Enemy at the water cooler : real-life stories of insider threats and Enterprise Security Management countermeasures /
Packed with vivid real-life cases, this comprehensive book addresses the most difficult to manage and costly of all security threats: the insider.
Clasificación: | Libro Electrónico |
---|---|
Autor principal: | |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Rockland, Mass. :
Syngress,
©2006.
|
Temas: | |
Acceso en línea: | Texto completo Texto completo |
Tabla de Contenidos:
- Part I: Background on Cyber Crime, Insider Threats, and ESM
- Chapter One: Cyber Crime and Cyber Criminals
- About this Chapter
- Computer Dependence and Internet Growth
- The Shrinking Vulnerability Threat Window
- Motivations for Cyber Criminal Activity
- o Black Markets
- Hacker
- Script Kiddies
- Solitary Cyber Criminals and Exploit Writers for Hire
- Organized Crime
- Identity Thieves (Impersonation Fraudsters)
- Competitors
- Activist Groups, Nation-State Threats, and Terrorists
- Activists
- Nation-State Threats
- o China
- o France
- o Russia
- o United Kingdom
- o United States
- Terrorists
- Insiders
- Tools of the Trade
- o Application-Layer Exploits
- o Botnets
- o Buffer Overflows
- o Code Packing
- o Denial-of-service (DoS) Attacks
- o More Aggressive and Sophisticated Malware
- o Non-wired Attacks and Mobile Devices
- o Password-cracking
- o Phishing
- o Reconnaissance and Googledorks
- o Rootkits and Keyloggers
- o Social Engineering Attacks
- o Voice over IP (VoIP) Attacks
- o Zero-Day Exploits
- Summary Points
- Chapter Two: Insider Threats
- Understanding Who the Insider Is
- Psychology of Insider Identification
- Insider Threat Examples from the Media
- Insider Threats from a Human Perspective
- o A Word on Policies
- Insider Threats from a Business Perspective
- o Risk
- Insider Threats from a Technical Perspective
- o Need-to-know
- o Least Privileges
- o Separation of Duties
- o Strong Authentication
- o Access Controls
- o Incident Detection and Incident Management
- Summary Points
- Chapter Three: Enterprise Security Management (ESM)
- ESM in a Nutshell
- Key ESM Feature Requirements
- o Event Collection
- o Normalization
- o Categorization
- o Asset Information
- o Vulnerability Information
- o Zoning and Global Positioning System Data
- o Active Lists
- o Actors
- o Data Content
- o Correlation
- o Prioritization
- o Event and Response Time Reduction
- o Anomaly Detection
- o Pattern Discovery
- o Alerting
- o Case Management
- o Real-Time Analysis and Forensic Investigation
- o Visualization
- o High-level Dashboards
- o Detailed Visualization
- o Reporting
- o Remediation
- Return On Investment (ROI) and Return On Security Investment (ROSI)
- Alternatives to ESM
- o Do Nothing
- o Custom In-house Solutions
- o Outsourcing and Co-sourcing
- ? Co-sourcing examples:
- Summary Points
- Part II: Real Life Case Studies
- Chapter Four: Imbalanced SecurityA Singaporean Data Center
- Chapter Five: Correlating Physical and Logical Security EventsA U.S. Government Organization
- Chapter Six: Insider with a ConscienceAn Austrian Retailer
- Chapter Seven: Collaborative ThreatA Telecommunications Company in the U.S.
- Chapter Eight: Outbreak from WithinA Financial Organization in the U.K.
- Chapter Nine: Mixing Revenge and PasswordsA Utility Company in Brazil
- Chapter Ten: Rapid RemediationA University in the United States
- Chapter Eleven: Suspicious ActivityA Consulting Company in Spain
- Chapter Twelve: Insiders Abridged
- Malicious use of Medical Records
- Hosting Pirated Software
- Pod-Slurping
- Auctioning State Property
- Writing Code for another Company
- Outsourced Insiders
- Smuggling Gold in Rattus Norvegicus
- Part III: The Extensibility of ESM
- Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM
- Disclaimer
- Monitoring and disclosure
- Provider Protection Exception
- Consent Exception
- Computer Trespasser Exception
- Court Order Exception
- Best Practices
- Canadian Best Evidence Rule
- Summary Points
- Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM
- A Primer on Sarbanes-Oxley
- Section 302: Corporate Responsibility for Financial Reports
- Section 404: Management Assessment of Internal Controls
- Separation of Duties
- Monitoring Interaction with Financial Processes
- Detecting Changes in Controls over Financial Systems
- Section 409: Real-time Issuer Disclosures
- Summary Points
- Chapter Fifteen: Incident Management with ESM
- Incident Management Basics
- Improved Risk Management
- Improved Compliance
- Reduced Costs
- Current Challenges
- o Process
- o Organization
- o Technology
- Building an Incident Management Program
- o Defining Risk
- Five Steps to Risk Definition for Incident Management
- o Process
- o Training
- o Stakeholder Involvement
- o Remediation
- o Documentation
- Reporting and Metrics
- Summary Points
- Chapter Sixteen: Insider Threat Questions and Answers
- Introduction
- Insider Threat Recap
- Question One
- Employees
- o The Hiring Process
- o Reviews
- o Awareness
- o NIST 800-50
- o Policies
- o Standards
- o Security Memorandum Example
- Question Two
- Prevention
- Question Three Asset Inventories
- Question Four Log Collection
- o Security Application Logs
- o Operating System Log
- o Web Server Logs
- o NIST 800-92
- Question Five Log Analysis
- Question Six
- Specialized Insider Content
- Question Seven Physical and Logical Security Convergence
- Question Eight IT Governance
- o NIST 800-53
- o Network Account Deletion maps to NIST 800-53 section AC-2
- o Vulnerability Scanning maps to NIST 800-53 section RA-5
- o Asset Creation maps to NIST 800-53 section CM-4
- o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14
- o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7
- Question Nine
- Incident Response
- Question 10 Must Haves
- Appendix AExamples of Cyber Crime Prosecutions.