"Insider Threat", Eric Cole/Sandra Ring, 2006, 1-59749-048-2,
%A Eric Cole
%A Sandra Ring
%C 800 Hingham Street, Rockland, MA 02370
%I Syngress Media, Inc.
%O U$34.95/C$48.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 397 p.
%T "Insider Threat"
Abuse of your systems by insiders, those who have intimate knowledge
of an enterprise and its protective controls because they are either
employees or close partners, has always been a great security risk.
In most cases these people are aware of the existing safeguards, and
usually some means to get around them: in a large number of situations
inside people actually operate and manage security countermeasures and
auditing functions. Protecting yourself against insider attack is
(However, while we all know about insider attacks, insider abuse, and
that these are major problems, the term "insider threat" may be
incorrect, and the phrase itself an obstacle. In viewing employees,
staff, contractors, and partners as threats, instead of assets, we are
making a serious mistake in our definitions, and one that can have
serious negative consequences for the overall security of the
Part one examines insider threat basics. Chapter one points out that
insiders are threats. Various technologies for carrying or hiding
information are described in chapter two (although the text does admit
that one possibility for info release is the fact your employees
simply leave the building every night with everything they know).
Part two looks at government. Chapter three, about state and local
authorities, notes the type of functions that are managed at this
level, and the damage that can be done if this information is misused.
The material seems to be bundled together in a random fashion. There
are a number of "case studies," which are really just stories of
situations where an insider has abused his or her position. Much the
same is done with the federal government in chapter four.
Part three turns to corporations. Chapter five starts off with an
extremely odd statement, seeming to imply that nobody was much aware
of the insider threat until a 1998 study. (However, this may signal
one of the major problems with the book: the term "insider threat" was
first used in a classified paper in 1997.) It has a brief, but
useful, examination of various types of damage that an insider can do
in a commercial enterprise (sabotage, theft of intellectual property,
theft of customer data, damage to reputation, and direct financial
fraud), and then we are back to the stories again. More case studies
are given regarding the banking and financial sector, in chapter six,
and government subcontractors, in seven.
Part four is entitled "Analysis," but there isn't all that much.
Chapter eight looks at profiles, despite the fact that the second last
case study (in chapter seven) noted that the insider was so successful
because he didn't fit the commonly perceived profile. The basic
profile provided may be helpful in distinguishing low-end threats who
may deserve further examination: the "high-end" profile identifies
most senior managers. The responses suggested in chapter nine are
primarily basic protections (and mostly suitable for defending against
outside threats); some of the additional measures are only effective
if you already have a suspect. Most of the content in chapter ten
relates to fundamental risk analysis.
The risks posed by insider knowledge are important. Unfortunately,
other than providing a fund of illustrative stories, this book does
not provide much material that would be of assistance to those
concerned with protection. And, as noted previously, the title, and
the general tone of paranoia pervading the work, are risks in
copyright Robert M. Slade, 2006 BKINSTHR.RVW 20060615
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
When we write programs that learn, it turns out that we do and
they don't. - Alan J. Perlis
Dictionary of Information Security www.syngress.com/catalog/?pid=4150