Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    Title Page
    Copyright Page
    Dedication Page
    Contents
    Preface
    Acknowledgments
    Chapter 1. Overview
    Chapter 2. Insider IT Sabotage
    Chapter 3. Insider Theft of Intellectual Property
    Chapter 4. Insider Fraud
    Chapter 5. Insider Threat Issues in the Software Development Life Cycle
    Chapter 6. Best Practices for the Prevention and Detection of Insider Threats
    Summary of Practices
    Practice 1: Consider Threats from Insiders and Business Partners in Enterprise-Wide Risk Assessments
    Practice 2: Clearly Document and Consistently Enforce Policies and Controls
    Practice 3: Institute Periodic Security Awareness Training for All Employees
    Practice 4: Monitor and Respond to Suspicious or Disruptive Behavior, Beginning with the Hiring Process
    Practice 5: Anticipate and Manage Negative Workplace Issues
    Practice 6: Track and Secure the Physical Environment
    Practice 7: Implement Strict Password- and Account-Management Policies and Practices
    Practice 8: Enforce Separation of Duties and Least Privilege
    Practice 9: Consider Insider Threats in the Software Development Life Cycle
    Practice 10: Use Extra Caution with System Administrators and Technical or Privileged Users
    Practice 11: Implement System Change Controls
    Practice 12: Log, Monitor, and Audit Employee Online Actions
    Practice 13: Use Layered Defense against Remote Attacks
    Practice 14: Deactivate Computer Access Following Termination
    Practice 15: Implement Secure Backup and Recovery Processes
    Practice 16: Develop an Insider Incident Response Plan
    Summary
    References/Sources of Best Practices
    Chapter 7. Technical Insider Threat Controls
    Chapter 8. Case Examples
    Chapter 9. Conclusion and Miscellaneous Issues
    Appendix A. Insider Threat Center Products and Services
    Appendix B. Deeper Dive into the Data
    Appendix C. CyberSecurity Watch Survey
    Appendix D. Insider Threat Database Structure
    Appendix E. Insider Threat Training Simulation: MERIT InterActive
    Appendix F. System Dynamics Background
    Glossary of Terms
    References
    About the Authors
    Index
    BackMater
    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • DownloadDownload
    • PrintPrint
    Share this Page URL
    Help

    Chapter 6. Best Practices for the Preven... > Practice 3: Institute Periodic Secur...

    Practice 3: Institute Periodic Security Awareness Training for All Employees

    Without broad understanding and buy-in from the organization, technical or managerial controls will be short-lived.

    What Can You Do?

    All employees need to understand that insider crimes do occur, and there are severe consequences. In addition, it is important for them to understand that malicious insiders can be highly technical people or those with minimal technical ability. Ages of perpetrators in the CERT database range from late teens to retirement. Both men and women have been malicious insiders, including introverted “loners,” aggressive “get it done” people, and extroverted “star players.” Positions have included low-wage data entry clerks, cashiers, programmers, artists, system and network administrators, salespersons, managers, and executives. They have been new hires, long-term employees, currently employed, recently terminated, contractors, temporary employee....


      

    You are currently reading a PREVIEW of this book.

                                                                                            

    Get instant access to over
    $1 million worth of books and videos.

      

    Start a Free Trial