September 15, 2006

Fighting Insider Threats: Employees, Contractors, etc

Keeping a watchful eye on your network agains intruders that you don't know is a full time job. What's even harder and more difficult is protecting your network from those who work for you or that you would hope you can trust. Of course you must have some level of trust or you'll go crazy, but there are some things you can do to better protect yourself.

Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures (Syngress Publishing, September 2006) by Brian Contos is the definitive book for CIOs, CSOs, and CEOs looking to battle the rising tide of security threats posed by their own trusted employees, consultants,
and partners.

The press release continues that "Enemy at the Water Cooler" covers over a decade of the author's work with some of the largest commercial and government agencies around the world in addressing cyber security related to malicious insiders. It explores organized crime, terrorist threats, hackers, and activist groups. It then addresses the steps that organizations must take to address insider threats at a people, process, and technology level.

Contos' book provides a new perspective to the growing concern over
insider threats. Insider threats warrant being among the top concerns of
IT professionals and businesses alike, but to date, there have been no
other books that talk about the threat to businesses from insiders who
know how to attack the critical components of modern business, the
computers, applications, and networks that make it all work.

"Insider threats are among the top concerns of IT professionals and
businesses alike," said Amit Yoran, Information Security Expert and former
National Cyber Security Director at the Department of Homeland Security.
"The cyber crime overview, explanations of Enterprise Security Management
countermeasures, and the wealth of real-life case studies contained in
Contos' book explore this difficult problem with honest lessons learned,
and it also describes some of the best practices derived from
organizations around the world."

"Never before has so much of our sensitive information been so easily
accessible to so many. Our personal and financial information resides on
systems and networks we don't control. Our employers, government
organizations, and others house sensitive information that can be
exploited," said Contos. "As IT professionals, we have to remember that
the larger an organization gets, the more it should be concerned with
insider threats. Not taking steps to address insiders can ultimately yield
regulatory fines, legal fees, litigation penalties associated with class
actions, public relations fees, a decrease in shareholder faith, expenses
related to placating customers, and ultimately lost revenue."

0 comments