The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) by Addison-Wesley Professional has recently been published. The book is available for purchase at Addison-Wesley’s InformIT website at http://www.informit.com/store/product.aspx?isbn=9780321812575.
The CERT Insider Threat Center has spent the past 10 years collecting and analyzing information about more than 700 insider cybercrimes, ranging from national security espionage to theft of trade secrets. This research is consolidated into nine chapters that is accessible to both technical and non-technical readers.
Authors Dawn Cappelli, Andrew Moore, and Randall Trzeciak systematically address attacks by all types of malicious insiders, including current and former employees, contractors, business partners, outsourcers, and even cloud-computing vendors. They cover three major types of insider cybercrime: IT sabotage, intellectual property theft, and fraud.
As part of the SEI Series in Software Engineering from Addison Wesley, the book offers specific guidance and countermeasures that can be immediately applied by executives, managers, security officers, and operational staff within any private, government, or military organization. The book shares actionable recommendations for the entire organization, from executive management and board members to IT, data owners, HR, and legal departments.