The book covers a decade of work with some of the largest commercial and government agencies around the world in addressing cyber security related to malicious insiders (trusted employees, contractors, and partners). It explores organized crime, terrorist threats, and hackers. It addresses the steps organizations must take to address insider threats at a people, process, and technology level.
Today’s headlines are littered with news of identity thieves, organized cyber criminals, corporate espionage, nation-state threats, and terrorists. They represent the next wave of security threats but still possess nowhere near the devastating potential of the most insidious threat: the insider. This is not the bored 16-year-old hacker. We are talking about insiders like you and me, trusted employees with access to information - consultants, contractors, partners, visitors, vendors, and cleaning crews. Anyone in an organization’s building or networks that possesses some level of trust.
Full coverage of this hot topic for virtually every global 5000 organization, government agency, and individual interested in security.
Brian Contos is the Chief Security Officer for one of the most well known, profitable and respected security software companies in the U.S.—ArcSight.
The audience for this book is diverse because those impacted by insiders are also diverse. For those not familiar with insider threats, it will provide a strong foundation. For the expert, it will supply useful anecdotes and outline countermeasures. While the book itself isn’t technical by design, certain subjects do require technical elaboration. Portions of it are designed to address strategic business-level objectives. But since insider threat requires responses from IT operations and security analysts as well as from managers and executives, I’ve written for an inclusive audience. Anyone interested in insider threat— regardless of business perspective—will find useful information within these pages.
Part I: Background on Cyber Crime, Insider Threats, and ESM Chapter One: Cyber Crime and Cyber Criminals • About this Chapter • Computer Dependence and Internet Growth • The Shrinking Vulnerability Threat Window • Motivations for Cyber Criminal Activity o Black Markets • Hacker • Script Kiddies • Solitary Cyber Criminals and Exploit Writers for Hire • Organized Crime • Identity Thieves (Impersonation Fraudsters) • Competitors • Activist Groups, Nation-State Threats, and Terrorists • Activists • Nation-State Threats o China o France o Russia o United Kingdom o United States • Terrorists • Insiders • Tools of the Trade o Application-Layer Exploits o Botnets o Buffer Overflows o Code Packing o Denial-of-service (DoS) Attacks o More Aggressive and Sophisticated Malware o Non-wired Attacks and Mobile Devices o Password-cracking o Phishing o Reconnaissance and Googledorks o Rootkits and Keyloggers o Social Engineering Attacks o Voice over IP (VoIP) Attacks o Zero-Day Exploits • Summary Points Chapter Two: Insider Threats • Understanding Who the Insider Is • Psychology of Insider Identification • Insider Threat Examples from the Media • Insider Threats from a Human Perspective o A Word on Policies • Insider Threats from a Business Perspective o Risk • Insider Threats from a Technical Perspective o Need-to-know o Least Privileges<BR i
- No. of pages:
- © Syngress 2007
- 30th October 2006
- eBook ISBN:
- Paperback ISBN:
Brian T. Contos, CISSP, Chief Security Officer, ArcSight Inc. has over a decade of real-world security engineering and management expertise developed in some of the most sensitive and mission-critical environments in the world. As ArcSight's CSO he advises government organizations and Global 1,000s on security strategy related to Enterprise Security Management (ESM) solutions while being an evangelist for the security space. He has delivered security-related speeches, white papers, webcasts, podcasts and most recently published a book on insider threats titled – Enemy at the Water Cooler. He frequently appears in media outlets including: Forbes, The London Times, Computerworld, SC Magazine, Tech News World, Financial Sector Technology and the Sarbanes-Oxley Compliance Journal. Mr. Contos has held management and engineering positions at Riptech, Lucent Bell Labs, Compaq Computers and the Defense Information Systems Agency (DISA). He has worked throughout North America, South America, Western Europe, and Asia and holds a B.S. from the University of Arizona in addition to a number of industry and vendor certifications.
CISSP, Chief Security Officer, ArcSight Inc.
Throughout, Contos uses his extensive personal experiences to illustrate Internet security breaches and provide countermeasures. This book requires little if any technical background and is intended to appeal to a broad audience.- Choice, E. M. Aupperle