BKINSTHR.RVW 20060615 "Insider Threat", Eric Cole/Sandra Ring, 2006, 1-59749-048-2, U$34.95/C$48.95 %A Eric Cole %A Sandra Ring %C 800 Hingham Street, Rockland, MA 02370 %D 2006 %G 1-59749-048-2 %I Syngress Media, Inc. %O U$34.95/C$48.95 781-681-5151 fax: 781-681-3585 www.syngress.com %O http://www.amazon.com/exec/obidos/ASIN/1597490482/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1597490482/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1597490482/robsladesin03-20 %O Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 397 p. %T "Insider Threat" Abuse of your systems by insiders, those who have intimate knowledge of an enterprise and its protective controls because they are either employees or close partners, has always been a great security risk. In most cases these people are aware of the existing safeguards, and usually some means to get around them: in a large number of situations inside people actually operate and manage security countermeasures and auditing functions. Protecting yourself against insider attack is tricky. (However, while we all know about insider attacks, insider abuse, and that these are major problems, the term "insider threat" may be incorrect, and the phrase itself an obstacle. In viewing employees, staff, contractors, and partners as threats, instead of assets, we are making a serious mistake in our definitions, and one that can have serious negative consequences for the overall security of the enterprise.) Part one examines insider threat basics. Chapter one points out that insiders are threats. Various technologies for carrying or hiding information are described in chapter two (although the text does admit that one possibility for info release is the fact your employees simply leave the building every night with everything they know). Part two looks at government. Chapter three, about state and local authorities, notes the type of functions that are managed at this level, and the damage that can be done if this information is misused. The material seems to be bundled together in a random fashion. There are a number of "case studies," which are really just stories of situations where an insider has abused his or her position. Much the same is done with the federal government in chapter four. Part three turns to corporations. Chapter five starts off with an extremely odd statement, seeming to imply that nobody was much aware of the insider threat until a 1998 study. (However, this may signal one of the major problems with the book: the term "insider threat" was first used in a classified paper in 1997.) It has a brief, but useful, examination of various types of damage that an insider can do in a commercial enterprise (sabotage, theft of intellectual property, theft of customer data, damage to reputation, and direct financial fraud), and then we are back to the stories again. More case studies are given regarding the banking and financial sector, in chapter six, and government subcontractors, in seven. Part four is entitled "Analysis," but there isn't all that much. Chapter eight looks at profiles, despite the fact that the second last case study (in chapter seven) noted that the insider was so successful because he didn't fit the commonly perceived profile. The basic profile provided may be helpful in distinguishing low-end threats who may deserve further examination: the "high-end" profile identifies most senior managers. The responses suggested in chapter nine are primarily basic protections (and mostly suitable for defending against outside threats); some of the additional measures are only effective if you already have a suspect. Most of the content in chapter ten relates to fundamental risk analysis. The risks posed by insider knowledge are important. Unfortunately, other than providing a fund of illustrative stories, this book does not provide much material that would be of assistance to those concerned with protection. And, as noted previously, the title, and the general tone of paranoia pervading the work, are risks in themselves. copyright Robert M. Slade, 2006 BKINSTHR.RVW 20060615