Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures (Syngress, September 2006) by Brian Contos is the definitive book for CIOs, CSOs and CEOs looking to battle the rising tide of security threats posed by their own trusted employees, consultants and partners.
According to William P. Crowell, former Deputy Directory of the National Security Agency, “Brian Contos has created what few security specialists can claim: a truly readable book about the threats to our business from insiders … Enemy at the Water Cooler is a must read for CIOs and security officers everywhere, but it is also part of the literature that CEOs and government leaders should read.”
Enemy at the Water Cooler covers over a decade of the author´s work with some of the largest commercial and government agencies around the world in addressing cyber security related to malicious insiders. It explores organized crime, terrorist threats, hackers and activist groups. It then addresses the steps that organizations must take to address insider threats at a people, process and technology level.
Contos´ book provides a new perspective to the growing concern over insider threats. Insider threats warrant being among the top concerns of IT professionals and businesses alike, but to date, there have been no other books that talk about the threat to businesses from insiders who know how to attack the critical components of modern business, the computers, applications and networks that make it all work.
“Insider threats are among the top concerns of IT professionals and businesses alike,” said Amit Yoran, Information Security Expert and former National Cyber Security Director at the Department of Homeland Security. “The cyber crime overview, explanations of Enterprise Security Management countermeasures, and the wealth of real-life case studies contained in Contos´ book explore this difficult problem with honest lessons learned, and it also describes some of the best practices derived from organizations around the world.”
“Never before has so much of our sensitive information been so easily accessible to so many. Our personal and financial information resides on systems and networks we don´t control. Our employers, government organizations and others house sensitive information that can be exploited,” said Contos. “As IT professionals, we have to remember that the larger an organization gets, the more it should be concerned with insider threats. Not taking steps to address insiders can ultimately yield regulatory fines, legal fees, litigation penalties associated with class actions, public relations fees, a decrease in shareholder faith, expenses related to placating customers and ultimately lost revenue.”