Insider Threat - A Guide to Understanding, Detecting, and Defending Against the Enemy from Within looks beyond perimeter protection tools, and shows how a security culture based on international best practice can help mitigate the insider threat to your security. It also provides some short-term quick fixes that can be applied as your organizations builds an effective insider threat program. Read this book to learn: -The seven organizational characteristics common to insider threat victims. -The ten stages of a malicious attack. -The ten steps of a successful insider threat programme. -How to construct a three-tier security culture, encompassing artefacts, values and shared assumptions. Insider Threat details the measures that organizations can implement to ensure high-impact quick wins, mapping appropriate security controls from the ISO 27001, ISO 27002, and NIST SP 800-53 standards to the following points, and more: -Risk mitigation and the eight steps of a risk assessment -The importance of training and awareness, and conducting staff background screening -Monitoring and auditing the activities of general and privileged users, and quickly responding to suspicious behaviors -Metrics to measure insider threat behavior and mitigation -The challenge of external or temporary insiders (such as consultants, support contractors, partners, service providers, temporary employees) -Layering physical and digital defenses to provide defense in depth -The importance of conducting regular penetration testing to evaluate security controls -Limiting, monitoring and controlling remote access and mobile device use -Ensuring supply-chain security -Maintaining an incident management capability It also sets out what not to do, listing a set of worst practices that should be avoided.