The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Hardcover)

Dawn M. Cappelli, Andrew P. Moore, Randall F. Trzeciak

買這商品的人也買了...

相關主題

商品描述

Since 2001, the CERT® Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute (SEI) has collected and analyzed information about more than seven hundred insider cyber crimes, ranging from national security espionage to theft of trade secrets. The CERT® Guide to Insider Threats describes CERT’s findings in practical terms, offering specific guidance and countermeasures that can be immediately applied by executives, managers, security officers, and operational staff within any private, government, or military organization.

 

The authors systematically address attacks by all types of malicious insiders, including current and former employees, contractors, business partners, outsourcers, and even cloud-computing vendors. They cover all major types of insider cyber crime: IT sabotage, intellectual property theft, and fraud. For each, they present a crime profile describing how the crime tends to evolve over time, as well as motivations, attack methods, organizational issues, and precursor warnings that could have helped the organization prevent the incident or detect it earlier. Beyond identifying crucial patterns of suspicious behavior, the authors present concrete defensive measures for protecting both systems and data.

 

This book also conveys the big picture of the insider threat problem over time: the complex interactions and unintended consequences of existing policies, practices, technology, insider mindsets, and organizational culture. Most important, it offers actionable recommendations for the entire organization, from executive management and board members to IT, data owners, HR, and legal departments.

 

With this book, you will find out how to

  • Identify hidden signs of insider IT sabotage, theft of sensitive information, and fraud
  • Recognize insider threats throughout the software development life cycle
  • Use advanced threat controls to resist attacks by both technical and nontechnical insiders
  • Increase the effectiveness of existing technical security tools by enhancing rules, configurations, and associated business processes
  • Prepare for unusual insider attacks, including attacks linked to organized crime or the Internet underground

By implementing this book’s security practices, you will be incorporating protection mechanisms designed to resist the vast majority of malicious insider attacks.

商品描述(中文翻譯)

自2001年以來,卡內基梅隆大學軟體工程研究所(SEI)的CERT® Insider Threat Center已收集並分析了超過七百起內部人員的網絡犯罪案例,範圍從國家安全間諜活動到商業機密的竊取。《CERT® Insider Threats指南》以實用的方式描述了CERT的研究結果,提供了具體的指導和對策,可立即應用於任何私營、政府或軍事組織的高管、經理、安全官員和運營人員。

作者系統地討論了各種惡意內部人員的攻擊,包括現任和前任員工、承包商、商業合作夥伴、外包商,甚至是雲計算供應商。他們涵蓋了所有主要類型的內部網絡犯罪:IT破壞、知識產權盜竊和欺詐。對於每一種犯罪,他們提供了一個犯罪概況,描述了犯罪如何隨著時間的推移而演變,以及動機、攻擊方法、組織問題和可能有助於組織預防事件或更早檢測到事件的先兆警告。除了識別可疑行為的關鍵模式外,作者還提出了保護系統和數據的具體防禦措施。

本書還傳達了隨著時間推移內部威脅問題的整體情況:現有政策、實踐、技術、內部心態和組織文化之間的複雜相互作用和意外後果。最重要的是,它提供了對整個組織的可行建議,從高管和董事會成員到IT、數據擁有者、人力資源和法律部門。

通過閱讀本書,您將了解如何:
- 辨識內部IT破壞、敏感信息盜竊和欺詐的隱藏跡象
- 在軟體開發生命週期中識別內部威脅
- 使用高級威脅控制來抵抗技術和非技術內部人員的攻擊
- 通過增強規則、配置和相關業務流程來提高現有技術安全工具的效力
- 為不尋常的內部攻擊做好準備,包括與有組織犯罪或互聯網地下活動有關的攻擊

通過實施本書的安全實踐,您將納入旨在抵抗絕大多數惡意內部人員攻擊的保護機制。