Enemy at the Water Cooler: True Stories of Insider Threats and Enterprise Security Management Countermeasures
Autor Brian T Contosen Limba Engleză Paperback – 29 oct 2006
Today’s headlines are littered with news of identity thieves, organized cyber criminals, corporate espionage, nation-state threats, and terrorists. They represent the next wave of security threats but still possess nowhere near the devastating potential of the most insidious threat: the insider. This is not the bored 16-year-old hacker. We are talking about insiders like you and me, trusted employees with access to information - consultants, contractors, partners, visitors, vendors, and cleaning crews. Anyone in an organization’s building or networks that possesses some level of trust.
* Full coverage of this hot topic for virtually every global 5000 organization, government agency, and individual interested in security.
* Brian Contos is the Chief Security Officer for one of the most well known, profitable and respected security software companies in the U.S.—ArcSight.
Preț: 366.26 lei
Preț vechi: 457.82 lei
-20% Nou
Puncte Express: 549
Preț estimativ în valută:
70.08€ • 73.37$ • 57.99£
70.08€ • 73.37$ • 57.99£
Carte tipărită la comandă
Livrare economică 05-19 aprilie
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781597491297
ISBN-10: 1597491292
Pagini: 304
Ilustrații: 1
Dimensiuni: 152 x 229 x 21 mm
Greutate: 0.4 kg
Editura: ELSEVIER SCIENCE
ISBN-10: 1597491292
Pagini: 304
Ilustrații: 1
Dimensiuni: 152 x 229 x 21 mm
Greutate: 0.4 kg
Editura: ELSEVIER SCIENCE
V-ar putea interesa
-
On the Foundations of ComputingGiuseppe Primiero-22%Preț: 337.41 lei431.27 lei -
Algorithms Are Not EnoughHerbert L. Roitblat-20%Preț: 215.82 lei269.77 lei -
Blockchain Chicken FarmXiaowei WangPreț: 89.18 lei -
Possible Minds: Twenty-Five Ways of Looking at AIJohn Brockman-34%Preț: 75.23 lei113.68 lei -
Information Security for the Little GuyJoseph M. Hoffman-20%Preț: 43.96 lei54.96 lei -
-20%Preț: 448.83 lei561.05 lei -
The Zynq BookLouise H CrockettPreț: 277.95 lei -
Algorithms Illuminated (Part 2)Tim Roughgarden-20%Preț: 92.70 lei115.88 lei -
Database SystemsRamez Elmasri-20%Preț: 486.43 lei608.04 lei -
Security Sound BitesRoger G. Johnston-20%Preț: 98.81 lei123.50 lei -
Cloud-Computing-SecurityTiberiu Tajts-20%Preț: 243.96 lei304.94 lei -
How to Spot Scams OnlineJohn Gower-20%Preț: 53.89 lei67.36 lei -
The Holistic Operational Readiness Security EvaluationMR Michael D. Peters-20%Preț: 299.65 lei374.57 lei -
Guide to Secure Web ServicesAnoop Singhal-20%Preț: 118.69 lei148.37 lei -
-20%Preț: 86.88 lei108.59 lei -
Guide to Computer Security Log ManagementKaren Kent-20%Preț: 66.05 lei82.56 lei -
-20%Preț: 75.01 lei93.77 lei -
Electronic Authentication GuidelineWilliam E. Burr-20%Preț: 76.29 lei95.37 lei -
Preț: 536.98 lei -
tmux 2Brian P. Hogan-20%Preț: 125.10 lei156.37 lei -
The Revolutionary PhenotypeJean-François GariépyPreț: 117.92 lei -
AdventureJamie LendinoPreț: 122.60 lei -
The Alignment ProblemBrian Christian-20%Preț: 71.97 lei89.95 lei -
Preț: 442.85 lei -
Peeling Design PatternsNarasimha KarumanchiPreț: 301.86 lei -
FUZZY SETS,FUZZY LOGIC,& FUZZY SYS (V6)G J Klir Bo Yuan-20%Preț: 739.01 lei923.77 lei
Public țintă
The audience for this book is diverse because those impacted by insiders are also diverse. For those not familiar with insider threats, it will provide a strong foundation. For the expert, it will supply useful anecdotes and outline countermeasures. While the book itself isn’t technical by design, certain subjects do require technical elaboration. Portions of it are designed to address strategic business-level objectives. But since insider threat requires responses from IT operations and security analysts as well as from managers and executives, I’ve written for an inclusive audience. Anyone interested in insider threat— regardless of business perspective—will find useful information within these pages.Cuprins
Part I: Background on Cyber Crime, Insider Threats, and ESM
Chapter One: Cyber Crime and Cyber Criminals
• About this Chapter
• Computer Dependence and Internet Growth
• The Shrinking Vulnerability Threat Window
• Motivations for Cyber Criminal Activity
o Black Markets
• Hacker
• Script Kiddies
• Solitary Cyber Criminals and Exploit Writers for Hire
• Organized Crime
• Identity Thieves (Impersonation Fraudsters)
• Competitors
• Activist Groups, Nation-State Threats, and Terrorists
• Activists
• Nation-State Threats
o China
o France
o Russia
o United Kingdom
o United States
• Terrorists
• Insiders
• Tools of the Trade
o Application-Layer Exploits
o Botnets
o Buffer Overflows
o Code Packing
o Denial-of-service (DoS) Attacks
o More Aggressive and Sophisticated Malware
o Non-wired Attacks and Mobile Devices
o Password-cracking
o Phishing
o Reconnaissance and Googledorks
o Rootkits and Keyloggers
o Social Engineering Attacks
o Voice over IP (VoIP) Attacks
o Zero-Day Exploits
• Summary Points
Chapter Two: Insider Threats
• Understanding Who the Insider Is
• Psychology of Insider Identification
• Insider Threat Examples from the Media
• Insider Threats from a Human Perspective
o A Word on Policies
• Insider Threats from a Business Perspective
o Risk
• Insider Threats from a Technical Perspective
o Need-to-know
o Least Privileges
o Separation of Duties
o Strong Authentication
o Access Controls
o Incident Detection and Incident Management
• Summary Points
Chapter Three: Enterprise Security Management (ESM)
• ESM in a Nutshell
• Key ESM Feature Requirements
o Event Collection
o Normalization
o Categorization
o Asset Information
o Vulnerability Information
o Zoning and Global Positioning System Data
o Active Lists
o Actors
o Data Content
o Correlation
o Prioritization
o Event and Response Time Reduction
o Anomaly Detection
o Pattern Discovery
o Alerting
o Case Management
o Real-Time Analysis and Forensic Investigation
o Visualization
o High-level Dashboards
o Detailed Visualization
o Reporting
o Remediation
• Return On Investment (ROI) and Return On Security Investment (ROSI)
• Alternatives to ESM
o Do Nothing
o Custom In-house Solutions
o Outsourcing and Co-sourcing
? Co-sourcing examples:
• Summary Points
Part II: Real Life Case Studies
Chapter Four: Imbalanced Security—A Singaporean Data Center
Chapter Five: Correlating Physical and Logical Security Events—A U.S. Government Organization
Chapter Six: Insider with a Conscience—An Austrian Retailer
Chapter Seven: Collaborative Threat—A Telecommunications Company in the U.S.
Chapter Eight: Outbreak from Within—A Financial Organization in the U.K.
Chapter Nine: Mixing Revenge and Passwords—A Utility Company in Brazil
Chapter Ten: Rapid Remediation—A University in the United States
Chapter Eleven: Suspicious Activity—A Consulting Company in Spain
Chapter Twelve: Insiders Abridged
• Malicious use of Medical Records
• Hosting Pirated Software
• Pod-Slurping
• Auctioning State Property
• Writing Code for another Company
• Outsourced Insiders
• Smuggling Gold in Rattus Norvegicus
Part III: The Extensibility of ESM
Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM
• Disclaimer
• Monitoring and disclosure
• Provider Protection Exception
• Consent Exception
• Computer Trespasser Exception
• Court Order Exception
• Best Practices
• Canadian Best Evidence Rule
• Summary Points
Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM
• A Primer on Sarbanes-Oxley
• Section 302: Corporate Responsibility for Financial Reports
• Section 404: Management Assessment of Internal Controls
• Separation of Duties
• Monitoring Interaction with Financial Processes
• Detecting Changes in Controls over Financial Systems
• Section 409: Real-time Issuer Disclosures
• Summary Points
Chapter Fifteen: Incident Management with ESM
• Incident Management Basics
• Improved Risk Management
• Improved Compliance
• Reduced Costs
• Current Challenges
o Process
o Organization
o Technology
• Building an Incident Management Program
o Defining Risk
• Five Steps to Risk Definition for Incident Management
o Process
o Training
o Stakeholder Involvement
o Remediation
o Documentation
• Reporting and Metrics
• Summary Points
Chapter Sixteen: Insider Threat Questions and Answers
• Introduction
• Insider Threat Recap
• Question One - Employees
o The Hiring Process
o Reviews
o Awareness
o NIST 800-50
o Policies
o Standards
o Security Memorandum Example
• Question Two - Prevention
• Question Three – Asset Inventories
• Question Four – Log Collection
o Security Application Logs
o Operating System Log
o Web Server Logs
o NIST 800-92
• Question Five – Log Analysis
• Question Six - Specialized Insider Content
• Question Seven – Physical and Logical Security Convergence
• Question Eight – IT Governance
o NIST 800-53
o Network Account Deletion maps to NIST 800-53 section AC-2
o Vulnerability Scanning maps to NIST 800-53 section RA-5
o Asset Creation maps to NIST 800-53 section CM-4
o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14
o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7
• Question Nine - Incident Response
• Question 10 – Must Haves
Appendix A—Examples of Cyber Crime Prosecutions
Chapter One: Cyber Crime and Cyber Criminals
• About this Chapter
• Computer Dependence and Internet Growth
• The Shrinking Vulnerability Threat Window
• Motivations for Cyber Criminal Activity
o Black Markets
• Hacker
• Script Kiddies
• Solitary Cyber Criminals and Exploit Writers for Hire
• Organized Crime
• Identity Thieves (Impersonation Fraudsters)
• Competitors
• Activist Groups, Nation-State Threats, and Terrorists
• Activists
• Nation-State Threats
o China
o France
o Russia
o United Kingdom
o United States
• Terrorists
• Insiders
• Tools of the Trade
o Application-Layer Exploits
o Botnets
o Buffer Overflows
o Code Packing
o Denial-of-service (DoS) Attacks
o More Aggressive and Sophisticated Malware
o Non-wired Attacks and Mobile Devices
o Password-cracking
o Phishing
o Reconnaissance and Googledorks
o Rootkits and Keyloggers
o Social Engineering Attacks
o Voice over IP (VoIP) Attacks
o Zero-Day Exploits
• Summary Points
Chapter Two: Insider Threats
• Understanding Who the Insider Is
• Psychology of Insider Identification
• Insider Threat Examples from the Media
• Insider Threats from a Human Perspective
o A Word on Policies
• Insider Threats from a Business Perspective
o Risk
• Insider Threats from a Technical Perspective
o Need-to-know
o Least Privileges
o Separation of Duties
o Strong Authentication
o Access Controls
o Incident Detection and Incident Management
• Summary Points
Chapter Three: Enterprise Security Management (ESM)
• ESM in a Nutshell
• Key ESM Feature Requirements
o Event Collection
o Normalization
o Categorization
o Asset Information
o Vulnerability Information
o Zoning and Global Positioning System Data
o Active Lists
o Actors
o Data Content
o Correlation
o Prioritization
o Event and Response Time Reduction
o Anomaly Detection
o Pattern Discovery
o Alerting
o Case Management
o Real-Time Analysis and Forensic Investigation
o Visualization
o High-level Dashboards
o Detailed Visualization
o Reporting
o Remediation
• Return On Investment (ROI) and Return On Security Investment (ROSI)
• Alternatives to ESM
o Do Nothing
o Custom In-house Solutions
o Outsourcing and Co-sourcing
? Co-sourcing examples:
• Summary Points
Part II: Real Life Case Studies
Chapter Four: Imbalanced Security—A Singaporean Data Center
Chapter Five: Correlating Physical and Logical Security Events—A U.S. Government Organization
Chapter Six: Insider with a Conscience—An Austrian Retailer
Chapter Seven: Collaborative Threat—A Telecommunications Company in the U.S.
Chapter Eight: Outbreak from Within—A Financial Organization in the U.K.
Chapter Nine: Mixing Revenge and Passwords—A Utility Company in Brazil
Chapter Ten: Rapid Remediation—A University in the United States
Chapter Eleven: Suspicious Activity—A Consulting Company in Spain
Chapter Twelve: Insiders Abridged
• Malicious use of Medical Records
• Hosting Pirated Software
• Pod-Slurping
• Auctioning State Property
• Writing Code for another Company
• Outsourced Insiders
• Smuggling Gold in Rattus Norvegicus
Part III: The Extensibility of ESM
Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM
• Disclaimer
• Monitoring and disclosure
• Provider Protection Exception
• Consent Exception
• Computer Trespasser Exception
• Court Order Exception
• Best Practices
• Canadian Best Evidence Rule
• Summary Points
Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM
• A Primer on Sarbanes-Oxley
• Section 302: Corporate Responsibility for Financial Reports
• Section 404: Management Assessment of Internal Controls
• Separation of Duties
• Monitoring Interaction with Financial Processes
• Detecting Changes in Controls over Financial Systems
• Section 409: Real-time Issuer Disclosures
• Summary Points
Chapter Fifteen: Incident Management with ESM
• Incident Management Basics
• Improved Risk Management
• Improved Compliance
• Reduced Costs
• Current Challenges
o Process
o Organization
o Technology
• Building an Incident Management Program
o Defining Risk
• Five Steps to Risk Definition for Incident Management
o Process
o Training
o Stakeholder Involvement
o Remediation
o Documentation
• Reporting and Metrics
• Summary Points
Chapter Sixteen: Insider Threat Questions and Answers
• Introduction
• Insider Threat Recap
• Question One - Employees
o The Hiring Process
o Reviews
o Awareness
o NIST 800-50
o Policies
o Standards
o Security Memorandum Example
• Question Two - Prevention
• Question Three – Asset Inventories
• Question Four – Log Collection
o Security Application Logs
o Operating System Log
o Web Server Logs
o NIST 800-92
• Question Five – Log Analysis
• Question Six - Specialized Insider Content
• Question Seven – Physical and Logical Security Convergence
• Question Eight – IT Governance
o NIST 800-53
o Network Account Deletion maps to NIST 800-53 section AC-2
o Vulnerability Scanning maps to NIST 800-53 section RA-5
o Asset Creation maps to NIST 800-53 section CM-4
o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14
o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7
• Question Nine - Incident Response
• Question 10 – Must Haves
Appendix A—Examples of Cyber Crime Prosecutions
Recenzii
Throughout, Contos uses his extensive personal experiences to illustrate Internet security breaches and provide countermeasures. This book requires little if any technical background and is intended to appeal to a broad audience.- Choice, E. M. Aupperle