Rating: 0 out of 5 stars
0 ratings
Ebook469 pages131 hours
Insider Threat: Prevention, Detection, Mitigation, and Deterrence
Rating: 5 out of 5 stars
5/5
()
About this ebook
Insider Threat: Detection, Mitigation, Deterrence and Prevention presents a set of solutions to address the increase in cases of insider threat. This includes espionage, embezzlement, sabotage, fraud, intellectual property theft, and research and development theft from current or former employees. This book outlines a step-by-step path for developing an insider threat program within any organization, focusing on management and employee engagement, as well as ethical, legal, and privacy concerns. In addition, it includes tactics on how to collect, correlate, and visualize potential risk indicators into a seamless system for protecting an organization’s critical assets from malicious, complacent, and ignorant insiders. Insider Threat presents robust mitigation strategies that will interrupt the forward motion of a potential insider who intends to do harm to a company or its employees, as well as an understanding of supply chain risk and cyber security, as they relate to insider threat.
- Offers an ideal resource for executives and managers who want the latest information available on protecting their organization’s assets from this growing threat
- Shows how departments across an entire organization can bring disparate, but related, information together to promote the early identification of insider threats
- Provides an in-depth explanation of mitigating supply chain risk
- Outlines progressive approaches to cyber security
Author
Michael G. Gelles
Dr. Michael Gelles consults in security, intelligence, and law enforcement for Deloitte in Washington, D.C. and is a thought-leader on the security risks, asset exploitation, and workplace violence associated with insider threat. Dr. Gelles is a frequent lecturer and has written numerous articles and book chapters on organizational management, forensic psychology, law enforcement, terrorism, and counterintelligence.
Related to Insider Threat
Related ebooks
Keeping Religious Institutions Secure The Manager's Handbook for Business Security Rating: 0 out of 5 stars0 ratingsInternational Security Programs Benchmark Report: Research Report Rating: 3 out of 5 stars3/5Security Leader Insights for Success: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsBuilding a Corporate Culture of Security: Strategies for Strengthening Organizational Resiliency Rating: 0 out of 5 stars0 ratingsSecurity Leader Insights for Business Continuity: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsFISMA and the Risk Management Framework: The New Practice of Federal Cyber Security Rating: 0 out of 5 stars0 ratingsBuilding an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats Rating: 0 out of 5 stars0 ratingsMeasures and Metrics in Corporate Security Rating: 0 out of 5 stars0 ratingsMeasuring and Communicating Security's Value: A Compendium of Metrics for Enterprise Protection Rating: 0 out of 5 stars0 ratingsEffective Physical Security Rating: 3 out of 5 stars3/5Security Metrics Management: Measuring the Effectiveness and Efficiency of a Security Program Rating: 0 out of 5 stars0 ratingsThe Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program Rating: 0 out of 5 stars0 ratingsPersonal Safety and Security Playbook: Risk Mitigation Guidance for Individuals, Families, Organizations, and Communities Rating: 0 out of 5 stars0 ratingsSecurity Operations Management Rating: 0 out of 5 stars0 ratingsWorkplace Violence: Planning for Prevention and Response Rating: 0 out of 5 stars0 ratingsInformation Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data Rating: 5 out of 5 stars5/5Nine Practices of the Successful Security Leader: Research Report Rating: 0 out of 5 stars0 ratingsBecoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders Rating: 5 out of 5 stars5/5The Insider Threat: Combatting the Enemy Within Rating: 0 out of 5 stars0 ratingsComputer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5How to Define and Build an Effective Cyber Threat Intelligence Capability Rating: 4 out of 5 stars4/5Building a Practical Information Security Program Rating: 5 out of 5 stars5/5Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents Rating: 0 out of 5 stars0 ratingsEffective Security Management Rating: 0 out of 5 stars0 ratingsSecurity Leader Insights for Risk Management: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsSecurity Leader Insights for Effective Management: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsInformation Protection Playbook Rating: 0 out of 5 stars0 ratingsIN-SITE: Keys to an Effective Site Safety and Security Program Rating: 0 out of 5 stars0 ratings
Crime & Violence For You
The Violent Abuse of Women: In 17th and 18th Century Britain Rating: 4 out of 5 stars4/5Manson: The Life and Times of Charles Manson Rating: 4 out of 5 stars4/5Ordinary Men: Reserve Police Battalion 101 and the Final Solution in Poland Rating: 4 out of 5 stars4/5Summary of The 33 Strategies of War: by Robert Greene - A Comprehensive Summary Rating: 0 out of 5 stars0 ratings400 Things Cops Know: Street-Smart Lessons from a Veteran Patrolman Rating: 4 out of 5 stars4/5Batman and Psychology: A Dark and Stormy Knight (2nd Edition) Rating: 0 out of 5 stars0 ratingsDeath Row, Texas: Inside the Execution Chamber Rating: 4 out of 5 stars4/5Lost Girls: The Unsolved American Mystery of the Gilgo Beach Serial Killer Murders Rating: 4 out of 5 stars4/5Dreamland: The True Tale of America's Opiate Epidemic Rating: 4 out of 5 stars4/5And The Mountains Echoed Rating: 2 out of 5 stars2/5The Man from the Train: The Solving of a Century-Old Serial Killer Mystery Rating: 4 out of 5 stars4/5Gavin de Becker’s The Gift of Fear Survival Signals That Protect Us From Violence | Summary Rating: 4 out of 5 stars4/5Savage Appetites: Four True Stories of Women, Crime, and Obsession Rating: 4 out of 5 stars4/5Meditations on Violence: A Comparison of Martial Arts Training and Real World Violence Rating: 5 out of 5 stars5/5Slenderman: Online Obsession, Mental Illness, and the Violent Crime of Two Midwestern Girls Rating: 4 out of 5 stars4/5No Visible Bruises: What We Don’t Know About Domestic Violence Can Kill Us Rating: 5 out of 5 stars5/5On Killing: The Psychological Cost of Learning to Kill in War and Society Rating: 4 out of 5 stars4/5Worse Than Slavery Rating: 4 out of 5 stars4/5Whoever Fights Monsters: My Twenty Years Tracking Serial Killers for the FBI Rating: 4 out of 5 stars4/5The Devil You Know: Encounters in Forensic Psychiatry Rating: 4 out of 5 stars4/5House of Secrets Rating: 4 out of 5 stars4/5Homicide: A Year on the Killing Streets Rating: 4 out of 5 stars4/5Out of the Mouths of Serial Killers Rating: 4 out of 5 stars4/5H. H. Holmes: The True History of the White City Devil Rating: 4 out of 5 stars4/5The Least of Us: True Tales of America and Hope in the Time of Fentanyl and Meth Rating: 4 out of 5 stars4/5The Trial of Lizzie Borden Rating: 4 out of 5 stars4/5No Stone Unturned: The True Story of the World's Premier Forensic Investigators Rating: 4 out of 5 stars4/5Evidence of Love: A True Story of Passion and Death in the Suburbs Rating: 4 out of 5 stars4/5Sleep, My Child, Forever: The Riveting True Story of a Mother Who Murdered Her Own Children Rating: 4 out of 5 stars4/5
Related podcast episodes
Cybersecurity and Hacking with Kevin Mitnick 0% found this document usefulCyber Resiliency with Sounil Yu 0% found this document useful856 SPY BALLOONS, TRAIN DERAILMENT AND U.S POLITICS 0% found this document usefulBlending Awareness, Social Engineering, and Physical Penetration Testing -- A Conversation with Jayson E. Street 0% found this document usefulSocial Engineering works because we're human. 0% found this document usefulBig breaches (and how to avoid them): with Neil Daswani 0% found this document useful115 Intelligence for the OSINT Curious: 115 Intelligence for the OSINT Curious 0% found this document usefulNew Billbug campaign, Prestige ransomware, and multiple arrests of alleged cyber-crime gang members 0% found this document usefulHow To Succeed With Privacy By Design 0% found this document usefulCybersecurity Trends and Practices 0% found this document usefulPodcast: Women in terrorism and counterterrorism since 2001: For decades women have been involved in terrorism… 0% found this document usefulIs enhanced hardware security the answer to ransomware? [CyberWire-X] 100% found this document usefulOpen Source Intelligence (OSINT): The Data We Leak 0% found this document useful
Related articles
Cybersecurity: It Might Be The Small Stuff That Gets You NZBusiness and ManagementArticle
Cybersecurity: It Might Be The Small Stuff That Gets You
Jan 16, 2020
2 min readInside LAX's New Anti-Terrorism Intelligence Unit The AtlanticArticle
Inside LAX's New Anti-Terrorism Intelligence Unit
Jan 9, 2017
20 min read'Persistent Engagement': The Phrase Driving A More Assertive U.S. Spy Agency NPRArticle
'Persistent Engagement': The Phrase Driving A More Assertive U.S. Spy Agency
Aug 26, 2019
4 min readWriting the Rules of Cyberwar The AtlanticArticle
Writing the Rules of Cyberwar
Jun 28, 2017
9 min readRethinking Mental Health For Cops: When ‘Good Intentions’ Aren’t Enough The Christian Science MonitorArticle
Rethinking Mental Health For Cops: When ‘Good Intentions’ Aren’t Enough
May 29, 2019
After traumatic incidents, are police officers and firefighters receiving what mental health professionals consider the best short-term care?
5 min readHow Leaders Can Overcome Their Biases To Succeed In The Post-crisis World The European Business ReviewArticle
How Leaders Can Overcome Their Biases To Succeed In The Post-crisis World
May 31, 2020
5 min readBehavioural Insights at Work Rotman ManagementArticle
Behavioural Insights at Work
May 1, 2019
Why is it such a great time to be a cognitive scientist right now? More than ever, people are talking about how the brain works, and everyone wants to understand how to change behaviour. As a result, the inner workings of the brain are no longer the
5 min readAre You Prepared To Take The Risk? The European Business ReviewArticle
Are You Prepared To Take The Risk?
May 25, 2021
Risk is a fact of life for businesses of all kinds – large and small. If we’re lucky, we might see it coming, so that we have an opportunity to formulate a coping strategy. But how can managers and employees be best prepared to deal with the unexpect
9 min readOpinion: Hospital Mergers Or Acquisitions May Cause Short-term Patient Safety Issues STATArticle
Opinion: Hospital Mergers Or Acquisitions May Cause Short-term Patient Safety Issues
Jul 31, 2018
"Better patient care" is the reason usually given for hospital and health systems mergers. That doesn't always happen at the start.
4 min readOpinion: New Leaders Needed To Translate Discoveries Into Patient Care STATArticle
Opinion: New Leaders Needed To Translate Discoveries Into Patient Care
Oct 18, 2019
3 min readOpinion: DiMe: Calling All Who Serve In Digital Medicine STATArticle
Opinion: DiMe: Calling All Who Serve In Digital Medicine
Jun 5, 2019
As our dependence on connected technologies increases, it's time to bring together digital medicine practitioners to ensure that the technologies brought to market are worthy of the trust we place…
3 min readThe Rise of Risk-Mitigating Technologies Rotman ManagementArticle
The Rise of Risk-Mitigating Technologies
Jan 1, 2021
You have said the global pandemic is forcing firms to rethink their innovation strategies. Why is that? A major event like the pandemic changes consumers’ priorities, their preferences and their needs. As a result of COVID-19, people care a lot more
6 min readRaising The Ethical Bar Ethical Audits And Positive Culture Transformation The European Business ReviewArticle
Raising The Ethical Bar Ethical Audits And Positive Culture Transformation
Jan 25, 2021
10 min readUnderstanding People: Applying Behavioural Science To Business The European Business ReviewArticle
Understanding People: Applying Behavioural Science To Business
Aug 1, 2022
6 min readThe Need To Rethink Risk Governance The European Business ReviewArticle
The Need To Rethink Risk Governance
Jul 26, 2021
5 min readStaying Relevant Newsweek InternationalArticle
Staying Relevant
Dec 24, 2021
7 min readDesign Thinking: Mastering the Tensions Rotman ManagementArticle
Design Thinking: Mastering the Tensions
Jan 1, 2019
INNOVATION AND DESIGN have been part of my life for decades. As a former innovation manager in the packaged goods industry, I worked closely with creative people to design products, packaging, communications and services; and as a professor at the Ro
5 min readIntegrative Intelligence For A TRUST-BASED Worldview For Business The European Business ReviewArticle
Integrative Intelligence For A TRUST-BASED Worldview For Business
Sep 20, 2018
Trust forms the bedrock of any business and can be seen as the fundamental currency of all human activity. The nurturing of trust is key to risk management, innovativeness and economic progress. Businesses benefit from several types of intelligence,
7 min readMentally Healthy Workplaces The Art of HealingArticle
Mentally Healthy Workplaces
Mar 2, 2023
4 min readStaying Relevant NewsweekArticle
Staying Relevant
Dec 24, 2021
7 min readFor Your Money, Which is Better: The Algorithm or the Adviser? KiplingerArticle
For Your Money, Which is Better: The Algorithm or the Adviser?
May 29, 2018
We've seen a massive movement toward convenience and automation in nearly every industry. As consumers move toward the option of ordering products online from sites like Amazon, the retail world has seen a record-breaking number of brick-and-mortar
4 min readThe Growing Market for Self-Control Rotman ManagementArticle
The Growing Market for Self-Control
Sep 1, 2018
WE INVITE THE READER TO PAUSE FOR A MOMENT and think of instances in which you set out to accomplish a particular goal or task, but failed. We suspect that it would not be difficult for most people to identify more than one such instance. Indeed, our
7 min readWhy Leaders Need To Take A Risk-based Approach To Data Security NZBusiness and ManagementArticle
Why Leaders Need To Take A Risk-based Approach To Data Security
Jul 21, 2021
5 min readOpinion: Artificial Intelligence In Pharma, Health Care: At The Crossroads Of Hype And Reality STATArticle
Opinion: Artificial Intelligence In Pharma, Health Care: At The Crossroads Of Hype And Reality
Dec 6, 2018
Artificial intelligence is at the forefront of the minds of many pharmaceutical and health care executives. Is it hype, or the future?
4 min readDIGITAL CROWN JEWELS: How to Protect Your Data Assets Rotman ManagementArticle
DIGITAL CROWN JEWELS: How to Protect Your Data Assets
Sep 1, 2023
10 min readIntentional Money: Strategies For Sustainable Finance The European Business ReviewArticle
Intentional Money: Strategies For Sustainable Finance
Aug 1, 2022
4 min readA Framework For Risk Governance The European Business ReviewArticle
A Framework For Risk Governance
Oct 2, 2023
11 min readHow Can Organisations Manage Their Reputations In Response To Threats? The European Business ReviewArticle
How Can Organisations Manage Their Reputations In Response To Threats?
Apr 3, 2019
In the face of danger, every individual is designed to react almost subconsciously and when it counts, defend themselves. This stays true in the case of threatened organisations. In this article, the authors name three kinds of responses and their co
3 min readManaging Your Most Precious Resource: Organizational Attention Rotman ManagementArticle
Managing Your Most Precious Resource: Organizational Attention
May 1, 2020
11 min readThe Biases That Derail Open Innovation Initiatives The European Business ReviewArticle
The Biases That Derail Open Innovation Initiatives
Dec 2, 2022
Open innovation is often viewed as the panacea to all sorts of innovation challenges. And this is for good reason. Building on innovation partners' novel, diverse and complementary perspectives should help organisations to find breakthroughs in their
4 min read
Reviews for Insider Threat
Rating: 5 out of 5 stars
5/5
1 rating0 reviews
Book preview
Insider Threat - Michael G. Gelles
reputation.
Chapter 1
Introduction – Insider Threat Today
Abstract
Insider threats are a critical risk to organizations. Leaders need to be familiar with these threats and how they can impact their business, including asset loss and a negative impact on brand and reputation.
Keywords
insider threat; virtual; non-virtual; exfiltration
Introduction
The insider threat is not a new phenomenon. Examples of trusted insiders exploiting, sabotaging, and committing acts of violence against those to whom they were outwardly committed are pervasive throughout human history. Recently, the topic of insider threat has received heightened attention as a result of high-profile incidents: Edward Snowden, the leaker of confidential NSA information; Aaron Alexis, the Navy Yard shooter; and many others. These incidents have reminded leaders that threats to their organizations’ most precious assets—physical and information security, financial standing, and mission—may come from within. This phenomenon deserves the attention of leadership in all industries so that organizations are equipped to effectively prevent, detect, and respond to emerging threats.
As many organizations are learning, insider threats can have a significant impact on an organization’s reputation, operations, finances, employee safety, and shareholder confidence. In Government, insider threats can affect national security, public trust, and public safety. The challenge of doing business today is protecting assets in a global and virtual environment with a workforce that is increasingly tech-savvy and ubiquitously connected to information and technology. Although the United States Federal Government has rolled out policies to achieve an enterprise-wide standard for insider threat mitigation capabilities, the private sector has no such mandates or benchmarks.¹ It is, therefore, difficult for private organizations to assess where they stand relative to peers and to make decisions regarding their insider threat mitigation capabilities.
Looking Ahead
Financial volatility and interconnected business have amplified risks to both the private and public sector in today’s changing global environment. A new set of organizational competencies is needed to mitigate insider threats as localized or compartmentalized business relationships have given way to distributed, virtual ones. This shift has forced leaders to manage evolving, networked organizations that need to prevent, detect, and recover from a diverse and growing set of threats in the workplace. If organizations successfully address these risks and prioritize insider threat mitigation as an organizational priority that is viewed as shared responsibility, they will likely adapt a balanced and integrated approach to protecting the organization’s critical assets: its people, facilities, systems, and data.
Although it may not be realistic to expect that every attempted insider attack will be stopped before damage is inflicted, it is realistic to build resiliency into an organization’s infrastructure and develop an early detection capability, thereby minimizing impact. This book takes a risk-based approach to insider threat mitigation that focuses on protecting the organization’s critical assets and defining the collective risk tolerance for assets.
This Book
A team of insider threat experts helped to develop this book to assist organizational stakeholders at all levels prepare for and protect their organizations from insider threat. Each chapter addresses different aspects needed to develop a holistic and risk-based insider threat program. This book also provides general information about insider threat mitigation to interested parties in the public, private, and academic sectors. Working with organizations across a broad spectrum of industries to develop holistic insider threat mitigation solutions has allowed the authors to share hands-on knowledge of what is needed to create mature programs. We advocate a holistic approach to insider threat that is two-pronged: engage all programmatic aspects of the organization and address all facets of individuals’ interactions with the organization. This book shares what the authors have learned designing, building, and implementing insider threat programs, including the themes and challenges that organizations commonly experience yet rarely disclose in public forums.
This book covers all aspects of an insider threat program and explores key considerations as well as leading practices. Chapters 1–3 survey how the environment has evolved to impact organizations’ vulnerabilities to insider threats. Chapters 4, 6, 7, and 13 outline the building blocks for an insider threat program, including, potential risk indicators, risk appetite, and the establishment of a formal program. Chapters 5 and 8–12 explore specific components of insider threat mitigation, including personnel management, data analytics, information security, technology, cybersecurity, supply chain risk, and employee engagement. Chapter 13 examines the last stage of the insider threat life cycle: what organizations should consider when deciding on how to respond to insider threat incidents. Chapters 10 and 14 discuss matters revolving around workplace violence and privacy—two especially sensitive issues that must be tackled throughout the design, build, and implementation of an insider threat program. Finally, Chapter 15 explores the future of the insider, and what organizations can do to put themselves ahead of the
Enjoying the preview?
Page 1 of 1