Rating:
(9 reviews)
Author: See details apex_media Fulfilled by Amazon Sign in to turn on 1-Click ordering
ISBN : 0321812573
New from $32.03
Format: PDF, EPUB
Direct download links available Free The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes for everyone book with Mediafire Link Download Link
Since 2001, the CERT® Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute (SEI) has collected and analyzed information about more than seven hundred insider cyber crimes, ranging from national security espionage to theft of trade secrets. The CERT® Guide to Insider Threats describes CERT’s findings in practical terms, offering specific guidance and countermeasures that can be immediately applied by executives, managers, security officers, and operational staff within any private, government, or military organization.
The authors systematically address attacks by all types of malicious insiders, including current and former employees, contractors, business partners, outsourcers, and even cloud-computing vendors. They cover all major types of insider cyber crime: IT sabotage, intellectual property theft, and fraud. For each, they present a crime profile describing how the crime tends to evolve over time, as well as motivations, attack methods, organizational issues, and precursor warnings that could have helped the organization prevent the incident or detect it earlier. Beyond identifying crucial patterns of suspicious behavior, the authors present concrete defensive measures for protecting both systems and data.
This book also conveys the big picture of the insider threat problem over time: the complex interactions and unintended consequences of existing policies, practices, technology, insider mindsets, and organizational culture. Most important, it offers actionable recommendations for the entire organization, from executive management and board members to IT, data owners, HR, and legal departments.
With this book, you will find out how to
Identify hidden signs of insider IT sabotage, theft of sensitive information, and fraud
Recognize insider threats throughout the software development life cycle
Use advanced threat controls to resist attacks by both technical and nontechnical insiders
Increase the effectiveness of existing technical security tools by enhancing rules, configurations, and associated business processes
Prepare for unusual insider attacks, including attacks linked to organized crime or the Internet underground
By implementing this book’s security practices, you will be incorporating protection mechanisms designed to resist the vast majority of malicious insider attacks.
Direct download links available for Free The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes
- Series: SEI Series in Software Engineering
- Hardcover: 432 pages
- Publisher: Addison-Wesley Professional; 1 edition (February 3, 2012)
- Language: English
- ISBN-10: 0321812573
- ISBN-13: 978-0321812575
- Product Dimensions: 1.1 x 7.1 x 9.1 inches
- Shipping Weight: 1.7 pounds (View shipping rates and policies)
Free The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes
While Julius Caesar likely never said "Et tu, Brute?" the saying associated with his final minutes has come to symbolize the ultimate insider betrayal.
In The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes, authors Dawn Cappelli, Andrew Moore and Randall Trzeciak of the CERT Insider Threat Center provide incontrovertible data and an abundance of empirical evidence, which creates an important resource on the topic of insider threats. There are thousands of companies that have uttered modern day versions of Et tu, Brute due to insidious insider attacks and the book documents many of them.
The book is based on work done at the CERT Insider Threat Center, which has been researching this topic for the last decade. The data the threat center has access to is unparalleled, which in turn makes this the definitive book on the topic. The threat center has investigated nearly 1,000 incidents and their data sets on the topic are unrivaled. With that, the book truly needs to be on the desktop of everyone tasked with data security and intellectual property protection.
The book provides a unique perspective on insider threats as the CERT Insider Threat Center pioneered the study of the topic, and has exceptional and empirical data to back up their findings. While there are many books on important security topics such as firewalls, encryption, identity management and more; The CERT Guide to Insider Threats is the one of the first to formally and effectively tackle the extraordinary devastating problem of trusted insiders who misappropriate data.
Working as a Software Architect one of the main concerns we always have is Security. At an application level that can usually be easily implemented if you are up to speed with the latest industry standards and best practices for the technology you are working in.
Working as an Enterprise Architect, security becomes a much broader subject. Insider threats become part of the picture and there is no cookie cutter solution for them. I have seen plenty of potential issues thwarted, and over the years working as a consultant I have witnessed plenty of successful insider attacks.
One of my first experiences with insider threat was when I was still in the engineering field. We used an email product called Pega eMail. A few of us discovered that no password was required to log into another person's email if it was done in a certain way. We would do goofy stuff like rename each other's folders to stupid names. We got bored with it in about a day and forgot about it. As time went on our company was purchased by an England company.
The new parent company sent in a new president. One of the new president's jobs was to reorganize. People were let go and offices were moved. Some of the people in one of the departments decided they wanted the inside scoop. Apparently they had learned about the email trick. They began reading all the new presidents emails. From what I heard one of them mentioned something in a meeting that was confidential between the new president and the company's London office.
The IT security team started to investigate and discovered the email product flaw. They then monitored the IP logging into the presidents email and discovered the entire department was guilty. One Friday afternoon they were all escorted out of the building.