Walling Out the Insiders
eBook - ePub

Walling Out the Insiders

Controlling Access to Improve Organizational Security

  1. 348 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Walling Out the Insiders

Controlling Access to Improve Organizational Security

About this book

Insider threats are everywhere. To address them in a reasonable manner that does not disrupt the entire organization or create an atmosphere of paranoia requires dedication and attention over a long-term. Organizations can become a more secure, but to stay that way it is necessary to develop an organization culture where security concerns are inherent in all aspects of organization development and management. While there is not a single one-size-fits-all security program that will suddenly make your organization more secure, this book provides security professionals and non-security managers with an approach to protecting their organizations from insider threats.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Walling Out the Insiders by Michael Erbschloe in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

1 How This Book Will Help to Build a Security Philosophy and Strategy

People usually take security more seriously after an incident is discovered within their organization or when the nightly news reports crimes against companies, security breaches, or terrorist attacks. As a result, new security programs or fixes to existing security measures are often pursued in a panic. Unfortunately, panic is not always a good environment in which to make decisions about what security measures should be implemented. Many times quick fixes that are put into place often do little to improve the overall security profile of an organization. Approaching security with a well-thought-out plan designed to address security needs will result in longer lasting and often more economical mitigation methods being implemented.
Instead of being reactive and acting out of panic or desperation, this book approaches security from a balanced long-term and methodical perspective. It is not likely that all potential problems can be solved with one effort. However, an organization can effectively deal with security issues by keeping security in mind during all planning and management activities. In other words, build security in from the ground up rather than attempting to apply Band-Aids on a piecemeal basis. To do this may call for a philosophical and cultural shift in how an organization is managed.
The spirit of this book is practicality. So there will not be screams of panic, flashing red light, or statements playing on fear, uncertainty, and doubt. Instead there will be very fundamental issues addressed in a manner that does not alarm but also does not pull any punches. The best way to address security is by adopting a realistic perspective and pursuing solutions that an organization can both afford and implement.

1.1 Trends That Impact Security Efforts

Over the last couple of decades there have been several trends that have made organizations more vulnerable to insider offenses. Many organizations have gone through some sort of downsizing, reducing their headcount and often combining job functions with an eye on financial savings and without any specific regard for security. There has also been a trend toward having more open organizations and providing employees with access to more tools, resources, and data in the hope that the new leaner organizations will become more productive by empowering employees. In addition, the information technology industry has greatly focused on bringing products to market that are advertised to provide employees with more tools so they can have more access and be more productive. All of these trends were based more on hope than they were on proven results.
At the societal level, more people have greater access to personal technologies such as smart phones, flash drives, and other devices that better enable them to spy or steal intellectual property. The Internet allows insiders to quickly move data or information out of an organization’s facility. The Internet can also provide a communications platform for insiders to stay in contact with outside coconspirators regarding their actions or the types of information they should look for and misappropriate. This communication can also aid insiders in providing outsiders with access to internal resources or make it easier to access physical properties or assets that could be the target of theft or destruction. Protecting against such threats is an absolute necessity in all security efforts.
In addition, there has also been an increase in gun sales and gun ownership in the United States, and those weapons can readily end up in the hands of disgruntled or angry employees. These weapons can be used to harm or threaten fellow employees, managers, or service providers. The debate on gun ownership in the United States is not likely to settle down any time soon, and thus it is likely that gun ownership will continue to increase. This means that guns or other weapons being brought into a facility is something an organization will need to protect against in the future. It is not a pleasant thought, but it is necessary to keep such protective efforts in the planning perspective.
There are other social trends that are a bit more ambiguous but nevertheless may increase current and future threats. The U.S. Federal Bureau of Investigation (FBI) lists several driving forces behind insider actions. As local and national economies shift, many people face financial need and excessive debt, while others may just view crime as an alternative means to increase their personal wealth. Such societal trends can foster anger and resentment on the part of employees, driving them to vengeful destructive behavior. Then there are other employees that may encounter problems with coworkers or managers, which increase their motivations for revenge and may very well seek the tools to do so.
Now we also face the threat of ideological differences and divided social or nationalistic loyalties that may align an insider with an outside cause or social group that advocates violence or economic espionage. These types of loyalties can drive an insider to seek adventures or strive to impress outside group members or leadership in order to raise their standing with a group that they want to be involved with in future life. In pursuit of recognition of the group of which they want membership, insiders may abandon all loyalties to their employer and turn into a major threat to security.
Other societal conditions that may impact insider behavior include drug abuse, family problems, and untreated mental illnesses.1 It is difficult to predict all of the social trends or the impact those trends can have on insider behavior. Thus the best perspective is to expect that outside forces and social trends can always impact insider behavior. Monitoring employee behavior that could indicate future problems is probably the best route. This can be both time consuming and frustrating, but the easiest way to be alert is to watch for unusual, unexpected, or unnecessary changes in the behavior of an employee.

1.2 What Insiders Can Do to an Organization

Research conducted by the FBI shows that insiders commit a wide range of crimes against their employers. These include property crimes such as destruction or sabotage, financial crimes such as embezzlement, theft of property both physical and intellectual, misuse of property, and violence against other employees. The motivation of an insider to commit crimes against his employer can include greed or financial need, unhappiness at work, allegiance to another company or another country, vulnerability to blackmail, the promise of a better job, or drug or alcohol abuse.1 The FBI also points out that people who commit many crimes against their employers are generally white males in their late 20s to early 30s, except for embezzlement, in which there is a higher proportion of females committing such offenses.2
There are numerous dynamics that can enable insiders to move forward on an intentional premeditated malicious act or change an employee’s perspective about how easy it may be to get away with a crime against an organization. Planners should take these dynamics into consideration when evaluating security needs. These include the following:
  • Situations that may increase the ease of thievery when supervisors are changed, departments are combined, mergers occur, or any other event that occupies the time and efforts of management and reduce monitoring of the work environment.
  • Insiders are provided with greater access privileges than they had in the past resulting from organization restructuring or lax security efforts.
  • Intellectual property or sensitive information is improperly labeled or not properly stored.
  • Insiders discover weaknesses in security that allows them to remove property from a facility.
  • Ambiguous policies about taking work out of the office or plant, which can result in misuse or misappropriation of information or equipment.
  • A lack of training on procedures, which results in some employees unwittingly making it easier for culprits to access information or physical assets.

1.3 Categories of Security Measures

When working to improve security for an organization, people often become fascinated with the many and varied types of security products and services that are available on the market. These products and services can certainly be helpful in improving security. However, it is important to look at security from the ground up when deciding how to address insider threats and reduce insider opportunity to commit offenses. When strong measures are appropriately implemented, the need for add-on security products can be reduced. Security measures can be sorted into four main categories: physical, procedural, mechanical, and spontaneous. Explanations and examples of the four categories are as follows:
  • Physical security measures are barriers that control entry and access to building areas by unauthorized employees or contractors, and that prevent materials or information from being physically accessed or removed from a controlled area. Examples include fences, traffic barriers, tamper-proof doors and windows, moats, and open areas that are easily monitored for intruders.
  • Procedural security measures are structured processes or steps that employees must follow when entering or exiting secure areas, when handling and working with sensitive or proprietary materials, or when transferring products or data from one controlled area to another controlled area. Procedural security measures can also apply to how materials are ordered, received, or shipped, as well as how information or data is tran...

Table of contents

  1. Copyright Page
  2. Contents
  3. Foreword
  4. Preface
  5. Introduction
  6. Acknowledgments
  7. Chapter 1
  8. Chapter 2
  9. Chapter 3
  10. Chapter 4
  11. Chapter 5
  12. Chapter 6
  13. Chapter 7
  14. Chapter 8
  15. Chapter 9
  16. Chapter 10
  17. Chapter 11
  18. Chapter 12
  19. Chapter 13
  20. Chapter 14
  21. Appendix
  22. Glossary
  23. References
  24. Index