The Insider Threat: Combatting the Enemy Within - Tapa blanda

Is your vital business information vulnerable to an attack from within? Growing dependence on IT may mean your business is becoming increasingly vulnerable to a sinister and unpleasant threat: the threat from within. How exposed is your company to the risk of a malicious attack by a discontented or psychologically unbalanced employee? What precautions have you taken to ensure that your IT systems cannot be manipulated for purposes of insider fraud? What steps do you need to take to prevent your IT systems from falling prey to organized crime through someone who has been planted within your firm or someone who is being threatened or bribed? Product designs and customer lists are not only useful information to you. They are also valuable information for your competitors. Employees who move to another company, or decide to set up in business on their own, may attempt to take some of this information with them. How will you stop this from happening? In this book, Clive Blackwell gets you up to speed on the key security problems that businesses are now facing as a result of the insider threat. Benefits to business include: ·Protect your company from sabotage. With the right strategy in place, you can restrict the opportunities open to disgruntled employees to disrupt your business operations through your IT system. ·Prevent major fraud. By employing dual control mechanisms for authorising large transactions, and by investigating accounting anomalies, you can protect your business from insider fraud. ·Prevent information theft. Use least privilege rules to limit data access, and set up a proper system of data management. You need to ensure that your employees cannot sell or exploit your proprietary information for their own purposes if you want to protect your competitiveness. As Dr Blackwell comments, "Systematic defence is required, as no single method can protect against employees with legitimate access to organizational resources."

Clive Blackwell is a researcher at Royal Holloway, University of London, where his main field is security architecture. He has developed a practical three-layer security architecture to model computer networks such as the Internet and other complex systems such as critical infrastructure. He is currently applying the model to the insider threat within different business sectors, which has resulted in several academic papers. Clive is a regular speaker on security at both academic and business conferences in the US and Europe as well as the UK. He has recently been invited to give talks on the insider threat at two major business conferences. Clive received a scholarship for his PhD in network security at Royal Holloway. It has the largest Information Security Group in the UK, and has more than 200 students from all over the world on its well-known MSc course. He holds a degree in Mathematics from Warwick University and in Computer Science from Royal Holloway where he passed out top of his class, and an MSc in Information Security also from Royal Holloway. He has about 20 publications to his name within the last two years. He also runs his own IT security consultancy, Advanced Computer Services, so he is aware of the security issues facing business.