Insider Threat: Prevention, Detection, Mitigation, and Deterrence. Butterworth-Heinemann; Elsevier.com; 252 pages; $49.95.
Organizations face an increasing number of risks in today's uncertain and complex world. Security has become even more challenging with the digital transformation of the business environment. These challenges are not limited to external threats, so it is equally important to manage and mitigate threats within the organization.
Insider Threat: Prevention, Detection, Mitigation, and Deterrence aims to provide a people-centric and technology-enabled approach for creating a program to identify and mitigate the risk of insider threats. Author Michael G. Gelles sets the stage with a clear conceptualization of the insider threat, the motivations underlying the behavior, the challenges for maturing a program, and the changing nature of the phenomenon over time.
Each of the 15 chapters, with contributions by various specialists, provides insights and strategies on key segments for building a holistic and risk-based program. Topical contributions relate to data analytics, information security, cyber and supply chain risks, just to name a few. The reader will find information on risk tolerance as well as the use of potential risk indicators. In addition, attention is given to governance, ownership, and stakeholder management.
Overall, the book is well structured and well written. The visuals throughout the book and key takeaways at the end of each chapter are practical and insightful. The manuscript taps into developments in regulatory requirements, offers advice for developing resilience against insider threats; and builds upon the wide experience, practices, and solutions of multiple well-qualified contributors.
Insider Threat is of great value to the professional who manages or aspires to manage the prevention, detection, response, and deterrence of insider threats.
Reviewer: Rachid Kerkab has almost two decades of experience in criminology, security, risk, and resilience. He is a member of ASIS.