Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Insider Threat", Eric Cole/Sandra Ring

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKINSTHR.RVW 20060615 Insider Threat , Eric Cole/Sandra Ring, 2006, 1-59749-048-2, U$34.95/C$48.95 %A Eric Cole %A Sandra Ring %C 800 Hingham Street,
    Message 1 of 1 , Jul 10, 2006
      BKINSTHR.RVW 20060615

      "Insider Threat", Eric Cole/Sandra Ring, 2006, 1-59749-048-2,
      %A Eric Cole
      %A Sandra Ring
      %C 800 Hingham Street, Rockland, MA 02370
      %D 2006
      %G 1-59749-048-2
      %I Syngress Media, Inc.
      %O U$34.95/C$48.95 781-681-5151 fax: 781-681-3585 www.syngress.com
      %O http://www.amazon.com/exec/obidos/ASIN/1597490482/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1597490482/robsladesin03-20
      %O Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 397 p.
      %T "Insider Threat"

      Abuse of your systems by insiders, those who have intimate knowledge
      of an enterprise and its protective controls because they are either
      employees or close partners, has always been a great security risk.
      In most cases these people are aware of the existing safeguards, and
      usually some means to get around them: in a large number of situations
      inside people actually operate and manage security countermeasures and
      auditing functions. Protecting yourself against insider attack is

      (However, while we all know about insider attacks, insider abuse, and
      that these are major problems, the term "insider threat" may be
      incorrect, and the phrase itself an obstacle. In viewing employees,
      staff, contractors, and partners as threats, instead of assets, we are
      making a serious mistake in our definitions, and one that can have
      serious negative consequences for the overall security of the

      Part one examines insider threat basics. Chapter one points out that
      insiders are threats. Various technologies for carrying or hiding
      information are described in chapter two (although the text does admit
      that one possibility for info release is the fact your employees
      simply leave the building every night with everything they know).

      Part two looks at government. Chapter three, about state and local
      authorities, notes the type of functions that are managed at this
      level, and the damage that can be done if this information is misused.
      The material seems to be bundled together in a random fashion. There
      are a number of "case studies," which are really just stories of
      situations where an insider has abused his or her position. Much the
      same is done with the federal government in chapter four.

      Part three turns to corporations. Chapter five starts off with an
      extremely odd statement, seeming to imply that nobody was much aware
      of the insider threat until a 1998 study. (However, this may signal
      one of the major problems with the book: the term "insider threat" was
      first used in a classified paper in 1997.) It has a brief, but
      useful, examination of various types of damage that an insider can do
      in a commercial enterprise (sabotage, theft of intellectual property,
      theft of customer data, damage to reputation, and direct financial
      fraud), and then we are back to the stories again. More case studies
      are given regarding the banking and financial sector, in chapter six,
      and government subcontractors, in seven.

      Part four is entitled "Analysis," but there isn't all that much.
      Chapter eight looks at profiles, despite the fact that the second last
      case study (in chapter seven) noted that the insider was so successful
      because he didn't fit the commonly perceived profile. The basic
      profile provided may be helpful in distinguishing low-end threats who
      may deserve further examination: the "high-end" profile identifies
      most senior managers. The responses suggested in chapter nine are
      primarily basic protections (and mostly suitable for defending against
      outside threats); some of the additional measures are only effective
      if you already have a suspect. Most of the content in chapter ten
      relates to fundamental risk analysis.

      The risks posed by insider knowledge are important. Unfortunately,
      other than providing a fund of illustrative stories, this book does
      not provide much material that would be of assistance to those
      concerned with protection. And, as noted previously, the title, and
      the general tone of paranoia pervading the work, are risks in

      copyright Robert M. Slade, 2006 BKINSTHR.RVW 20060615

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      When we write programs that learn, it turns out that we do and
      they don't. - Alan J. Perlis
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
    Your message has been successfully submitted and would be delivered to recipients shortly.