Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft

Free Download

Authors:

Edition: 1

ISBN: 9781597490481, 1597490482, 1928994989, 1931836116, 1931836418

Size: 7 MB (7038423 bytes)

Pages: 425/425

File format:

Language:

Publishing Year:

Category:

Eric Cole, Sandra Ring9781597490481, 1597490482, 1928994989, 1931836116, 1931836418

Within this text is information to teach IT professionals and law enforcement officials about the dangers posed by insiders to a company’s IT infrastructure and how to mitigate these risks by designing and implementing secure IT systems as well as security and human resource policies.

Table of contents :
Cover……Page 1
Acknowledgments……Page 6
Coauthor……Page 8
Contents……Page 10
Part I Insider Threat Basics……Page 28
What Is There to Worry About?……Page 30
The Devil Inside……Page 31
The Importance of Insider Threat……Page 32
Why the Insider Threat Has Been Ignored……Page 44
Why the Insider Threat Is Worse Than the External Threat……Page 46
The Effect of Insider Threats on a Company……Page 48
How Bad Is It— Statistics on What Is Happening……Page 50
Targets of Attack……Page 62
The Threat Is Real……Page 64
New World Order……Page 69
Future Trends……Page 70
Summary……Page 75
Behind the Crime……Page 76
Introduction……Page 77
Overview of Technologies……Page 85
Information Extraction……Page 86
Hidden Files……Page 87
Network Leakage……Page 104
Cryptography……Page 111
Steganography……Page 115
Malicious Acts……Page 118
The Human……Page 119
Summary……Page 123
Part II Government……Page 128
State and Local Government Insiders……Page 130
Introduction……Page 131
Threats You May Face……Page 132
Incidents……Page 140
Case Study: Using Insider Access to Sell Private Information……Page 145
Case Studies: Theft of Electronic Benefits……Page 148
Case Study: Lottery Fraud……Page 152
Case Study: Clerk Steals More Than $4.9M from Estates……Page 155
Prosecution Statistics……Page 163
Summary……Page 170
Endnotes……Page 171
Federal Government……Page 172
Introduction……Page 174
Threats……Page 175
Case Study: IRS Employee Appeals Conviction of Wire Fraud……Page 178
Case Study: FBI Employee Discloses Sensitive Files to Family and Friends……Page 182
Case Study: FBI Employee Accesses Computer System without Authorization……Page 184
Case Study: Department of Energy Employee Provides Price List to Competition……Page 185
Case Study: Time Fraud in the Patent and Trademark Office……Page 187
Case Study: Time Fraud in the Department of Commerce……Page 188
Case Study: Time Fraud in the Defense Intelligence Agency……Page 190
Case Study: Time Fraud in Defense Security Services……Page 191
Case Study: Time Fraud Using False Jury Duty Claims……Page 192
Case Study: Government Credit Card Fraud in the State Department……Page 193
Case Study: Government Credit Card Fraud in the U.S. Attorney’s Office……Page 195
Case Study: Department of Agriculture Employee Commits Massive Visa Fraud……Page 196
Case Study: State Department Employee Commits Massive Visa Fraud……Page 198
Case Study: United States Border Patrol and Customs Agents Smuggle Drugs……Page 199
Case Study: NLM Programmer Creates Backdoor in Medical Computer System……Page 200
Case Study: CIA and FBI Traitors……Page 202
Case Study: Disgruntled Coast Guard Employee Deletes Database Records……Page 209
Summary……Page 211
Endnotes……Page 212
Part III Corporations……Page 214
Commercial……Page 216
Introduction……Page 218
Threats……Page 219
United States Code Relevant to Insider Threat……Page 224
Endnotes……Page 265
Banking and Financial Sector……Page 268
Introduction……Page 269
Threats……Page 271
Legal Regulations……Page 296
Summary……Page 300
Government Subcontractors……Page 302
Introduction……Page 303
Threats……Page 304
Endnotes……Page 318
Part IV Analysis……Page 320
Profiles of the Insider Threat……Page 322
Introduction……Page 323
General Types of Profiling……Page 324
Base Profile……Page 326
Limitations……Page 341
High-End Profile……Page 345
Categories of Inside Attacks……Page 348
Stance……Page 351
Summary……Page 353
Response: Technologies That Can Be Used to Control the Insider Threat……Page 356
Introduction……Page 357
Understanding and Prioritizing Critical Assets……Page 358
Defining Acceptable Level of Loss……Page 359
Controlling Access……Page 361
Bait: Honeypots and Honeytokens……Page 362
Die Pad for Data……Page 364
Mole Detection……Page 366
Profiling……Page 367
Monitoring……Page 369
Anomaly Detection……Page 373
Signature Analysis……Page 374
Thin Clients……Page 376
Policy, Training, and Security Awareness……Page 377
Summary……Page 378
Survivability……Page 380
Risk……Page 381
Limiting Failure Points……Page 394
Increasing Redundancy……Page 396
Controlling and Limiting Access……Page 401
Psychosocial Factors……Page 404
Educating Employees……Page 405
Reacting to Insider Threat……Page 407
Summary……Page 411
Index……Page 412

Reviews

There are no reviews yet.

Be the first to review “Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft”
Shopping Cart
Scroll to Top