Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

Summary

In this chapter we presented one specific type of insider threat: those that exploited the Software Development Life Cycle. Some insiders took advantage of oversights in the requirements and design phases of the SDLC to carry out their attacks. Others were software engineers or system administrators who actually injected malicious code into the source code in order to commit IT sabotage or fraud.

This chapter was intended to raise awareness of this type of insider threat so that you realize that you need to involve your software engineering teams in your mitigation strategies.

In the next chapter, Best Practices for the Prevention and Detection of Insider Threats, we present an entire collection of best practices that we have accumulated based on the actual crimes in the CERT database. That chapter includes best practices that are applicable to the SDLC-related crimes described in this chapter, as well as all insider threats covered in this book.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint