Insider Threat: Prevention, Detection, Mitigation, and Deterrence

Posted on by Ben Rothke

Insider threats have been the bane of organizations from time immemorial. When it comes to data threats, for over a decade, the CERT Insider Threat Center has been dedicated to combatting cybersecurity insider threats. Their scientific-based research is the gold standard on the topic.

In the newly released Insider Threat: Prevention, Detection, Mitigation, and Deterrence (Butterworth-Heinemann ISBN 978-0128024102), author Dr. Michael Gelles has added an excellent title to the topic.

While the gold standard on the topic is still The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes, this book does add a different angle to the topic, in addition to a lot of timely information and case studies.


While the CERT guide is more about the underlying reasons for the insider attacks and crimes, the approach in Gelles is how to build an enterprise program to deal with and defend against insider threats.

After providing a few chapters of introduction to the topic and problem, the book details a systematic method to developing an internal insider threat program.

Until I read about it in in the book, I had never heard of the Holistic Management of Employee Risk (HoMER), from the UK-based Centre for the Protection of National Infrastructure. HoMER provides guidance on organizational governance, security culture, and controls to help firms mitigate people risk. Like the CERT Insider Threat Center, HoMER has a significant amount of helpful material.

While many consider insiders to be employees, the book does a very good job of showing how to deal with other types of insiders, such as trusted vendors. Gelles reminds the reader of Edward Snowden, whose insider disclosure is perhaps the greatest insider breach today.

Aside from mentioning Marigold, a Deloitte software tool, Gelles seems to want to keep the book vendor agnostic and does not list any hardware or software tools that can be used for insider threat detection. Personally, I would have appreciated it had he created a list of such tools, as they are a crucial part of an insider threat program.

The book has a significant amount of charts and graphs which are invaluable in communicating to management the crucial importance of an insider threat program.

Insider threat exists within every organization, so this book is all reality, no theory. For those looking for a guide in which they can use to start the development of an insider threat detection program, Insider Threat: Prevention, Detection, Mitigation, and Deterrence is a most worthwhile reference.

Ben Rothke

Senior Information Security Manager, Tapad

hackers & threats risk management security awareness

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community