Enemy at the Water Cooler
Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures
By Brian Contos, CISSP, CSO of ArcSight
Availability
Enemy at the Water Cooler is currently available at:
Amazon.com
BarnesandNoble.com
and other leading booksellers nationwide
Summary
Today's headlines are littered with news of identity thieves, but still possess nowhere near the devastating potential of the most insidious threat: the insider. This is not the bored 16 year-old hacker. We are talking about insiders like you and I, who are trusted employees with access to information - consultants, contractors, partners, visitors, vendors, and cleaning crews. However, most insiders do not start with malicious intent, but become disgruntled or are motivated by financial gain. Others simply make mistakes, having no malicious motive, but their actions nonetheless have serious consequences. The larger an organization gets, the more likely it is to be concerned with insider threats. In a 2005 IDC study, it was discovered that about 40% of large organizations felt that the greatest security risks stem from internal threats as opposed to external attacks. Not taking steps to address insiders can ultimately yield regulatory fines, legal fees, litigation penalties associated with class actions, public relations fees, a decrease in shareholder faith, and ultimately lost revenue.
Insider threats are the hardest threats to prevent, most difficult to detect, and most politically-charged to manage. Security is a process that requires vigilance and awareness. It is a merger of people, processes, and technology. Finding the best combination of these variables to mitigate risk helps achieve a strong security posture. With vivid real-life cases, this book addresses the most difficult to manage and costly of all security threats: the insider.
Praise
"Brian Contos has created what few security specialists can claim: a truly readable book about the threats to our businesses from insiders who know how to attack the critical components of modern business, the computers, applications and networks that make it all work. Enemy at the Water Cooler is a must read for CIO's and security officers everywhere, but it is also part of the literature that CEOs and government leaders should read to understand how their businesses can be threatened by lack of attention to the fundamental IT infrastructure and its vulnerabilities to the insider threat."
- William P. Crowell, former Deputy Director of the National Security Agency
"Contos has taken an in-depth look at the risks insiders can pose to their own organizations. He enlivens the book with real-world examples and offers countermeasures organizations can take to prepare themselves. This book will help both technical and non-technical executives have a better understanding of the real security challenges organizations face today. While many organizations understand and adequately prepare for external threats, this book brings to light the less understood and darker concern of enemies within."
- Jim Cavalieri, Salesforce.com's Chief Security & Risk Officer.
About the Author
Brian T. Contos has real-world security engineering and management expertise developed in over a decade of working in some of the most sensitive and mission-critical environments in the world. For four years as ArcSight's CSO, he has advised government organizations and major corporations on security strategies related to Enterprise Security Management solutions and has evangelized the technology. He has delivered speeches, interviews, performed webcasts and podcasts and published countless security articles for publications such as: The London Times, Computerworld, SC Magazine, Tech News World, Financial Sector Technology, and the Sarbanes-Oxley Journal. Contos has held security management and engineering positions at Riptech (a Managed Security Services Provider acquired by Symantec), Lucent Bell Labs, Compaq Computers and the Defense Information Systems Agency.
