Today’s post was written by Nadav Morag. Morag is a faculty member at the Naval Postgraduate School’s Center for Homeland Defense and Security.
Managing the Insider Threat: No Dark Corners — a book by Nick Catrantzos (who sometimes writes for Homeland Security Watch) — is a welcome contribution to the study of insider threats: the dangers posed by individuals who have legitimate entrée to trusted information and access to systems within institutions or infrastructures.
According to a study carried out by CISCO, 39 percent of IT professionals surveyed were more concerned about insider threats than about external hackers. Disgruntled employees, those recruited by outsiders or those who purposefully infiltrate an organization, pose a serious threat to companies, the economy and national infrastructures.
Catrantzos’s book fills an important niche in bringing together the various aspects of this phenomenon in a way that others have not previously done. While studies exist that focus on aspects of the phenomenon: such as the mindset and motivations of individuals who become insider threats or those that focus on technical solutions to enhance information security, prior to the publication of Managing the Insider Threat, the field lacked a comprehensive tome that addressed all aspects of the issue.
Happily, Catrantzos has rectified this problem and his work looks not only at new research into the insider threat phenomenon but also at the key players that impact the degree to which this problem can be mitigated or, failing that, managed. In addition, Catrantzos looks at best practices in the area of background investigations, detecting deception and the legal tools and pitfalls involved in coping with insider threats. Finally, the book looks at categories of insider threats, from existential ones to those that can lead to individual workplace violence or individual acts of embezzlement. The book also includes, in the appendices, some very interesting findings from a Delphi survey of managers on the insider threat issue and their respective perceptions of it.
In addition to providing a very comprehensive and inclusive overview of the different facets of the problem, Managing the Insider Threat also provides very practical recommendations for mitigating the various facets of the insider threat phenomenon. From questions for online and classroom discussion (with an answer guide) to exercises for group projects to checklists for managers trying to gauge and cope with threats, Catrantzos has created a volume that will be incredibly useful for students studying the problem, and to managers and consultants requiring a strategy and specific policies to cope with this increasingly destructive phenomenon.
Managing the Insider Threat: No Dark Corners is a book that is just as academically relevant as it is practitioner-relevant. The book is superbly organized, clearly written and provides excellent analysis, while also being very readable.