CERT's definitive, up-to-the-minute guide to insider threats: recognizing them, preventing them, detecting them, and mitigating them • •The only 'insider threat' guide from CERT, the world's leading information security experts: based on CERT's uniquely comprehensive collection of malicious insider incidents. •Presents practical strategies for assessing and managing insider risks associated with technology, organization, personnel, business, and process. •Exceptionally timely: indispensable for the 'Era of Wikileaks' Wikileaks recent data exposures demonstrate the danger now posed by insiders, who can often bypass physical and technical security measures designed to prevent unauthorized access. Insiders are already familiar with their organizations' policies, procedures, and technologies, and can often identify vulnerabilities more effectively than outside 'hackers.' Most IT security mechanisms are implemented primarily to defend against external threats, leaving potentially enormous vulnerabilities exposed. Now, the insider threat team at CERT, the world's leading information security experts, helps readers systematically identify, prevent, detect, and mitigate threats arising from inside the organization. Drawing on their advanced research with the US Secret Service and Department of Defense, as well as the world's largest database of insider attacks, the authors systematically address four key types of insider 'cybercrime': national security espionage, IT sabotage, theft of intellectual property, and fraud. For each, they present an up-to-date crime profile: who typically commits these crimes (and why); relevant organizational issues; methods of attack, impacts, and precursors that could have warned the organization in advance. In addition to describing patterns that readers can use in their own organizations, the authors offer today's most effective psychological, technical, organizational, cultural, and process-based countermeasures.