Insider Threat
eBook - ePub

Insider Threat

Prevention, Detection, Mitigation, and Deterrence

Michael G. Gelles

  1. 252 pagine
  2. English
  3. ePUB (disponibile sull'app)
  4. Disponibile su iOS e Android
eBook - ePub

Insider Threat

Prevention, Detection, Mitigation, and Deterrence

Michael G. Gelles

Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni

Informazioni sul libro

Insider Threat: Detection, Mitigation, Deterrence and Prevention presents a set of solutions to address the increase in cases of insider threat. This includes espionage, embezzlement, sabotage, fraud, intellectual property theft, and research and development theft from current or former employees. This book outlines a step-by-step path for developing an insider threat program within any organization, focusing on management and employee engagement, as well as ethical, legal, and privacy concerns. In addition, it includes tactics on how to collect, correlate, and visualize potential risk indicators into a seamless system for protecting an organization's critical assets from malicious, complacent, and ignorant insiders. Insider Threat presents robust mitigation strategies that will interrupt the forward motion of a potential insider who intends to do harm to a company or its employees, as well as an understanding of supply chain risk and cyber security, as they relate to insider threat.

  • Offers an ideal resource for executives and managers who want the latest information available on protecting their organization's assets from this growing threat
  • Shows how departments across an entire organization can bring disparate, but related, information together to promote the early identification of insider threats
  • Provides an in-depth explanation of mitigating supply chain risk
  • Outlines progressive approaches to cyber security

Domande frequenti

Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Insider Threat è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Insider Threat di Michael G. Gelles in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Business e Information Management. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.

Informazioni

Editore
Butterworth-Heinemann
Anno
2016
ISBN
9780128026229
Argomento
Business
Categoria
Information Management
Chapter 1

Introduction – Insider Threat Today

Abstract

Insider threats are a critical risk to organizations. Leaders need to be familiar with these threats and how they can impact their business, including asset loss and a negative impact on brand and reputation.

Keywords

insider threat; virtual; non-virtual; exfiltration

Introduction

The insider threat is not a new phenomenon. Examples of trusted insiders exploiting, sabotaging, and committing acts of violence against those to whom they were outwardly committed are pervasive throughout human history. Recently, the topic of insider threat has received heightened attention as a result of high-profile incidents: Edward Snowden, the leaker of confidential NSA information; Aaron Alexis, the Navy Yard shooter; and many others. These incidents have reminded leaders that threats to their organizations’ most precious assets—physical and information security, financial standing, and mission—may come from within. This phenomenon deserves the attention of leadership in all industries so that organizations are equipped to effectively prevent, detect, and respond to emerging threats.
As many organizations are learning, insider threats can have a significant impact on an organization’s reputation, operations, finances, employee safety, and shareholder confidence. In Government, insider threats can affect national security, public trust, and public safety. The challenge of doing business today is protecting assets in a global and virtual environment with a workforce that is increasingly tech-savvy and ubiquitously connected to information and technology. Although the United States Federal Government has rolled out policies to achieve an enterprise-wide standard for insider threat mitigation capabilities, the private sector has no such mandates or benchmarks.1 It is, therefore, difficult for private organizations to assess where they stand relative to peers and to make decisions regarding their insider threat mitigation capabilities.

Looking Ahead

Financial volatility and interconnected business have amplified risks to both the private and public sector in today’s changing global environment. A new set of organizational competencies is needed to mitigate insider threats as localized or compartmentalized business relationships have given way to distributed, virtual ones. This shift has forced leaders to manage evolving, networked organizations that need to prevent, detect, and recover from a diverse and growing set of threats in the workplace. If organizations successfully address these risks and prioritize insider threat mitigation as an organizational priority that is viewed as shared responsibility, they will likely adapt a balanced and integrated approach to protecting the organization’s critical assets: its people, facilities, systems, and data.
Although it may not be realistic to expect that every attempted insider attack will be stopped before damage is inflicted, it is realistic to build resiliency into an organization’s infrastructure and develop an early detection capability, thereby minimizing impact. This book takes a risk-based approach to insider threat mitigation that focuses on protecting the organization’s critical assets and defining the collective risk tolerance for assets.

This Book

A team of insider threat experts helped to develop this book to assist organizational stakeholders at all levels prepare for and protect their organizations from insider threat. Each chapter addresses different aspects needed to develop a holistic and risk-based insider threat program. This book also provides general information about insider threat mitigation to interested parties in the public, private, and academic sectors. Working with organizations across a broad spectrum of industries to develop holistic insider threat mitigation solutions has allowed the authors to share hands-on knowledge of what is needed to create mature programs. We advocate a holistic approach to insider threat that is two-pronged: engage all programmatic aspects of the organization and address all facets of individuals’ interactions with the organization. This book shares what the authors have learned designing, building, and implementing insider threat programs, including the themes and challenges that organizations commonly experience yet rarely disclose in public forums.
This book covers all aspects of an insider threat program and explores key considerations as well as leading practices. Chapters 13 survey how the environment has evolved to impact organizations’ vulnerabilities to insider threats. Chapters 4, 6, 7, and 13 outline the building blocks for an insider threat program, including, potential risk indicators, risk appetite, and the establishment of a formal program. Chapters 5 and 812 explore specific components of insider threat mitigation, including personnel management, data analytics, information security, technology, cybersecurity, supply chain risk, and employee engagement. Chapter 13 examines the last stage of the insider threat life cycle: what organizations should consider when deciding on how to respond to insider threat incidents. Chapters 10 and 14 discuss matters revolving around workplace violence and privacy—two especially sensitive issues that must be tackled throughout the design, build, and implementation of an insider threat program. Finally, Chapter 15 explores the future of the insider, and what organizations can do to put themselves ahead of the curve.

What is Insider Threat?

Insider attacks take many forms, such as industrial or government-sponsoredespionage, workplace violence, fraud, sabotage, or the unauthorized dissemination of trade secrets, intellectual property (IP), or classified information. Organizations face a variety of insider threat challenges—risks posed by employees, contractors, vendors, and business partners who may cause harm.
As a result, the insider threat is often understood differently across disciplines. For example, chief information security officers may view insider threat exclusively through the lens of an employee’s activity on an information system. A chief security officer may view insider threat through the lens of suspicious behavior as an employee interfaces with an organization’s facilities or tangible assets. These fragmented conceptions of what constitutes an insider threat do not account for the holistic and multifaceted nature of how individuals interact with the organizations they work for, or partner with.
For the purposes of this book, insider threat is defined from a holistic and programmatic perspective to encompass the entire enterprise (Figure 1.1). An insider is a person who possesses some combination of knowledge and access that distinguishes his or her relationship with the organization from those of outsiders. An insider can be an employee, contractor, vendor, or, in some cases, a family member of a trusted employee. The insider threat is the potential for an insider to harm an organization by leveraging his or her privileged level of knowledge and/or access. An insider threat is not necessarily driven by malevolent intent: it may also constitute an individual who is complacent or ignorant about security policies and procedures. A lack of training, for example, can goad ignorance or complacency. These dispositions can provide opportunities for others—both insiders and outsiders—to breach physical or virtual security countermeasures. Throughout this book, insider threat drivers will include (1) malicious, (2) complacent, and (3) ignorant.
image

Figure 1.1 Insider Threat can be Defined Broadly as Organizations will Prioritize Risk in Different Ways Based on Mission and Strategic Objectives.
Organizations often prioritize external threats over insider threats. Attacks by parties with insider knowledge and access are less frequent than attacks by external actors. As a result, organizations often invest less in developing an insider threat mitigation program as part of a risk management strategy. It is important, however, for organizations to understand that insiders can assist an external attacker, sometimes unintentionally. For example, an employee or contractor, either ignorant of or complacent toward organizational policy or security threats, may unwittingly download malware onto the network, giving attackers access to IP, personally identifiable information, or sensitive data, such as, customer credit card information.

What Motivates an Insider to Act?

Insider threats exist within every organization because employees, or insiders, comprise the core of an organization’s operational plan and are the key drivers of its business objectives. An insider threat may be an employee who, purely by mistake, is likely to act in a way that results in negative consequences for the organization. Such employees may also conduct themselves in a high-risk manner because their organization lacks defined policies, training, or communication. Unlike ignorant or complacent insiders, malicious insiders act in response to a complex set of problems, conflicts, and disputes, or crises both personal and professional in nature.
Malicious insiders may be motivated by money, revenge, validation, or empowerment. They may possess an exaggerated sense of entitlement. Some may operate as spies for a foreign government or steal critical IP for a competitive entity. Attacks by malicious insiders are seldom impulsive acts. A number of case studies have confirmed this by evaluating the precursors or indicators displayed by the insider before taking action (e.g., declining performance, undue access attempts, negative workplace interactions). Employees wishing to harm a current or former employer, business partner, or client—whether by stealing trade secrets, sabotaging information systems, or by opening fire on colleagues—usually plan their actions. Because this behavioral pattern is subtle, it is often difficult to detect and prevent an insider threat simply by observing an insider’s behavior. This book will examine how to proactively mitigate threats by developing, correlating, and analyzing a set of potential risk indicators (PRIs) as part of the insider threat mitigation program.

Environmental Drivers

A number of environmental factors contribute to the potential for increased exploitation of information, access, and data by a trusted employee. The first is the increased use of technology and digital information systems, due in part to a generational workforce that has grown up with the internet, personal computers, and other data and communication devices. These tools are part of the daily lives of this generation’s members and critical to the way they process information and solve problems. The Internet has also promulgated the expectation of free access to information resources. Combined, these factors lead people to seek solutions that may involve the exploitation of data and critical information, or excessive risk when using organizational resources or handling proprietary information.

“Bricks and Mortar” to “Bits and Bytes”

As technology continues to evolve and many of our daily activities are performed ...

Indice dei contenuti

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. About Deloitte
  6. About the Author
  7. Foreword
  8. Acknowledgments
  9. Chapter 1. Introduction – Insider Threat Today
  10. Chapter 2. Common Challenges to Maturing an Insider Threat Program
  11. Chapter 3. From Bricks and Mortar to Bits and Bytes
  12. Chapter 4. Identifying Functional Ownership
  13. Chapter 5. Identifying Critical Indicators in Organizational Data
  14. Chapter 6. Establishing an Organizational Risk Appetite
  15. Chapter 7. Risk Management Using Data Analytics
  16. Chapter 8. Information Security and Technology Integration
  17. Chapter 9. Robust Cyber Risk Management
  18. Chapter 10. Threats Posed by Third-Party Insiders: Considerations for a Vendor Vetting Program
  19. Chapter 11. Employee Engagement: Critical to Mitigating the Risk of Insider Threat
  20. Chapter 12. Workplace Violence and Insider Threat
  21. Chapter 13. Monitoring and Investigating
  22. Chapter 14. Privacy Considerations for Insider Threat Mitigation Programs
  23. Chapter 15. What the Future Holds
  24. Appendices
  25. Index
Stili delle citazioni per Insider Threat

APA 6 Citation

Gelles, M. (2016). Insider Threat ([edition unavailable]). Elsevier Science. Retrieved from https://www.perlego.com/book/1830940/insider-threat-prevention-detection-mitigation-and-deterrence-pdf (Original work published 2016)

Chicago Citation

Gelles, Michael. (2016) 2016. Insider Threat. [Edition unavailable]. Elsevier Science. https://www.perlego.com/book/1830940/insider-threat-prevention-detection-mitigation-and-deterrence-pdf.

Harvard Citation

Gelles, M. (2016) Insider Threat. [edition unavailable]. Elsevier Science. Available at: https://www.perlego.com/book/1830940/insider-threat-prevention-detection-mitigation-and-deterrence-pdf (Accessed: 15 October 2022).

MLA 7 Citation

Gelles, Michael. Insider Threat. [edition unavailable]. Elsevier Science, 2016. Web. 15 Oct. 2022.