The international information security experts IT Governance have added a new title to their catalogue: Insider Threat – A Guide to Understanding, Detecting, and Defending Against the Enemy from Within by Julie Mehan.
Insider threats can expose data, harm the organisation or deliver valuable intellectual property into competitors’ hands, impacting reputation, operations and profitability. Every type of organisation is vulnerable.
Insider Threat – A Guide to Understanding, Detecting, and Defending Against the Enemy from Within looks beyond perimeter protection tools, and shows how a security culture based on international best practice can help mitigate the insider threat to your security.
The book details the measures that organisations can implement to ensure high-impact quick wins, mapping appropriate security controls from the ISO 27001, ISO 27002 and NIST SP 800-53 standards to the following points, and more:
· Risk mitigation and the eight steps of a risk assessment
· The importance of training and awareness, and conducting staff background screening
· Monitoring and auditing the activities of general and privileged users, and quickly responding to suspicious behaviours
· Metrics to measure insider threat behaviour and mitigation
· The challenge of external or temporary insiders (such as consultants, support contractors, partners, service providers and temporary employees)
· Layering physical and digital defences to provide defence in depth
· The importance of conducting regular penetration testing to evaluate security controls
· Limiting, monitoring and controlling remote access and mobile device use
· Ensuring supply-chain security
· Maintaining an incident management capability
It also sets out what not to do, listing a set of worst practices that should be avoided.
“This manuscript is no less than what I would expect from a PhD with your track record… I am especially taken by the depth of your analysis and the combination of baselines and explanations.”
ir. H.L. (Maarten) Souw RE, Enterprise Risk and QA Manager, UVW
Insider Threat – A Guide to Understanding, Detecting, and Defending Against the Enemy from Within is available from IT Governance in softcover, Adobe eBook and ePub formats:
http://www.itgovernancesa.co.za/p-1051.aspx (Southern Africa)