All organisations are vulnerable to insider abuse, errors, and malicious attacks. After all, anyone with access to a system is a potential vulnerability, whether they’re current or former employees, contractors, or other business partners.
Our June author of the month, Dr Julie Mehan, says: “Insider threats are real; they are with us daily and they cannot be detected or prevented without a clear understanding of the threat and a determined program to detect, prevent, and – if necessary – remediate the threats posed by insiders.”
This month, we look at Dr Mehan’s book Insider Threat – A guide to understanding, detecting, and defending against the enemy from within, and help you understand the threats that insiders play in your organisation.
Who is Julie Mehan?
Dr Julie Mehan is the founder and president of JEMStone Strategies and a principal in a strategic consulting firm in Virginia.
She has delivered cyber security and related privacy services to senior commercial, Department of Defense and federal government clients working in Italy, Australia, Canada, Belgium and the United States.
Dr Mehan is also an associate professor at the University of Maryland University College, specialising in courses in cybersecurity, cyberterror, IT in organisations, and ethics in an Internet society.
Insider Threat is her second book with IT Governance Publishing, having released Cyberwar, Cyberterror, Cybercrime & Cyberactivism – An in-depth guide to the role of standards in the cybersecurity environment in 2008.
Both books look at the role employees play in protecting their organisation, andencourage cyber security professionals to complement technology-based defences with the use of international standards and best practices to create a culture of cyber security awareness within the organisation.
Receive 15% off Insider Threat – A guide to understanding, detecting, and defending against the enemy from within throughout June by ordering from the IT Governance Publishing website, and entering the voucher code Mehan15.
Insider Threat – A guide to understanding, detecting, and defending against the enemy from within
With her book Insider Threat – A Guide to Understanding, Detecting, and Defending Against the Enemy from Within, Dr Mehan explains the environment and psychology that leads an individual from being an insider to becoming an insider threat.
A key concept that she focuses on is that individuals in positions of trust within an organisation – and more importantly, with access to its facilities, its information and its information infrastructure – have the ability to inflict significant harm should they decide to ‘go rogue’ for whatever reasons.
Dr Mehan also demonstrates how a security culture based on international best practice can help mitigate the insider threat, providing short-term quick fixes and long-term solutions that can be applied as part of an effective insider threat program.
Ideal for information security practitioners, system administrators, managers, standards developers, evaluators and testers, the book addresses both the information and physical environment that enables the emergence of an insider.
The book also covers:
- The seven organisational characteristics common to insider threat victims;
- The ten stages of a malicious attack;
- The ten steps of a successful insider threat program; and
- The construction of a three-tier security culture, encompassing artefacts, values, and shared assumptions.
Perhaps most importantly, it also sets out what not to do, listing a set of worst practices that should be avoided.
Insider Threat – A guide to understanding, detecting, and defending against the enemy from within is available in physical, eBook, ePub and Kindle formats. Find out which format is right for you with our handy guide.
Although Dr Mehan is now semi-retired and living in St. Augustine, Florida, she’s still active in the cyber security industry. She’s engaged as a professor at the University of Maryland’s computer science curriculum, where she’s focused on digital ethics and, in particular, how new technologies affect our environment and behaviour.
Dr Mehan is also a cyber security consultant for several technology providers in the Virginia and Washington, DC area.
She’s also considering authoring a new book with IT Governance Publishing, but first – like many of us – she’s awaiting the opportunity to put the past year behind her and renew her travel plans.
You can find out more about Dr Mehan and her projects on our website.