By
Brian Contos, CISSP, Chief Security Officer, ArcSight Inc.
Description
The book covers a decade of work with some of the largest commercial and government agencies around the world in addressing cyber security
related to malicious insiders (trusted employees, contractors, and partners). It explores organized crime, terrorist threats, and hackers.
It addresses the steps organizations must take to address insider threats at a people, process, and technology level.
Today’s headlines
are littered with news of identity thieves, organized cyber criminals, corporate espionage, nation-state threats, and terrorists. They
represent the next wave of security threats but still possess nowhere near the devastating potential of the most insidious threat: the
insider. This is not the bored 16-year-old hacker. We are talking about insiders like you and me, trusted employees with access to information
- consultants, contractors, partners, visitors, vendors, and cleaning crews. Anyone in an organization’s building or networks that possesses
some level of trust.
Audience:
The audience for this book is diverse because those impacted by insiders are also diverse. For those not familiar with insider threats,
it will provide a strong foundation. For the expert, it will supply useful anecdotes and outline countermeasures. While the book itself
isn’t technical by design, certain subjects do require technical elaboration. Portions of it are designed to address strategic business-level
objectives. But since insider threat requires responses from IT operations and security analysts as well as from managers and executives,
I’ve written for an inclusive audience. Anyone interested in insider threat— regardless of business perspective—will find useful information
within these pages.
