERT Insider Threat Center and Senior Member of Technical Staff at SEI. Randall Trzeciak is a Senior Member of Technical Staff at SEI, and Technical Team Lead for the Insider Threat Research Group at the CERT Insider Threat Center.
Table of Contents
Chapter 01. Overview
Chapter 02. Insider IT Sabotage
Chapter 03. Insider Theft of Intellectual Property
Chapter 04. Insider Fraud
Chapter 05. Insider Threat Issues in the Software Development Life Cycle
Chapter 06. Best Practices for the Prevention and Detection of Insider Threats
Chapter 07. Technical Insider Threat Controls
Chapter 08. Case Examples
Chapter 09. Conclusion and Miscellaneous Issues
Appendix A. Insider Threat Center Products and Services
Appendix B. Deeper Dive into the Data
Appendix C. CyberSecurity Watch Survey
Appendix D. Insider Threat Database Structure
Appendix E. Insider Threat Training Simulation: MERIT InterActive
Appendix F. System Dynamics Background
Table of Contents
Chapter 01. Overview
Chapter 02. Insider IT Sabotage
Chapter 03. Insider Theft of Intellectual Property
Chapter 04. Insider Fraud
Chapter 05. Insider Threat Issues in the Software Development Life Cycle
Chapter 06. Best Practices for the Prevention and Detection of Insider Threats
Chapter 07. Technical Insider Threat Controls
Chapter 08. Case Examples
Chapter 09. Conclusion and Miscellaneous Issues
Appendix A. Insider Threat Center Products and Services
Appendix B. Deeper Dive into the Data
Appendix C. CyberSecurity Watch Survey
Appendix D. Insider Threat Database Structure
Appendix E. Insider Threat Training Simulation: MERIT InterActive
Appendix F. System Dynamics Background
Download This Book : The CERT Guide to Insider Threats
Mirror :
.jpg)
Updated Mediafire Link !
ReplyDeleteMF : http://adf.ly/DIzi5