Homeland Security Watch

News and analysis of critical issues in homeland security

August 28, 2012

Managing the Insider Threat: a book review

Filed under: Infrastructure Protection,Private Sector — by Christopher Bellavita on August 28, 2012

Today’s post was written by Nadav Morag. Morag is a faculty member at the Naval Postgraduate School’s Center for Homeland Defense and Security.

Managing the Insider Threat: No Dark Corners — a book by Nick Catrantzos (who sometimes writes for Homeland Security Watch) — is a welcome contribution to the study of insider threats: the dangers posed by individuals who have legitimate entrée to trusted information and access to systems within institutions or infrastructures.

According to a study carried out by CISCO, 39 percent of IT professionals surveyed were more concerned about insider threats than about external hackers. Disgruntled employees, those recruited by outsiders or those who purposefully infiltrate an organization, pose a serious threat to companies, the economy and national infrastructures.

Catrantzos’s book fills an important niche in bringing together the various aspects of this phenomenon in a way that others have not previously done. While studies exist that focus on aspects of the phenomenon: such as the mindset and motivations of individuals who become insider threats or those that focus on technical solutions to enhance information security, prior to the publication of Managing the Insider Threat, the field lacked a comprehensive tome that addressed all aspects of the issue.

Happily, Catrantzos has rectified this problem and his work looks not only at new research into the insider threat phenomenon but also at the key players that impact the degree to which this problem can be mitigated or, failing that, managed. In addition, Catrantzos looks at best practices in the area of background investigations, detecting deception and the legal tools and pitfalls involved in coping with insider threats. Finally, the book looks at categories of insider threats, from existential ones to those that can lead to individual workplace violence or individual acts of embezzlement. The book also includes, in the appendices, some very interesting findings from a Delphi survey of managers on the insider threat issue and their respective perceptions of it.

In addition to providing a very comprehensive and inclusive overview of the different facets of the problem, Managing the Insider Threat also provides very practical recommendations for mitigating the various facets of the insider threat phenomenon. From questions for online and classroom discussion (with an answer guide) to exercises for group projects to checklists for managers trying to gauge and cope with threats, Catrantzos has created a volume that will be incredibly useful for students studying the problem, and to managers and consultants requiring a strategy and specific policies to cope with this increasingly destructive phenomenon.

Managing the Insider Threat: No Dark Corners is a book that is just as academically relevant as it is practitioner-relevant. The book is superbly organized, clearly written and provides excellent analysis, while also being very readable.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn


Comment by Donald Quixote

August 28, 2012 @ 1:06 pm

As discussed in several previous postings, the insider threat may be a much more serious concern than the outsider, especially in the commercial aviation environment. A security identification display area (SIDA) badged worker\employee has always possessed more unfettered access to the secure and unsecure areas within the aviation environment than a passenger. The billions of dollars expended on guarding and securing the front door at our airports since 2002, through what can be viewed as homeland security theater designed for the last war, may be better balanced with the possible next vulnerability at the rather open side and back doors of the aviation environment.

On the other hand, can we change our focus before an incident occurs? Do we just chase the last thankfully unsuccessful attempt (shoes, underwear and toner cartridges)? Can this enormous aircraft carrier named “homeland security” change its course without a significant incident to gain the attention of the captain? Is it a lack of imagination, lack of funding or lack of a will to upset some very profitable contracts and allegiances already in place. Is it just naïve or unrealistic to ask these questions and really search for answers in the dark corners?

Comment by Donald Quixote

August 29, 2012 @ 1:23 pm

Yet another recent article regarding this topic in the aviation environment:


Does this dead horse just need to be ignored until it happens? It appears so boring without a funding source.

Comment by Donald Quixote

October 5, 2012 @ 12:00 pm

Another interesting dead horse report:

Measures to Address Insider Threats at TSA Fall Short

Implementing an insider training and awareness program for the entire Transportation Security Administration (TSA) workforce was one of four recommendations made by the inspector general (IG) at the Department of Homeland Security (DHS) in a recent report, Transportation Security Administration Has Taken Steps To Address the Insider Threat But Challenges Remain.

The IG report acknowledged that TSA has taken some steps to address insider threats, where employees may steal sensitive information or damage TSA information systems. The agency has an Insider Threat Working Group and an Insider Threat Section for producing a strategy and program to address the risks posed by insider threats. TSA also has been conducing vulnerability assessments that include examining insider threats at select airports and offsite offices.

The insider threat is a serious threat for both government and businesses.


RSS feed for comments on this post.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>