Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft [ILLUSTRATED] (Paperback)

by Eric Cole (Author), Sandra Ring (Author)
Key Phrases: offense punishable under this subparagraph, insider threat, fine under this title, United States, New York, Nick Leeson (more...)

Editorial Reviews

Product Description
The Secret Service, FBI, NSA, CERT (Computer Emergency Response Team) and George Washington University have all identified "Insider Threats" as one of the most significant challenges facing IT, security, law enforcement, and intelligence professionals today.

This book will teach IT professional and law enforcement officials about the dangers posed by insiders to their IT infrastructure and how to mitigate these risks by designing and implementing secure IT systems as well as security and human resource policies. The book will begin by identifying the types of insiders who are most likely to pose a threat. Next, the reader will learn about the variety of tools and attacks used by insiders to commit their crimes including: encryption, steganography, and social engineering. The book will then specifically address the dangers faced by corporations and government agencies. Finally, the reader will learn how to design effective security systems to prevent insider attacks and how to investigate insider security breeches that do occur.

Throughout the book, the authors will use their backgrounds in the CIA to analyze several, high-profile cases involving insider threats.

* Tackles one of the most significant challenges facing IT, security, law enforcement, and intelligence professionals today

* Both co-authors worked for several years at the CIA, and they use this experience to analyze several high-profile cases involving insider threat attacks

* Despite the frequency and harm caused by insider attacks, there are no competing books on this topic.books on this topic

About the Author
Dr. Eric Cole is an industry recognized security expert, technology visionary and scientist, with over 15 year's hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has over a decade of experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books to include Hackers Beware, Hiding in Plain Site, Network Security Bible and Insider Threat. He is also the inventor of over 20 patents and is a researcher, writer, and speaker for SANS Institute and faculty for The SANS Technology Institute, a degree granting institution.

Product Details

• Paperback: 350 pages
• Publisher: Syngress; 1 edition (March 15, 2006)
• Language: English
• ISBN-10: 1597490482
• ISBN-13: 978-1597490481
• Product Dimensions: 8.8 x 7 x 0.9 inches
• Shipping Weight: 1.5 pounds (View shipping rates and policies)
• Average Customer Review: 4.3 out of 5 stars See all reviews (11 customer reviews)
• Amazon.com Sales Rank: #236,025 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

11 of 13 people found the following review helpful:

3.0 out of 5 stars Warning, December 17, 2005

By	Marco De Vivo "mata-hackers" (Miami, Florida United States) - See all my reviews (REAL NAME)

Just two words: this is an anecdotical book about insider originated attacks, not a technical book discussing prevention and detection techniques and tools. I was mislead by the title when bought the book. Try instead the book EXTRUSION DETECTION if interested in prevent, detect, and fight insider traitors/attackers in enterprises, data centers, intranets or extranets.

6 of 7 people found the following review helpful:

5.0 out of 5 stars Excellent overview of the insider threat to networks and information systems, January 7, 2006

By	Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews (TOP 500 REVIEWER)    (REAL NAME)

Thousands of computer security books have been published that deal with every conceivable security issue and technology. But Insider Threat is one of the first to deal with one of the most significant threats to an organizations, namely that of the trusted insider. The problem is that within information technology, many users have far too much access and trust than they should truly have.

The retail and gambling sectors have long understood the danger of the insider threat and have built their security frameworks to protect against both the insider and the outsider. Shoplifters are a huge bane to the retail industry, exceeded only by thefts from internal employees behind the registers. The cameras and guards in casinos are looking at both those in front of and behind the gambling tables. Casinos understand quite well that when an employee is spending 40 hours a week at their location dealing with hundreds of thousands of dollars; over time, they will learn where the vulnerabilities and weaknesses are. For a minority of these insiders, they will commit fraud, which is invariably much worse than any activity an outsider could alone carry out.

Insider Threat is mainly a book of real-life events that detail how the insider threat is a problem that affects every organization in every industry. In story after story, the book details how trusted employees will find weaknesses in systems in order to carry out financial or political attacks against their employers. It is the responsibility to the organization to ensure that their infrastructure is designed to detect these insiders and their systems resilient enough to defend against them. This is clearly not a trivial task.

The authors note that the crux of the problem is that many organizations tend to think that once they hire an employee or contractor, that the person is now part of a trusted group of dedicated and loyal employees. Given that many organizations don't perform background checks on their prospective employees, they are placing a significant level of trust in people they barely know. While the vast majority of employees can be trusted and are honest, the danger of the insider threat is that it is the proverbial bad apple that can take down the entire tree. The book details numerous stories of how a single bad employee has caused a company to go out of business.

Part of the problem with the insider threat is that since companies are oblivious to it, they do not have a framework in place to determine when it is happening, and to deal with it when it occurs. With that, when the insider attack does occur, which it invariably will, companies have to scramble to recover. Many times, they are simply unable to recover, as the book details in the cases of Omega Engineering and Barings Bank.

The premise of Insider Threat is that companies that don't have a proactive plan to deal with insider threats will ultimately be a victim of insider threats. The 10 chapters in the book expand on this and provide analysis to each scenario described.

Chapter 1 defines what exactly insider threats are and provides a number of ways to prevent insider threats. The authors note that there is no silver bullet solution or single thing that can be done to prevent and insider threat. The only way to do this is via a comprehensive program that must be developed within the framework of the information security group. Fortunately, all of these things are part of a basic information security program including fundamental topics like security awareness, separation and rotation of duties, least privilege to systems, logging and auditing, and more.

The irony of all of the solutions suggested in chapter one is that not a single one of them is rocket science. All of them are security 101 and don't require any sort of expensive software or hardware. Part of this bitter irony is that companies are oblivious to these insider threats and will spend huge amounts of money to protect against the proverbial evil hacker, being oblivious to the nefarious accounts receivable clerk in the back office that is draining the coffers.

One example the book provides is that many companies feel they are safe because they encrypt data. An excellent idea detailed in chapter two is to set up a sniffer and examine the traffic on the internal network to ensure that the data is indeed encrypted. The reliance on encryption will not work if it is not setup or configured correctly. The only way to know with certainty is to test it and see how it is transmitted over the wire. Many companies will be surprised that data that should be unreadable is being transmitted in the clear.

Some of the suggestions that authors propose will likely ruffle some feathers. Ideas such as restricting Internet, email, IM and web access to a limited number of users may sound absurd to some. But unless there is a compelling business need for a user to have these technologies, they should be prohibited. Not only will the insider threat threshold be lowered, productivity will likely increase also.

The author's also suggest prohibiting iPods or similar devices in a corporate environment. The same device that can store gigabytes of music can also be used to illicitly transfer gigabytes of corporate data.

Insider Threat provides verifiable stories from every industry and sector, be it commercial or government. The challenge of dealing with the insider threat is that it requires most organizations to completely rethink the way they relate to security. It is a challenge that many organizations would prefer to remain obvious to, given the uncomfortable nature of the insider threat. But given that the threats are only getting worse, ignoring them is inviting peril.

The only lacking of the book is that even though it provides a number of countermeasures and suggestions, they are someone scattered and written in an unstructured way. It is hoped that the authors will write a follow-up book that details a thorough methodology and framework for dealing with the insider threat.

Overall, Insider Threat is an important work that should be required reading for every information security professional and technology manager. The issue of the insider threat is real and only getter worse. Those that choose to ignore it are only inviting disaster. Those companies that will put office supplies and coffee under double-lock and key, while doing nothing to contain the insider threat are simply misguided and putting their organization at risk.

Insider Threat is a wake-up call that should revive anyone who doubts the insider threat.

2 of 2 people found the following review helpful:

4.0 out of 5 stars An important warning for those ignoring internal attackers, March 10, 2006

By	Richard Bejtlich "TaoSecurity.com" (Metro Washington, DC) - See all my reviews (TOP 500 REVIEWER)    (REAL NAME)

Those who want to understand the nature of internal attackers should read Insider Threat. The book combines general recommendations to detect and thwart internal attackers with case studies discussing fraud, espionage, and other unfortunate events. Insider Threat could benefit from a tighter focus and better presentation of material, but the core message is still noteworthy.

Insider Threat is unlike other threat-centric books published by Syngress. Inside the Spam Cartel, for example, is written by an anonymous spammer. Software Piracy Exposed is written by a reporter who gained the trust of the pirate underground. Insider Threat is written by security consultants who have to deal with the consequences of internal attacks. The real-world component appears in chapters 3-7, where case studies are presented. Some of these case studies feature comments from the perpetrators, but none are interviews with the perpetrators. I would have liked to have seen some first-hand reporting on these individuals, as appeared in Software Piracy Exposed.

Outside of the case studies, the advice in Insider Threat is sound. I was very glad to see the authors' insistence on monitoring and the recognition that prevention eventually fails. I would have liked to have seen a fictional case study showing how an internal attack was detected, tracked, and then thwarted using the authors' recommendations.

With respect to the authors' commentary and suggestions, that material seemed internally repetitive and spread thinly throughout the book. The book could really be reduced to 7 chapters, plus my recommended new case study: (1) intro to inside threat; (2-6) current chapters 3-7; (7) fictional case study; (8) recommendations to counter inside threat.

Incidentally, I agree with Thomas Duff's earlier comments. Combining better internal presentation with reorganization of material would make for a strong second edition of Insider Threat.