Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures
(Sprache: Englisch)
Today's headlines are littered with news of identity thieves, organized cyber criminals, corporate espionage, nation-state threats and even terrorists. They represent the next wave of security threats but still possess nowhere near the devastating potential...
Leider schon ausverkauft
versandkostenfrei
Buch
34.59 €
Produktdetails
Produktinformationen zu „Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures “
Today's headlines are littered with news of identity thieves, organized cyber criminals, corporate espionage, nation-state threats and even terrorists. They represent the next wave of security threats but still possess nowhere near the devastating potential of the most insidious threat: the insider. This is not the bored 16 year-old hacker. We are talking about insiders like you and I, who are trusted employees with access to information - consultants, contractors, partners, visitors, vendors, and cleaning crews. Anybody within an organization's building or networks that possesses some level of trust. Some insiders are malicious to begin with, joining organizations with surreptitious motives from the onset. These malicious insiders may work for competitors, organized crime groups, activists, terrorist organizations or even foreign governments. However, most insiders do not start with malicious intent, but become disgruntled or are motivated by financial gain. Other contributing factors can be fear, excitement, politics or even general malice. Others simply make mistakes, having no malicious motive, but their actions nonetheless have serious consequences. The larger an organization gets, the more likely it is to be concerned with insider threats. In a 2005 IDC study, it was discovered that about 40% of large organizations felt that the greatest security risks stem from internal threats as opposed to external attacks. Around 30% of respondents felt that the threats were about equal. Because of these threats, not taking steps to address insiders can ultimately yield regulatory fines, legal fees, litigation penalties associated with class actions, public relations fees, a decrease inshareholder faith, expenses related to placating customers and ultimately lost revenue. There is no security panacea. There is no piece of software that one can install, no box that can be plugged in, no policy that can be written, and no guru who can be hired to make an organiza
Inhaltsverzeichnis zu „Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures “
Part I: Background on Cyber Crime, Insider Threats, and ESM Chapter One: Cyber Crime and Cyber Criminals About this Chapter Computer Dependence and Internet Growth The Shrinking Vulnerability Threat Window Motivations for Cyber Criminal Activity o Black Markets Hacker Script Kiddies Solitary Cyber Criminals and Exploit Writers for Hire Organized Crime Identity Thieves (Impersonation Fraudsters) Competitors Activist Groups, Nation-State Threats, and Terrorists Activists Nation-State Threats o China o France o Russia o United Kingdom o United States Terrorists Insiders Tools of the Trade o Application-Layer Exploits o Botnets o Buffer Overflows o Code Packing o Denial-of-service (DoS) Attacks o More Aggressive and Sophisticated Malware o Non-wired Attacks and Mobile Devices o Password-cracking o Phishing o Reconnaissance and Googledorks o Rootkits and Keyloggers o Social Engineering Attacks o Voice over IP (VoIP) Attacks o Zero-Day Exploits Summary Points Chapter Two: Insider Threats Understanding Who the Insider Is Psychology of Insider Identification Insider Threat Examples from the Media Insider Threats from a Human Perspective o A Word on Policies Insider Threats from a Business Perspective o Risk Insider Threats from a Technical Perspective o Need-to-know o Least Privileges o Separation of Duties o Strong Authentication o Access Controls o Incident Detection and Incident Management Summary Points Chapter Three: Enterprise Security Management (ESM) ESM in a Nutshell Key ESM Feature Requirements o Event Collection o Normalization o Categorization o Asset Information o Vulnerability Information o Zoning and Global Positioning System Data o Active Lists o Actors o Data Content o Correlation o Prioritization o Event and Response Time Reduction o Anomaly Detection o Pattern Discovery o Alerting o Case Management o Real-Time Analysis and Forensic Investigation o Visualization o High-level Dashboards o Detailed Visualization o Reporting o Remediation Return On
... mehr
Investment (ROI) and Return On Security Investment (ROSI) Alternatives to ESM o Do Nothing o Custom In-house Solutions o Outsourcing and Co-sourcing ? Co-sourcing examples: Summary Points Part II: Real Life Case Studies Chapter Four: Imbalanced SecurityA Singaporean Data Center Chapter Five: Correlating Physical and Logical Security EventsA U.S. Government Organization Chapter Six: Insider with a ConscienceAn Austrian Retailer Chapter Seven: Collaborative ThreatA Telecommunications Company in the U.S. Chapter Eight: Outbreak from WithinA Financial Organization in the U.K. Chapter Nine: Mixing Revenge and PasswordsA Utility Company in Brazil Chapter Ten: Rapid RemediationA University in the United States Chapter Eleven: Suspicious ActivityA Consulting Company in Spain Chapter Twelve: Insiders Abridged Malicious use of Medical Records Hosting Pirated Software Pod-Slurping Auctioning State Property Writing Code for another Company Outsourced Insiders Smuggling Gold in Rattus Norvegicus Part III: The Extensibility of ESM Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM Disclaimer Monitoring and disclosure Provider Protection Exception Consent Exception Computer Trespasser Exception Court Order Exception Best Practices Canadian Best Evidence Rule Summary Points Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM A Primer on Sarbanes-Oxley Section 302: Corporate Responsibility for Financial Reports Section 404: Management Assessment of Internal Controls Separation of Duties Monitoring Interaction with Financial Processes Detecting Changes in Controls over Financial Systems Section 409: Real-time Issuer Disclosures Summary Points Chapter Fifteen: Incident Management with ESM Incident Management Basics Improved Risk Management Improved Compliance Reduced Costs Current Challenges o Process o Organization o Technology Building an Incident Management Program o Defining Risk Five Steps to Risk Definition for Incident Management o Process o Training o Stakeholder Involvement o Remediation o Documentation Reporting and Metrics Summary Points Chapter Sixteen: Insider Threat Questions and Answers Introduction Insider Threat Recap Question One - Employees o The Hiring Process o Reviews o Awareness o NIST 800-50 o Policies o Standards o Security Memorandum Example Question Two - Prevention Question Three Asset Inventories Question Four Log Collection o Security Application Logs o Operating System Log o Web Server Logs o NIST 800-92 Question Five Log Analysis Question Six - Specialized Insider Content Question Seven Physical and Logical Security Convergence Question Eight IT Governance o NIST 800-53 o Network Account Deletion maps to NIST 800-53 section AC-2 o Vulnerability Scanning maps to NIST 800-53 section RA-5 o Asset Creation maps to NIST 800-53 section CM-4 o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14 o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7 Question Nine - Incident Response Question 10 Must Haves Appendix AExamples of Cyber Crime Prosecutions
... weniger
Autoren-Porträt von Brian T. Contos
Brian T. Contos, CISSP, Chief Security Officer, ArcSight Inc. has over a decade of real-world security engineering and management expertise developed in some of the most sensitive and mission-critical environments in the world. As ArcSight's CSO he advises government organizations and Global 1,000s on security strategy related to Enterprise Security Management (ESM) solutions while being an evangelist for the security space. He has delivered security-related speeches, white papers, webcasts, podcasts and most recently published a book on insider threats titled - Enemy at the Water Cooler. He frequently appears in media outlets including: Forbes, The London Times, Computerworld, SC Magazine, Tech News World, Financial Sector Technology and the Sarbanes-Oxley Compliance Journal. Mr. Contos has held management and engineering positions at Riptech, Lucent Bell Labs, Compaq Computers and the Defense Information Systems Agency (DISA). He has worked throughout North America, South America, Western Europe, and Asia and holds a B.S. from the University of Arizona in addition to a number of industry and vendor certifications.
Bibliographische Angaben
- Autor: Brian T. Contos
- 2007, 262 Seiten, Maße: 17,9 x 22,7 cm, Kartoniert (TB), Englisch
- Verlag: Syngress Media
- ISBN-10: 1597491292
- ISBN-13: 9781597491297
Sprache:
Englisch
Kommentar zu "Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures"
0 Gebrauchte Artikel zu „Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures".
Kommentar verfassen