Home | Amazing | Today | Tags | Publishers | Years | Account | Search 
Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures

Buy
Today's headlines are littered with news of identity thieves, organized cyber criminals, corporate espionage, nation-state threats and even terrorists. They represent the next wave of security threats but still possess nowhere near the devastating potential of the most insidious threat: the insider. This is not the bored 16 year-old hacker. We are talking about insiders like you and I, who are trusted employees with access to information - consultants, contractors, partners, visitors, vendors, and cleaning crews. Anybody within an organization's building or networks that possesses some level of trust. Some insiders are malicious to begin with, joining organizations with surreptitious motives from the onset. These malicious insiders may work for competitors, organized crime groups, activists, terrorist organizations or even foreign governments.

 However, most insiders do not start with malicious intent, but become disgruntled or are motivated by financial gain. Other contributing factors can be fear, excitement, politics or even general malice. Others simply make mistakes, having no malicious motive, but their actions nonetheless have serious consequences. The larger an organization gets, the more likely it is to be concerned with insider threats. In a 2005 IDC study, it was discovered that about 40% of large organizations felt that the greatest security risks stem from internal threats as opposed to external attacks. Around 30% of respondents felt that the threats were about equal. Because of these threats, not taking steps to address insiders can ultimately yield regulatory fines, legal fees, litigation penalties associated with class actions, public relations fees, a decrease in shareholder faith, expenses related to placating customers and ultimately lost revenue.

 There is no security panacea. There is no piece of software that one can install, no box that can be plugged in, no policy that can be written, and no guru who can be hired to make an organization 100% secure. Insider threats are the hardest threats to prevent, most difficult to detect, and most politically-charged to mange. Security is a process that requires vigilance and awareness. It is a merger of people, processes, and technology. Finding the best combination of these variables to mitigate risk helps achieve a strong security posture. With vivid real-life cases, this book addresses the most difficult to manage and costly of all security threats: the insider.

About the Author
Brian T. Contos, CISSP
Chief Security Officer, ArcSight Inc.
Mr. Contos has real-world security engineering and management expertise developed in over a decade of working in some of the most sensitive and mission-critical environments in the world. For four years as ArcSight’s CSO, he has advised government organizations and Fortune 1,000s on security strategy related to Enterprise Security Management solutions and has evangelized the ESM space. He has delivered speeches, written numerous white papers, performed webcasts and podcasts and published countless security articles for publications such as: The London Times, Computerworld, SC Magazine,Tech News World, Financial Sector Technology, and the Sarbanes-Oxley Compliance Journal. Mr. Contos has held security management and engineering positions at Riptech (a Managed Security Services Provider (MSSP) acquired by Symantec), Lucent Bell Labs, Compaq Computers, and the Defense Information Systems Agency (DISA). He has worked throughout North America, South America,Western Europe, and Asia, holds a number of industry and vendor certifications, and has a BS from the University of Arizona.
(HTML tags aren't allowed.)

Classification and Clustering for Knowledge Discovery (Studies in Computational Intelligence)
Classification and Clustering for Knowledge Discovery (Studies in Computational Intelligence)
Knowledge Discovery today is a significant study and research area. In finding answers to many research questions in this area, the ultimate hope is that knowledge can be extracted from various forms of data around us. This book covers recent advances in unsupervised and supervised data analysis methods in Computational Intelligence for knowledge...
Behavioral Biometrics For Human Identification: Intelligent Applications (Premier Reference Source)
Behavioral Biometrics For Human Identification: Intelligent Applications (Premier Reference Source)
Automatic biometrics recognition techniques are becoming increasingly important in corporate and public security systems and have increased in methods due to rapid field development. Behavioral Biometrics for Human Identification: Intelligent Applications discusses classic behavioral biometrics as well as collects the latest...
Learning Proxmox VE
Learning Proxmox VE

Unleash the power of Proxmox VE by setting up a dedicated virtual environment to serve both containers and virtual machines

About This Book

  • Create virtual machines and containers from the comfort of your workstation using Proxmox VE's web-based management...

Querying Databases Privately: A New Approach to Private Information Retrieval (Lecture Notes in Computer Science)
Querying Databases Privately: A New Approach to Private Information Retrieval (Lecture Notes in Computer Science)
The Internet and the worldwide web play an increasingly important role in our private and professional activities, for example in accessing information about cultural, political, economical, medical or scientific information. Many people assume that they can access such information privately.

This book addresses the topic of querying...

PHP and script.aculo.us Web 2.0 Application Interfaces
PHP and script.aculo.us Web 2.0 Application Interfaces

script.aculo.us is a JavaScript library that provides dynamic visual effects, user interface controls, and robust AJAX features. It is to client-side what PHP is to server-side - powerful, simple, complete fun, and above all, a MUST! As developers, we all dream of building applications that users can instantly fall in love with and get...

Concurrent and Real-Time Programming in Ada
Concurrent and Real-Time Programming in Ada
Ada is the only ISO-standard, object-oriented, concurrent, real-time programming language. It is intended for use in large, long-lived applications where reliability and efficiency are essential, particularly real-time and embedded systems. In this book, Alan Burns and Andy Wellings give a thorough, self-contained account of how the Ada tasking...
©2019 LearnIT (support@pdfchm.net) - Privacy Policy