The Insider Threat

The Insider Threat: Combatting the Enemy Within

CLIVE BLACKWELL
Copyright Date: 2009
Published by: IT Governance Publishing
Pages: 64
https://www.jstor.org/stable/j.ctt5hh7t8
  • Cite this Item
  • Book Info
    The Insider Threat
    Book Description:

    How exposed is your company to the risk of a malicious attack by a discontented or psychologically unbalanced employee? What precautions have you taken to ensure that your IT systems cannot be manipulated for purposes of insider fraud? What steps do you need to take to prevent your IT systems from falling prey to organized crime through someone who has been planted within your firm or someone who is being threatened or bribed? Product designs and customer lists are not only useful information to you. They are also valuable information for your competitors. Employees who move to another company, or decide to set up in business on their own, may attempt to take some of this information with them. How will you stop this from happening? In this book, Clive Blackwell gets you up to speed on the key security problems that businesses are now facing as a result of the insider threat.

    eISBN: 978-1-84928-011-2
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 2-4)
  2. ABOUT THE AUTHOR
    (pp. 5-5)
  3. PREFACE
    (pp. 6-6)
  4. ACKNOWLEDGEMENTS
    (pp. 6-6)
  5. Table of Contents
    (pp. 7-7)
  6. CHAPTER 1: MODELLING THE INSIDER THREAT
    (pp. 8-26)

    Insiders, by definition, have some level of access to organisational resources that can be misused for their own purposes. The proportion of attacks originating from insiders is debatable, but it is clearly significant. We believe that insiders can often cause great damage to an organisation because of their privileged access, knowledge of weaknesses and the location of valuable targets. The2008 CSI Computer Crime and Security Surveyand the2008 Information Security Breaches Surveyhave somewhat different views on the importance of the insider threat.

    Most attention has historically been given to external threats, as they are more visible and...

  7. CHAPTER 2: INSIDER ATTACKS
    (pp. 27-61)

    We classify attacks into their ultimate effects on the organisation of damage, fraud and theft to satisfy the goals of the attacker. This follows the classification used in the CERTCommon Sense Guide to Prevention and Detection of Insider Threats,which is recommended as further reading. We also mention attacks motivated by curiosity, or enjoyment, without clearly defined goals that may inadvertently cause problems. The attacks have these undesirable impacts indirectly by breaching the fundamental security services of confidentiality, integrity and availability usually at lower layers. These problems may also be caused by accidental failure, or external attack, which are...

  8. APPENDIX: FURTHER READING
    (pp. 62-62)
  9. ITG RESOURCES
    (pp. 63-64)