Enemy at the Water Cooler
True Stories of Insider Threats and Enterprise Security Management Countermeasures
- Brian Contos, CISSP, Chief Security Officer, ArcSight Inc.
The book covers a decade of work with some of the largest commercial and government agencies around the world in addressing cyber security related to malicious insiders (trusted employees, contractors, and partners). It explores organized crime, terrorist threats, and hackers. It addresses the steps organizations must take to address insider threats at a people, process, and technology level. Todayâs headlines are littered with news of identity thieves, organized cyber criminals, corporate espionage, nation-state threats, and terrorists. They represent the next wave of security threats but still possess nowhere near the devastating potential of the most insidious threat: the insider. This is not the bored 16-year-old hacker. We are talking about insiders like you and me, trusted employees with access to information - consultants, contractors, partners, visitors, vendors, and cleaning crews. Anyone in an organizationâs building or networks that possesses some level of trust.
The audience for this book is diverse because those impacted by insiders are also diverse. For those not familiar with insider threats, it will provide a strong foundation. For the expert, it will supply useful anecdotes and outline countermeasures. While the book itself isnât technical by design, certain subjects do require technical elaboration. Portions of it are designed to address strategic business-level objectives. But since insider threat requires responses from IT operations and security analysts as well as from managers and executives, Iâve written for an inclusive audience. Anyone interested in insider threatâ regardless of business perspectiveâwill find useful information within these pages.