The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)

The authors systematically address attacks by all types of malicious insiders, including current and former employees, contractors, business partners, outsourcers, and even cloud-computing vendors. They cover all major types of insider cyber crime: IT sabotage, intellectual property theft, and fraud. For each, they present a crime profile describing how the crime tends to evolve over time, as well as motivations, attack methods, organizational issues, and precursor warnings that could have helped the organization prevent the incident or detect it earlier. Beyond identifying crucial patterns of suspicious behavior, the authors present concrete defensive measures for protecting both systems and data.

This book also conveys the big picture of the insider threat problem over time: the complex interactions and unintended consequences of existing policies, practices, technology, insider mindsets, and organizational culture. Most important, it offers actionable recommendations for the entire organization, from executive management and board members to IT, data owners, HR, and legal departments.

With this book, you will find out how to

• Identify hidden signs of insider IT sabotage, theft of sensitive information, and fraud
• Recognize insider threats throughout the software development life cycle
• Use advanced threat controls to resist attacks by both technical and nontechnical insiders
• Increase the effectiveness of existing technical security tools by enhancing rules, configurations, and associated business processes
• Prepare for unusual insider attacks, including attacks linked to organized crime or the Internet underground