Insider Threat: Prevention, Detection, Mitigation, and Deterrence
5/5
()
About this ebook
Insider Threat: Detection, Mitigation, Deterrence and Prevention presents a set of solutions to address the increase in cases of insider threat. This includes espionage, embezzlement, sabotage, fraud, intellectual property theft, and research and development theft from current or former employees. This book outlines a step-by-step path for developing an insider threat program within any organization, focusing on management and employee engagement, as well as ethical, legal, and privacy concerns. In addition, it includes tactics on how to collect, correlate, and visualize potential risk indicators into a seamless system for protecting an organization’s critical assets from malicious, complacent, and ignorant insiders. Insider Threat presents robust mitigation strategies that will interrupt the forward motion of a potential insider who intends to do harm to a company or its employees, as well as an understanding of supply chain risk and cyber security, as they relate to insider threat.
- Offers an ideal resource for executives and managers who want the latest information available on protecting their organization’s assets from this growing threat
- Shows how departments across an entire organization can bring disparate, but related, information together to promote the early identification of insider threats
- Provides an in-depth explanation of mitigating supply chain risk
- Outlines progressive approaches to cyber security
Michael G. Gelles
Dr. Michael Gelles consults in security, intelligence, and law enforcement for Deloitte in Washington, D.C. and is a thought-leader on the security risks, asset exploitation, and workplace violence associated with insider threat. Dr. Gelles is a frequent lecturer and has written numerous articles and book chapters on organizational management, forensic psychology, law enforcement, terrorism, and counterintelligence.
Related to Insider Threat
Related ebooks
Keeping Religious Institutions Secure Rating: 0 out of 5 stars0 ratingsThe Manager's Handbook for Business Security Rating: 0 out of 5 stars0 ratingsInternational Security Programs Benchmark Report: Research Report Rating: 3 out of 5 stars3/5Security Leader Insights for Success: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsBuilding a Corporate Culture of Security: Strategies for Strengthening Organizational Resiliency Rating: 0 out of 5 stars0 ratingsSecurity Leader Insights for Business Continuity: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsFISMA and the Risk Management Framework: The New Practice of Federal Cyber Security Rating: 0 out of 5 stars0 ratingsBuilding an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats Rating: 0 out of 5 stars0 ratingsMeasures and Metrics in Corporate Security Rating: 0 out of 5 stars0 ratingsMeasuring and Communicating Security's Value: A Compendium of Metrics for Enterprise Protection Rating: 0 out of 5 stars0 ratingsEffective Physical Security Rating: 3 out of 5 stars3/5Security Metrics Management: Measuring the Effectiveness and Efficiency of a Security Program Rating: 0 out of 5 stars0 ratingsThe Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program Rating: 0 out of 5 stars0 ratingsPersonal Safety and Security Playbook: Risk Mitigation Guidance for Individuals, Families, Organizations, and Communities Rating: 0 out of 5 stars0 ratingsSecurity Operations Management Rating: 0 out of 5 stars0 ratingsWorkplace Violence: Planning for Prevention and Response Rating: 0 out of 5 stars0 ratingsInformation Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data Rating: 5 out of 5 stars5/5Nine Practices of the Successful Security Leader: Research Report Rating: 0 out of 5 stars0 ratingsBecoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders Rating: 5 out of 5 stars5/5The Insider Threat: Combatting the Enemy Within Rating: 0 out of 5 stars0 ratingsComputer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5How to Define and Build an Effective Cyber Threat Intelligence Capability Rating: 4 out of 5 stars4/5Building a Practical Information Security Program Rating: 5 out of 5 stars5/5Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents Rating: 0 out of 5 stars0 ratingsEffective Security Management Rating: 0 out of 5 stars0 ratingsSecurity Leader Insights for Risk Management: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsSecurity Leader Insights for Effective Management: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsInformation Protection Playbook Rating: 0 out of 5 stars0 ratingsIN-SITE: Keys to an Effective Site Safety and Security Program Rating: 0 out of 5 stars0 ratings
Crime & Violence For You
The Violent Abuse of Women: In 17th and 18th Century Britain Rating: 4 out of 5 stars4/5Manson: The Life and Times of Charles Manson Rating: 4 out of 5 stars4/5Ordinary Men: Reserve Police Battalion 101 and the Final Solution in Poland Rating: 4 out of 5 stars4/5Summary of The 33 Strategies of War: by Robert Greene - A Comprehensive Summary Rating: 0 out of 5 stars0 ratings400 Things Cops Know: Street-Smart Lessons from a Veteran Patrolman Rating: 4 out of 5 stars4/5Batman and Psychology: A Dark and Stormy Knight (2nd Edition) Rating: 0 out of 5 stars0 ratingsDeath Row, Texas: Inside the Execution Chamber Rating: 4 out of 5 stars4/5Lost Girls: The Unsolved American Mystery of the Gilgo Beach Serial Killer Murders Rating: 4 out of 5 stars4/5Dreamland: The True Tale of America's Opiate Epidemic Rating: 4 out of 5 stars4/5And The Mountains Echoed Rating: 2 out of 5 stars2/5The Man from the Train: The Solving of a Century-Old Serial Killer Mystery Rating: 4 out of 5 stars4/5Gavin de Becker’s The Gift of Fear Survival Signals That Protect Us From Violence | Summary Rating: 4 out of 5 stars4/5Savage Appetites: Four True Stories of Women, Crime, and Obsession Rating: 4 out of 5 stars4/5Meditations on Violence: A Comparison of Martial Arts Training and Real World Violence Rating: 5 out of 5 stars5/5Slenderman: Online Obsession, Mental Illness, and the Violent Crime of Two Midwestern Girls Rating: 4 out of 5 stars4/5No Visible Bruises: What We Don’t Know About Domestic Violence Can Kill Us Rating: 5 out of 5 stars5/5On Killing: The Psychological Cost of Learning to Kill in War and Society Rating: 4 out of 5 stars4/5Worse Than Slavery Rating: 4 out of 5 stars4/5Whoever Fights Monsters: My Twenty Years Tracking Serial Killers for the FBI Rating: 4 out of 5 stars4/5The Devil You Know: Encounters in Forensic Psychiatry Rating: 4 out of 5 stars4/5House of Secrets Rating: 4 out of 5 stars4/5Homicide: A Year on the Killing Streets Rating: 4 out of 5 stars4/5Out of the Mouths of Serial Killers Rating: 4 out of 5 stars4/5H. H. Holmes: The True History of the White City Devil Rating: 4 out of 5 stars4/5The Least of Us: True Tales of America and Hope in the Time of Fentanyl and Meth Rating: 4 out of 5 stars4/5The Trial of Lizzie Borden Rating: 4 out of 5 stars4/5No Stone Unturned: The True Story of the World's Premier Forensic Investigators Rating: 4 out of 5 stars4/5Evidence of Love: A True Story of Passion and Death in the Suburbs Rating: 4 out of 5 stars4/5Sleep, My Child, Forever: The Riveting True Story of a Mother Who Murdered Her Own Children Rating: 4 out of 5 stars4/5
Reviews for Insider Threat
1 rating0 reviews
Book preview
Insider Threat - Michael G. Gelles
reputation.
Chapter 1
Introduction – Insider Threat Today
Abstract
Insider threats are a critical risk to organizations. Leaders need to be familiar with these threats and how they can impact their business, including asset loss and a negative impact on brand and reputation.
Keywords
insider threat; virtual; non-virtual; exfiltration
Introduction
The insider threat is not a new phenomenon. Examples of trusted insiders exploiting, sabotaging, and committing acts of violence against those to whom they were outwardly committed are pervasive throughout human history. Recently, the topic of insider threat has received heightened attention as a result of high-profile incidents: Edward Snowden, the leaker of confidential NSA information; Aaron Alexis, the Navy Yard shooter; and many others. These incidents have reminded leaders that threats to their organizations’ most precious assets—physical and information security, financial standing, and mission—may come from within. This phenomenon deserves the attention of leadership in all industries so that organizations are equipped to effectively prevent, detect, and respond to emerging threats.
As many organizations are learning, insider threats can have a significant impact on an organization’s reputation, operations, finances, employee safety, and shareholder confidence. In Government, insider threats can affect national security, public trust, and public safety. The challenge of doing business today is protecting assets in a global and virtual environment with a workforce that is increasingly tech-savvy and ubiquitously connected to information and technology. Although the United States Federal Government has rolled out policies to achieve an enterprise-wide standard for insider threat mitigation capabilities, the private sector has no such mandates or benchmarks.¹ It is, therefore, difficult for private organizations to assess where they stand relative to peers and to make decisions regarding their insider threat mitigation capabilities.
Looking Ahead
Financial volatility and interconnected business have amplified risks to both the private and public sector in today’s changing global environment. A new set of organizational competencies is needed to mitigate insider threats as localized or compartmentalized business relationships have given way to distributed, virtual ones. This shift has forced leaders to manage evolving, networked organizations that need to prevent, detect, and recover from a diverse and growing set of threats in the workplace. If organizations successfully address these risks and prioritize insider threat mitigation as an organizational priority that is viewed as shared responsibility, they will likely adapt a balanced and integrated approach to protecting the organization’s critical assets: its people, facilities, systems, and data.
Although it may not be realistic to expect that every attempted insider attack will be stopped before damage is inflicted, it is realistic to build resiliency into an organization’s infrastructure and develop an early detection capability, thereby minimizing impact. This book takes a risk-based approach to insider threat mitigation that focuses on protecting the organization’s critical assets and defining the collective risk tolerance for assets.
This Book
A team of insider threat experts helped to develop this book to assist organizational stakeholders at all levels prepare for and protect their organizations from insider threat. Each chapter addresses different aspects needed to develop a holistic and risk-based insider threat program. This book also provides general information about insider threat mitigation to interested parties in the public, private, and academic sectors. Working with organizations across a broad spectrum of industries to develop holistic insider threat mitigation solutions has allowed the authors to share hands-on knowledge of what is needed to create mature programs. We advocate a holistic approach to insider threat that is two-pronged: engage all programmatic aspects of the organization and address all facets of individuals’ interactions with the organization. This book shares what the authors have learned designing, building, and implementing insider threat programs, including the themes and challenges that organizations commonly experience yet rarely disclose in public forums.
This book covers all aspects of an insider threat program and explores key considerations as well as leading practices. Chapters 1–3 survey how the environment has evolved to impact organizations’ vulnerabilities to insider threats. Chapters 4, 6, 7, and 13 outline the building blocks for an insider threat program, including, potential risk indicators, risk appetite, and the establishment of a formal program. Chapters 5 and 8–12 explore specific components of insider threat mitigation, including personnel management, data analytics, information security, technology, cybersecurity, supply chain risk, and employee engagement. Chapter 13 examines the last stage of the insider threat life cycle: what organizations should consider when deciding on how to respond to insider threat incidents. Chapters 10 and 14 discuss matters revolving around workplace violence and privacy—two especially sensitive issues that must be tackled throughout the design, build, and implementation of an insider threat program. Finally, Chapter 15 explores the future of the insider, and what organizations can do to put themselves ahead of the