The CERT® Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) > Chapter 1. Overview > Overview of the CERT Insider Threat Center

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

The CERT® Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)

Search

Table of Contents

True Stories of Insider Attacks

The Expanding Complexity of Insider Threats

Breakdown of Cases in the Insider Threat Database

CERT’s MERIT Models of Insider Threats

Overview of the CERT Insider Threat Center

Timeline of the CERT Program’s Insider Threat Work

Caveats about Our Work

Summary

Chapter 2. Insider IT Sabotage

Chapter 3. Insider Theft of Intellectual Property

Chapter 4. Insider Fraud

Chapter 5. Insider Threat Issues in the Software Development Life Cycle

Chapter 6. Best Practices for the Prevention and Detection of Insider Threats

Chapter 7. Technical Insider Threat Controls

Chapter 8. Case Examples

Chapter 9. Conclusion and Miscellaneous Issues

Appendix A. Insider Threat Center Products and Services

Appendix B. Deeper Dive into the Data

Appendix C. CyberSecurity Watch Survey

Appendix D. Insider Threat Database Structure

Appendix E. Insider Threat Training Simulation: MERIT InterActive

Appendix F. System Dynamics Background

Overview of the CERT Insider Threat Center

The objective of the CERT Insider Threat Center is to assist organizations in preventing, detecting, and responding to insider compromises. Figure 1-2 depicts the malicious insider at the start of the incident timeline, and the damage at the end of the timeline. Our ultimate goal is to help you prevent the insider from attacking. However, if he should decide to attack, our objective is to provide you with the understanding and solutions you need to detect the illicit activity as early in the timeline as possible. Unfortunately, some malicious insiders will succeed in their attack; in those cases we want to arm you with policies, practices, and technical measures so that you can respond to the attack as quickly as possible. Response measures include recovering from the attack, identifying the perpetrator, and implementing new measures for improved incident management in the future.

You are currently reading a PREVIEW of this book.

Get instant access to over
$1 million worth of books and videos.

Start a Free Trial