Go to the FreeLists Home Page Home Signup Help Login 		 



[networknewsletters] || [Date Prev] [01-2006 Date Index] [Date Next] || [Thread Prev] [01-2006 Thread Index] [Thread Next]

Book Review: Insider Threat

  • From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
  • To: NetworkNewsletters@xxxxxxxxxxxxx
  • Date: Thu, 12 Jan 2006 12:14:21 -0500
**************************************************************
Network Newsletters Mailing List ©1994
Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html

Educational CyberPlayGround Community Mailing Lists http://www.edu-cyberpg.com/Community/
Advertise Network Newsletters Guidlines
http://www.edu-cyberpg.com/Community/Subguidelines.html
**************************************************************

Book Review: Insider Threat
http://books.slashdot.org/books/06/01/06/1421243.shtml

Author: Eric Cole and Sandra Ring
Pages: 397
Publisher: Syngress
Rating: 9
Reviewer: Ben Rothke
ISBN: 1597490482  [ http://www.amazon.com/exec/obidos/ASIN/1597490482/c4iorg]
Summary: Excellent overview of the insider threat to networks and
information systems

The retail and gambling sectors have long understood the danger of the
insider threat and have built their security frameworks to protect
against both the insider and the outsider. Shoplifters are a huge bane
to the retail industry, exceeded only by thefts from internal
employees behind the registers. The cameras and guards in casinos are
looking at both those in front of and behind the gambling tables.
Casinos understand quite well that when an employee is spending 40
hours a week at their location dealing with hundreds of thousands of
dollars; over time, they will learn where the vulnerabilities and
weaknesses are. For a minority of these insiders, they will commit
fraud, which is invariably much worse than any activity an outsider
could alone carry out.

Insider Threat is mainly a book of real-life events that detail how
the insider threat is a problem that affects every organization in
every industry. In story after story, the book details how trusted
employees will find weaknesses in systems in order to carry out
financial or political attacks against their employers. It is the
responsibility to the organization to ensure that their infrastructure
is designed to detect these insiders and their systems resilient
enough to defend against them. This is clearly not a trivial task.

The authors note that the crux of the problem is that many
organizations tend to think that once they hire an employee or
contractor, that the person is now part of a trusted group of
dedicated and loyal employees. Given that many organizations don't
perform background checks on their prospective employees, they are
placing a significant level of trust in people they barely know. While
the vast majority of employees can be trusted and are honest, the
danger of the insider threat is that it is the proverbial bad apple
that can take down the entire tree. The book details numerous stories
of how a single bad employee has caused a company to go out of
business. <snip>

<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Copyright statements to be included when reproducing
annotations from Network Newsletters

The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND http://www.edu-cyberpg.com
Network Newsletters copyright
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html 

FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/

HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>




[ Home | Signup | Help | Login | Archives | Lists ]

All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
Everything else ©2007 Avenir Technologies, LLC.