Insider Computer Fraud : An In-depth Framework for Detecting and Defending against Insider IT Attacks

Employees often have easy access to sensitive information about a company and its customers, making them prime candidates to sabotage a system or to sell privileged information. Illustrated with practical case studies, this volume presents methods, safeguards, and techniques for IT professionals to protect against insider computer fraud. Drawing from the author’s two decades of experience in assessing the adequacy of IT security for the banking and securities industries, this book provides a thorough exploration of application risks and controls, web-service security, and the identification and mitigation of fraud.

Drawing from the author’s vast experience assessing the adequacy of IT security for the banking and securities industries, the book presents a practical framework for identifying, measuring, monitoring, and controlling the risks associated with insider threats. It not only provides an analysis of application or system-related risks, it demonstrates the interrelationships that exist between an application and the IT infrastructure components it uses to transmit, process, and store sensitive data. The author also examines the symbiotic relationship between the risks, controls, threats, and action plans that should be deployed to enhance the overall information security governance processes.

Increasing the awareness and understanding necessary to effectively manage the risks and controls associated with an insider threat, this book is an invaluable resource for those interested in attaining sound and best practices over the risk management process.